C+R started moving online in the late 90s, and the trickle became a flood in 2000 when we launched www.kidzeyes.com, our first online panel. From that point on we always had the Children's Online Privacy Protection Act (COPPA) in our minds. The result was that an awareness of online privacy and security issues got baked into C+R's DNA.
We were lucky because we were prepared when the Sarbanes-Oxley Act made companies re-think their risk management strategies, the Gramm-Leach-Bliley Act drove our financial clients to focus on privacy, and the Health Insurance Portability and Accountability Act changed the focus in healthcare. And big public privacy gaffes - most recently, the disclosure of customer data connected with 77 million Playstation accounts - brought the importance of protecting customer data to the fore for almost everyone else.
We have a procedure in place for reviewing our data collection partners' data handling policies and practices to determine whether we can trust them to receive protected data, such as personally identifiable financial or health data. We've scored phone rooms and focus group facilities for a while now, but until recently hadn't considered online community platforms, bulletin board systems, journaling sites, webcam focus group facilities, or other suppliers catering to the skyrocketing online qualitative arena.
We've realized two things: one is that we have to be prepared for the explosion of MR methods that's going to turn the field upside down in the next few years and expand our supplier review to cover new methods as soon as possible; the other is that the MR industry hasn't gotten the message.
I'm not going to name names; that's not the point of this post. But having recently scoured suppliers' websites for Privacy Policies and formally requested documentation from vendors ranging from major software providers to online start-ups, we've found an industry that's at least 10 years behind the curve.
Will it take a Playstation-sized data fiasco for the industry to finally understand what we are risking - for ourselves and our clients - by our cavalier attitude?