As privacy regulations increase globally, it’s crucial for businesses to maintain the highest standards of data protection.
Data obtained through healthcare market research is highly sensitive, and both patients and healthcare professionals (HCPs) have the right to privacy when participating in market research. This blog is designed to clarify what is categorised as sensitive data, best practices in processing and sharing personally identifying information, and two important techniques that can be used to mitigate the risk of make people identifiable, anonymisation and pseudonymisation.
What is Personal Data?
Personal data is a single piece of information or a series of data relating to a living person which could be used to identify them. It can exist in various forms including alphabetic, numeric, photographic, and acoustic. In market research, personal data could include footage showing someone’s face or a voice recording captured during an in-depth interview. However, identification is not always straightforward, and each data point should be scrutinised to assess its potential for identifying a respondent.
Even seemingly innocuous pieces of information, when combined, can have an impact on respondents’ privacy. In a screener, which is a set of questions used to determine if someone qualifies to participate in a particular study, data points such as age, specialty, and workplace might not identify a person when considered in isolation, but when combined, could lead to identification.
Special Category (Sensitive) Data
Special category data, also known as sensitive data, includes information such as ethnicity, political opinions, religious beliefs, and data relating to their health records. This type of data is subject to stricter regulations and can only be processed in specific circumstances, usually with explicit consent from the respondent. While gender is not considered a special category under data protection laws, market research guidelines stipulate that a “prefer not to say” option should always be available when collecting this information.
Biometric data
Ethnicity
Health records
Genetic data
Political opinions
Religious / philosophical beliefs
Sexual orientation
Trade union membership
Sharing Identifiable Personal Data
At m360 Research, we’re committed to exceeding the policies and practices of each market we operate in. While GDPR (General Data Protection Regulation) and U.S. data privacy protection laws include specific guidance regarding sharing personal data, it is our policy to avoid disclosing sensitive identifiable information with stakeholders unless necessary. In such cases, we always obtain participant consent. Examples of when this might occur include:
- When the client is moderating an interview and receives non-anonymised video footage of fieldwork
- For adverse event reporting purposes
Anonymising and Pseudonymising
Having defined personal and sensitive data, and established best practices to share identifiable personal data, it is now critical to consider the application of two important techniques that can help mitigating the risk of data identifiability in market research: anonymisation and pseudonymisation.
Anonymising personal data involves removing all identifying information so that data can’t be re-identified. Pseudonymising, on the other hand, involves replacing identifying information with a unique ID. While pseudonymised data is still considered personal data under data protection legislation, it reduces the risk of re-identification.
- Anonymising: personal data has been totally removed and can’t be re-identified
- Pseudonymising: Personal data is removed and replaced with an ID (letters and numbers)
Personal Data
Dr. Smith
Dr. Jones
Dr. May
Pseudonymised Data
ID 123
ID 45X
ID 1AC
Anonymous Data
3x General Practitioners
Anonymising and pseudonymising personal data in market research offers several key benefits. Firstly, these techniques enhance privacy protection by reducing the risk of re-identification, ensuring compliance with data protection regulations, and fostering trust with respondents. Secondly, they minimise the risk of data breaches or unauthorised access, as even if data is accessed, it cannot be linked back to individual respondents. Lastly, anonymised and pseudonymised data can still be used for meaningful analysis and insights, enabling researchers to analyse trends, patterns, and behaviours while upholding data protection principles.
Conclusion
In conclusion, ensuring data privacy in market research is essential, particularly as privacy regulations become more stringent worldwide. Upholding the highest standards of data protection not only ensures compliance but also fosters trust with respondents and stakeholders. By understanding what constitutes personal and sensitive data, implementing best practices for processing and sharing information, and utilising techniques like anonymisation and pseudonymisation, businesses can mitigate the risk of data identifiability and enhance privacy protection. Overall, prioritising data privacy not only protects individuals’ rights but also strengthens the integrity and reliability of market research data.
