Tag Archives: PII

Panel: Privacy Breaches – Blood in the water #MRIA2016 #MRIA16 #NewMR 

Live note taking at the 2016 MRIA annual conference in Montreal. Any errors or bad jokes are my own. If you think any of this is legal advice, turn off your internet right now and grab a colouring book and crayons instead.

Panelists: Patrick Cruikshank, Eric Dolden, Derrick Leue, Serge Solski

  • What is cyberrisk – extortion, online wire fraud, identity theft
  • Legal trends – 3 claims per month for this legal speaker, Canada protects all aspects about a person including which brand of pop they like and what TV shows they watch not just their financial or medical records; doesn’t matter if it’s knowing or careless or preventable you are liable; if you give away confidential information even when you know it’s confidential, you are liable for the costs and profits
  • Business don’t report every issue becaus it could put their reputation at risk
  • Are market research companies too small for hackers to come after them? Absolutely not. Geography doesn’t matter. You are just a number on the Internet, crimes of opportunity. 80% of attacks are from external parties [yikes 20% are YOUR employees!]; They just need a door to get in and then they can figure out how to get $ from you.
  • Newest legislation moved us closer to the American model. Snooping or taking of data without consent, there is an obligation ot report to privacy commissioner whether provincial or federal. If there is a possibility of harm, you are obligated to notify the persons that their information was compromised. Not every unauthorized access requires notification becuase there may be no risk of harm, whether physical, emotional, identify theft, financial loss, loss of business, reputational harm, risk of humiliations, loss of relationship, public safety or health. Snooping without taking also counts.
  • PIPDEA protects only PII.
  • Breach of confidence is different – giving away information knowingly, trying to get paid twice for the same thing, maybe it’s careless such as an email with an unintended recipient and that would be negligence
  • [listening to these speakers makes me really wonder about what I have in my emails, how much PII or confidential information is in there? How many unintended people have I emailed?]
  • [really glad MRIA included this session right after the main keynote. This is massively important and business threatening information that we all must know]
  • Someone could easily lock us out of our own systems unless we pay them 500 000. Would we tell the right people because this would threaten your current and future business. It can make more sense to pay up rather than report it.
  • In every case, even when there was zero harm, judges has said consumers are owed damages because their privacy was compromised, awards are around $5000 up to a high of $20000 in cases of deliberate negligence
  • Look at known vulnerabilities like firewalls and failing to updates systems, employees need to know hot to avoid creating holes in the firewall, need to constantly update systems, make sure team doesn’t destroy evidence or you can’t prove that YOU didn’t do it
  • Most canadians don’t have adequate insurance for cyberrisk, we’re covered for fire and injury and financial loss and liability but these don’t cover information loss, denial of service attack 
  • Better to have one insurance companies that covers all the issues as opposed to one covering physical loss, one covering information loss
  • Human error is one of the best arguments for buying cyberrisk insurance
  • Directors and officers have been named in claims for not being efficient in dealing with issues or not ensuring they stay up to date with issues – e.g., not responding after two reminders, not heeding recommendations
  • Small companies probably won’t survive cybercrime while big companies might make it through
  • EXPECT to be attacked, this is a hard fact. Be prepared because people and technology have weaknesses. Someone WILL click on that link and download that virus.

Respondent Identity Verification with Non-Panel, Real-time Samples: Is There Cause for Concern by Nancy Brigham and James Karr #CASRO #MRX

Live blogging from the CASRO Digital conference in San Antonio, Texas. Any errors or bad jokes are my own.CasroDigital

Respondent Identity Verification with Non-Panel, Real-time Samples: Is There Cause for Concern?”


Nancy Brigham
As the research industry evolves toward non-panel sample sourcing and real-time sampling, questions have arisen about the quality of these respondents, especially in the area of respondent identity verification. This research addresses two key questions: Are fraudulent identities a concern with non-panel samples, and what are the research implications of assessing identity validation with these samples? This work examines identity verification and survey outcomes among five different levels of Personally Identifiable Information (PII) collection. In addition to the presenters, this paper was authored by Jason Fuller (Ipsos Interactive Services, Ipsos).

  • Nancy Brigham, Vice President, IIS Research-on-Research, Ipsos
  • James Karr, Director & Head of Analytics, Ipsos Interactive Services

James Karr
  • Do people whose validity cannot be confirmed providing bad data? Should we be concerned?
  •  What do we know about non-panel people? Maybe they don’t want to give PII to just take one survey. Will they abandon surveys if we ask for PII?  [I don’t see answering “none” as a garbage question. It’s a question of trust and people realizing you do NOT need my name to ask me my opinions.]
  • Is it viable to assess identify validation with non-panel sources?
  • In the study, PII was asked at the beginning of the survey [would be great to test end of survey after people have invested all that time in their responses]
  • Five conditions asking for combination of name, email, address
  • Used a third party validator to check PIIEmbedded image permalink
  • 25% of people abandoned at this point
  • Only 4 out of 2640 respondents gave garbage information at this point, 12 tried to bypass without filling it out and then abandoned. It’s so few people that this is hard to trust. [Hey people, let’s replicate]
  • Name and address caused 6% of abandonment, name and email caused only 3% abandonment
  • Did people get mad that we asked this? can we see anger in concept test? no.
  • didn’t lead to poor quality survey behaviours – used a 13 minute survey
  • when given a choice, people prefer to give less information – most people will choose to give name and email, low some people will give all information
  • Simply collecting PII didn’t appear to influence other aspects
  • Did their non-panel source give lower quality data? no. 82% passed the validation test across all conditions. Those who provide the most comprehensive data validate better but that’s likely because it’s more possible to validate them.
  • Real-time sample gives just as good data quality, same pass rates, no data differences
  • Conclude the screening question is necessary, heads up that PII question will be coming
  • Younger ages abandoned more across all test conditions
  • This study only looked at the general population, not hard to reach groups like hispanics, or different modes like mobile browsers, or in-app respondents

Other Posts

Consumer Segmentation Gone Wrong

Don’t get me wrong. I know why they do it. Company’s want to make sure that when someone visits their website, the site is as relevant as possible. They want to ensure that what you see on their website is what you’ll see in the store. But, things have gone just a bit too far for me. For instance, Home Depot won’t even let me look at their website unless I tell them my zip code. Are they not aware that zip codes are PII (personally identifiable information)? They don’t even give you an option to see a generic site. Your only option is to lie, something I’m completely against given I am an expert in survey data quality. So basically, when I shop around, I don’t end up buying at Home Depot.
HDsegment

Here’s another example. Cheerios won’t let me look at their site unless I tell them my age and how old my children are. Sure, I could just choose one of the four sites that I think would be most interesting, but dang it, I just want to see their website. Where’s the generic site for people who want to maintain some sense of privacy, the site where people know their demos aren’t being tracked? Nowhere that I see.
cheersegment
Segmentation is a great tool. It lets you understand people better and provide better services. But please, don’t segment me out of your store. Unless you don’t want my money.

Related Articles

 

  • Venn Diagram of Deep Fried, On a Stick, Sweets I Ate
  • A Pie Chart of my Favourite bars…
  • PRAM: Multiple Coder Reliability Calculator
  • 1 topic, 5 blogs: Rich Media in Surveys
  • 3 Reasons Why Researchers Hate Focus Groups #MRX
  • 1 Topic 5 Blogs: DIY surveys suck or save the day
  • %d bloggers like this: