Research & Data Security – Cyber Risks

Data security is a crucial aspect of market research that cannot be ignored.

Good research practices require consideration of data security for several reasons.

  1. Protecting the confidentiality of sensitive information is crucial to maintain the trust of study participants and clients.
  2. Ensuring data security helps to prevent any potential breaches, which could lead to legal implications and reputational damage.
  3. Data security measures can help to improve data accuracy and reliability, as they can prevent unauthorized access, editing or deletion of data.

Ultimately, prioritizing data security is essential for anyone conducting research who values their clients’ trust, reputation, and the integrity of their research.

Further, compliance regulations require companies to understand local privacy laws and take appropriate measures to safeguard personal information, handle data ethically, and prevent data breaches. With the increasing reliance on technology and the internet, the amount of sensitive data being collected and stored has increased. Without proper security measures, this data is vulnerable to cyber-attacks, which can result in the loss of valuable information, legal hardship and damage to a company’s reputation.

So what can your organization do?

  1. Remember that your general protections apply to research as well. Your research data is data like any other, so have and follow good cybersecurity practices. Using and regularly updating strong passwords, as well as keeping your virus and malware protections, firewall and VPN settings up to date is essential. In addition, constant vigilance regarding phishing efforts, malware attacks, good data hygiene and data protection & encryption practices are the responsibility of every person at an organization. Backup and encrypt your research data like you would any other. Don’t collect private data if you don’t absolutely need it for your research. And because the criminal mind is also ever-vigilant for new opportunities, a cybersecurity insurance policy can help protect your business with mitigation of losses if prevention should fail. These good practices should also extend to any research partners you work with!
  2. Use secure research tools. If your research will collect any personal information (and what is considered “personal” varies by jurisdiction), it becomes very important to ensure those tools use the best possible data security measures. Depending on the types of projects you engage in, and who / where your respondents are, this may mean your platforms should be FedRAMP and GDPR compliant, with robust security and backup measures as well as effective data management tools. While we are tool-agnostic in general, we at Coax Insights take data security seriously. We know that many teams with a quick research need tend to look for inexpensive solutions. As a general rule free tools, like free apps, are likely to have fewer data protections in place.
  3. Follow good research ethics. As a starting point, treat data as you indicate you will. If you tell respondents their responses are anonymous or confidential know which one it is – andensure that is indeed how the data will be handled. If you tell respondents their data will be anonymous (meaning you will not have a way to identify respondents as individuals – a recommendation in some countries, and a requirement in others), ensure their data is indeed anonymous, either by fielding anonymously or anonymizing the results during the analysis phase by removing all identifiers. If the data will not be truly anonymous but confidential (you may technically be able to know who responded, but will not reveal individual responses), ensure that you follow good ethical practices to ensure that data is treated confidentially. This may mean leveraging a third-party, outside your organization, to create a buffer between your teams and the respondent information and analyze the results on your behalf. Not only does this ensure maximum compliance and good research ethics, it may also increase the trust your respondents have in the privacy of their responses so that they can feel free to tell you what they really think.
  4. Be proactively prepared. The first step to risk management is to have a plan in place of what to do in the event of a cyber-attack. No one wants to admit this can happen, but it can, even following all the best protocols.  So, ask yourself: How do you alert others in your organization and business partners? How do you limit the damage? What is the corrective action? What specialists do we contact to help clean up afterwards?  Are you covered by your current business insurance for this type of loss and what does your insurance cover? With years of experience in the insurance industry, we have seen time and time again that most small and many mid-size companies do not have a plan or procedure for this type of event. Talk to your technology team or supplier, and check with your insurance company.

At Coax Insights Inc., we have worked closely with the legal/compliance teams, IT and cloud governance for years. We have worked closely over the years with cyber security risk management, development and preparedness professionals. We understand that cyber-security and compliance varies by where you and your participants are located, such as how to handle data collected in California versus the rest of the USA versus the European Union.  Interested in knowing more? Feel free to reach out to our research professionals.

Coming Up: Quality Research Data

Next time, we’ll explore some of the issues to consider related to how data quality impacts research projects. Subscribe to make sure you don’t miss an issue. Do you have a question about market research? Post a comment below, and it may make its way into a future post.

Do you have a question you hope to answer with market research? Contact our team at Coax Insights. We’d be happy to help.

%d bloggers like this: