May 08, 2007

US Marketing Law: How to Conduct Surveys Legally Online & Off - 6 Challenges

SUMMARY: Like so much of marketing, laws governing survey research are in a constant state of flux. And with privacy concerns increasing, consumers have their share of uneasiness about taking a survey.

If you conduct surveys online or by phone, you need to stay on top of state, federal and international regulations. We talked to experts on what best practices to follow. Includes six key challenges, common mistakes and tips to avoid them.

“Privacy is the business of the survey research profession,” says Howard Fienberg, Director Government Affairs, Council for Marketing and Opinion Research (CMOR).

Privacy matters not just because of the huge list of federal and state laws regulating telephone and online research. There’s also a wary public, tired of spam and scams, who needs to be assured that survey research is legitimate and that their private information will be protected.

CMOR tracks federal laws and regulations as well as industry codes and best practices for telephone and online research. We checked in with Fienberg and others there to discuss some of the biggest concerns facing the survey research industry and tips on how to deal with them.

-> Challenge #1. Federal laws are complex

Privacy laws are constantly changing, making it hard for researchers to stay abreast of all the requirements. Remember, being unaware of a regulation won’t make you exempt from compliance. Here are a few regulatory areas to study carefully:

- Telephone Consumer Protection Act of 1991. Even though legitimate researchers are familiar with this set of regulations governing solicitation calls, many are unaware of a provision that prevents researchers from using autodialers to call cell phone numbers. With a growing number of consumers ditching land lines and using only their cell phones, CMOR is working to get regulators to create an exemption to this rule for researchers.

In the meantime, researchers must be careful not to use autodialers to contact cell phones. If you’re having trouble identifying cell phone numbers in your database, you can turn to vendors that operates cell phone number recognition services.

- CAN-SPAM and COPPA. All online researchers must abide by the CAN-SPAM Act of 2003, but depending on the audience you’re surveying, the Children’s Online Privacy Protection Act is just as important. Those rules govern the way information is collected from children under age 13 and require parental consent. But CMOR recommends that researchers follow COPPA procedures anytime they’re dealing with respondents under age 18.

-> Challenge #2. States have their own laws, too

Every state can create its own regulations and sub-requirements under federal laws, and, of course, every state handles survey privacy issues differently. For example, several states are looking to make their do-not-call logs more restrictive than the federal program, although LaToya Rembert-Lang, State Legislative Director, CMOR, says she hasn’t yet seen negative impacts for survey researchers.

Still, state laws differ in important areas, such as:

o Notification procedures for data security breaches
o The age of majority; in some states it’s 21, not 18
o Cell phone use in automobiles, which could affect telephone researchers’ best practices for when to contact respondents

Because of this, researchers need to follow the laws governing online and telephone research in every state in which they do business, not just the state they are headquartered in.

-> Challenge #3. Stricter international standards

If you conduct research with an international audience, you could get tripped up with laws enacted by foreign governments and regulators. For example, the European Union has strict standards on the collection and transfer of personal data to non-EU countries, as well as tricky language requiring things such as “unambiguous consent” from survey respondents.

Any researcher conducting a survey with EU members must adhere to the EU Directive on processing personal data or by safe harbor rules developed by the US Department of Commerce (see link below). “If you can’t follow those principals, you’re putting yourself in danger,” Fienberg says.

-> Challenge #4. Privacy and data security

Even researchers in full compliance with federal, state and international regulations face consumer concern and confusion about privacy rules. Here are three of the most common concerns and advice on how to deal with them:

#1. Survey respondents think you’re violating the Do-Not-Call Registry. Many consumers don’t know that survey research is exempt from the restrictions of the Do-Not-Call Registry and will react angrily when contacted. While it’s best to honor their wishes, you can also try to clear up confusion about the difference between survey research and sales-focused telemarketing.

Better training for telephone interviewers can help them explain what kind of data they’re collecting, why they’re collecting it and how it will be used for research purposes. CMOR also has an affiliate program called “Your Opinion Counts,” which certifies that research firms are conducting legitimate research and following best practices. The program has a website where researchers can send survey respondents for more information.

#2. Survey respondents are concerned about their privacy. A recent survey by CMOR revealed that 25% of people contacted by researchers said those surveys invaded their privacy. It’s essential that research firms have a comprehensive privacy policy in place and that they can communicate it to respondents. With online research, it’s easy to place a link to your privacy policy directly into your emails or on survey websites.

For telephone research, interviewers should be trained to explain the most important elements of the company’s privacy policy at the outset of a survey call, including who they are, what kind of data they’ll be collecting, how it will be aggregated and so on. That policy must be updated frequently to reflect changes in state or federal laws. “The privacy policy is an ever-evolving document. You can’t just develop it once and leave it aside somewhere,” says Lembert-Lang.

#3. Survey respondents are concerned about personally identifiable information. Laws governing the collection and use of personally identifiable information specify two types: ordinary personal data (name, address and marital status) and sensitive personal data (Social Security numbers and medical information). The definition of personal information for children is even broader, encompassing areas, including hobbies and team affiliations.

While researchers need to follow rules governing the collection of such data, they also need to remain sensitive to respondents’ concerns about information that might not be regulated under the law, but is sensitive to them, such as income ranges, age and education levels.

-> Challenge #5. Declining survey participation

Whether caused by the rise in caller ID or the general increase in online and telephone research, it’s becoming harder to get consumers to respond to surveys. One study found that telephone survey response rates dropped from 72% in 1979 to 48% in 2003.

In this environment, researchers need to design their surveys to reflect the factors that are most important in encouraging respondent participation. According to the recent CMOR survey on participation, the top three factors influencing a respondent’s decision to take a survey are:

o The survey doesn’t take too long
o The survey will be used to improve products/services
o The survey will be used by the government for policy decisions

Therefore, keep it short and focused on helping you change and improve your products or services.

-> Challenge #6. Choosing a research company to work on your behalf

If you’re thinking about hiring a research company to conduct surveys on your behalf, you need to think about privacy concerns and respondent compliance issues, too. The best way to protect yourself is to ask for these three items when hiring a research company:

- The research firm’s privacy policy. Review the policy and ask questions about their compliance with important regulations, such as the TCPA, COPPA and CAN-SPAM.
- A confidentiality agreement. Make sure the data they’re collecting on your behalf (and information they have about your company and project) will remain between you and the researcher.
- An indemnity agreement. This agreement will protect your company against fines and penalties related to violations that a research firm might commit.

Useful links related to this article

US Department of Commerce Safe Harbor Program for collecting data from the EU:

FCC’s TCPA site:

FTC’s COPPA site:

FTC’s Do-Not-Call Registry:

NeuStar - operates a cell phone number recognition service:

Your Opinion Counts Program:


Improve Your Marketing

Join our thousands of weekly case study readers.

Enter your email below to receive MarketingSherpa news, updates, and promotions:

Note: Already a subscriber? Want to add a subscription?
Click Here to Manage Subscriptions