Language selection

Search

Public opinion research firm must better inform survey respondents about their personal information use; refrain from collecting full birth dates

PIPEDA Report of Findings #2011-011


The complainant had joined an online market research panel, which regularly surveys its members on a variety of topics. The organization sets up and maintains an individual profile for each member, which contains information provided by the member. The complainant alleged that, as she was completing one survey, she was asked to confirm her full date of birth even though the organization had already required her to provide it for her member profile when she first registered. She was concerned about a risk of fraud or identity theft if ever any information about her collected by the surveys were linked to her date of birth. Additionally, she claimed that she was not fully aware of the purpose of that particular type of survey or that her responses to it would be added to her member profile.

We recommended that the organization clarify the consent language describing the purposes of collecting participants’ personal information for member-profile-type surveys. We also recommended that it delete exact date of birth contained in all members’ files and begin collecting only the month and year of the date of birth of all new members.

In its response, the organization refused to delete or stop collecting/using the day of members’ full birth date. It argued that only the year and month of birth is not accurate enough for demographic purposes. However, it agreed to clarify the consent language in surveys that are used to collect additional personal information to be stored in members’ profiles.

We did not accept the respondent’s arguments for not implementing our recommendation to truncate date of birth information. Therefore, the Office concluded that the complaint was well-founded. The matter remained partially unresolved. 

Lessons Learned

  • Organizations must not collect individuals’ personal information unnecessarily. The type and level of detail of the information that is collected must be strictly limited to that needed to fulfill the purposes for which the organization uses the information.
  • At or before the time of collection, organizations must ensure they inform individuals of all purposes for which their personal information will be used. At the same time, knowledge and consent is required for these uses and purposes.

Complaint under the Personal Information Protection and Electronic Documents Act (“PIPEDA”)

Summary of the complaint:

1. The complainant alleges that the survey firm unnecessarily collected her date of birth for the purpose of authenticating her identity as a survey respondent, even though she had previously supplied her date of birth during the registration process. She is concerned that this practice could lead to fraud or identity theft if coupled with other sensitive personal information collected by the organization.

Summary of Investigation

2. The complainant is a member an online survey panel (a.k.a. a “forum”). She states that, in order to be registered as a member and receive monthly surveys, she originally provided basic demographic data including her complete date of birth.

3. On January 9, 2010, the complainant received a questionnaire covering a wide range of topics. It included questions regarding banking and personal finance issues. For some questions, panelists had the option of providing specific details or answering “don’t know/prefer not to say,” or “prefer not to answer.” Some of the questions were as follows:

  • Which of the following financial institutions would you consider to be your primary personal financial institution?
  • And which other financial institutions do you also use for personal banking?
  • What types of personal accounts do you currently have, if any, at each of the following banks or financial institutions?
  • What would you say is the total amount of your household’s assets?

4. At the end of that survey, panelists were asked to confirm their full date of birth. Following completion of this survey, the complainant expressed her concerns to the Respondent on January 11, 22, and 25, 2010, about the “request for this personal information as the data, if combined, could identify me and my banking habits and be used to steal my identity.“ The complainant maintained that the collection of her date of birth for the purpose of confirming her identity was unnecessary as it was already on her file. She also questioned why the data was requested in the context of a survey that contained highly sensitive financial information. She was concerned that the collection of her date of birth at the same time as sensitive financial information would increase “the possibility that someone will be employed by your firm and allowed access to sensitive personal information they could exploit for personal gain.”

5. The complainant was not satisfied with the explanations offered by the Respondent and therefore filed a complaint with this Office.

6. In its representations to this Office, the Respondent provided some background to its practices. It pointed out that it is an online market research panel of Canadians that surveys its members on a wide variety of issues and topics. Panel members sign up to receive random surveys on diverse topics. Membership is free and voluntary, and panel members can choose not to answer particular surveys or certain questions within the surveys.

7. According to the Respondent, it generally provides clients with aggregated, anonymized survey responses and does not provide individual responses or personally identifiable information.

8. Regarding the information required to become a member, the Respondent’s web site states that the member profile is required for joining the panel and that this includes basic contact information as well as the information needed to build a picture of the panelist and ensure broad representation on the panel. It also states that those who wish to participate in other programs may be asked for additional information. [redacted]

9. The Respondent explained that individuals must complete a profiling questionnaire to join its forum. One of the mandatory pieces of information that must be provided as part of the questionnaire is full date of birth. The Respondent emphasized that it is necessary to collect the full date of birth as the age of survey respondents is one of the more important factors in market research. If the organization cannot verify the age of its respondents, the research could be seen as unreliable.

10. The Respondent added that it is not sufficient to merely collect a member’s age, as this data is only accurate from the time it is collected until the member has another birthday. It would also entail collecting the data often to ensure accuracy. As to the possibility of collecting only the year and month of birth, the Respondent argued that this is neither detailed nor accurate enough for demographic purposes. Nonetheless, although less desirable for its business purposes, the organization conceded that, for a cost, it would be technologically possible to adapt its system to collect only month and year of birth.

11. In addition to the profile information collected at the time of registration, the Respondent stated that on a monthly basis, members are also sent a profiling survey to supplement the profile information held on panel members. This may include questions to provide for more detailed profiling data that “can be more relevant for specific research ….” With respect to the January 2010 questionnaire completed by the complainant, the Respondent noted the following:

The particular survey … was not a piece of research as such, but rather a profiling survey, designed to collect additional profile data points, to fill in missing data points, and to verify or correct other existing profile data points.

12. The covering invitation accompanying the January 2010 survey indicated that it was a monthly study designed to build a profile of the respondent, including their characteristics, opinions and habits. [redacted]

13. The Respondent stated that members were not expressly informed that the responses to the January 2010 survey would be linked to the member’s profile, which could include their full name and date of birth. However, the Respondent maintains that “participants are informed that a profile is built to determine which surveys they will be invited to complete, so it is implicit (if not explicit) that a person’s responses will be linked to their profile ...” The organization contends that, otherwise, the entire business model does not function. The profile needs to be accurate and detailed in order to target the appropriate demographic group of participants with other surveys.

14. According to the complainant, she was not fully aware of the purpose of the January 2010 survey nor did she realize that her responses would be linked with her profile. She reports that she thought the collection of her personal information in that particular survey was to build her profile for one of the Respondent’s client companies, but not for the Respondent itself.

15. The Respondent’s privacy policy states that the organization “shall specify orally, electronically or in writing the identified purposes to the respondent at or before the time personal information is collected in a survey.” The privacy policy also notes that in conducting surveys, The Respondent “limits the amount and type of personal information it collects. We collect only the amount and type of information needed for the purposes identified to individuals.”

16. Furthermore, the Respondent’s privacy policy indicates that the participant’s responses, which are voluntary, will be kept confidential and never linked to their personal identifying information without the participant’s express consent. [redacted]

17. With respect to the purpose of asking for a member’s date of birth in a profiling survey, such as the one completed by the complainant, the Respondent provided three justifications. First, it stated it may not hold the date of birth information for all members. Second, the information provided at registration may be inaccurate. Third, asking members to confirm their date of birth can help detect fraudulent responses.

18. The Respondent clarified why it does not hold the date of birth of all its members, even though its current standard registration form asks for this information. The organization reports that, early in its history, date of birth was not a standard requirement at registration. In addition, an abridged version of the registration form exists, which is used when recruiting members through a partner or via a co-registration process:

Co-registration refers to individuals who may be joining another, third-party service (using a third-party’s registration form) who are at the same time invited to join … [the Respondent’s forum]. In such cases, the registration information may not match with what we typically require, and may in some cases not include DOB.

19. If the Respondent does have a member’s date of birth already, it may be inaccurate. Haste can lead to a typo or to a click on an incorrect drop-down-menu choice, and not be noticed. Furthermore, confirming the information provided, such as date of birth, is standard industry practice for online surveys.

20. Lastly, while fraudulent responses was not the reason for requesting date of birth in the survey in question, the Respondent contends that asking for such data within a research survey allows it to test whether a respondent is paying attention and providing accurate answers. Regarding date of birth, typically individuals would be asked to provide it in one section of the study, and later in the study they would be asked for their age. If the two answers are inconsistent, it is an indication that the person may not have been responding attentively. This is assumed to be the case for other responses in the study. The Respondent states that the date of birth question is one of the best methods of preventing fraud because it does not change over time and is a reliable, consistent metric. This is not the case for many other questions, such as province of residence or marital status, which can change over time.

21. This Office reviewed the Respondent’s web site and learned that one of the mandatory pieces of information to be provided is the individual’s full date of birth. [redacted]

22. The complainant recently reported to this Office that she has not participated in any of the Respondent’s surveys since the profiling survey at issue, and will not be completing any further surveys. She has therefore requested that this Office recommend to the Respondent that it delete her file from its records.

Application

23. In analyzing the facts, we applied Principles 4.2, 4.3, 4.3.2 and 4.4 of Schedule 1 of PIPEDA. 

24. Principle 4.2 states that the purposes for which personal information is collected shall be identified by the organization at or before the time the information is collected. 

25. Principle 4.3 notes that the knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.

26. Principle 4.3.2 requires “knowledge and consent.” Organizations shall make a reasonable effort to ensure that the individual is advised of the purposes for which the information will be used. To make the consent meaningful, the purposes must be stated in such a manner that the individual can reasonably understand how the information will be used or disclosed.

27. Principle 4.4 stipulates that the collection of personal information shall be limited to that which is necessary for the purposes identified by the organization.

Finding

June 30, 2011

28. In this Office’s view, there are three issues to be addressed in this complaint:

  • Is it necessary for the Respondent to collect at registration all three elements of the date of birth?
  • Is it necessary for the Respondent to confirm in profiling surveys all three elements of the date of birth?
  • Did the Respondent adequately inform the complainant of the purpose of the profiling survey? In other words, was consent meaningful?

Collection of Date of Birth at Registration

29. Although the complainant is specifically concerned about being asked to confirm her date of birth in a profiling survey, the issue cannot be addressed without first examining whether it is appropriate to collect the information in the first place. This is particularly important as the heart of her concern is that any information collected about her through the profiling survey may be linked to the date of birth in her profile and potentially expose her to identity theft.

30. From the Respondent’s perspective, all three elements of the date of birth are necessary for demographic purposes as date of birth is a key element of its random sampling selection. The organization emphasized that the age of respondents is one of the most important factors in market research. It uses the date of birth “to ensure relevancy of the surveys” that participants are invited to complete.

31. It is easy to understand why age is an important element of demographic research. We are not convinced, however, that collection of the complete date of birth is necessary to satisfy the Respondent’s purposes. It seems to us that little, if any, accuracy would be lost if the Respondent collected month and year of birth—a less privacy invasive metric—in order to target its surveys to the appropriate demographic. If the Respondent was surveying thirty-year olds, for example, it is doubtful whether including a few participants in the sample who may be a few days short of their thirtieth birthday would skew the results in any meaningful way. The month and year should be sufficient for the Respondent’s purposes and would bring the collection in line with the limiting-collection requirements of Principle 4.4.

Confirmation of Date of Birth in Profiling Surveys

32. With respect to the profiling surveys, the Respondent has explained that it needs the date of birth to complete any missing profile information, to correct inaccurate information and to avoid “fraudulent” responses. Given this Office’s determination that it is not necessary to collect all three elements of the date of birth during the registration process, there is no reason to do so later on in profiling surveys. Collecting only two elements of a birth date, namely month and year, should serve the stated purposes.

Consent

33. The Respondent has clearly stated that it linked the complainant’s responses from the January survey to her profile, as it does with all such profiling surveys.

34. This Office notes that the Respondent’s privacy policy states unequivocally that the organization “shall specify orally, electronically or in writing the identified purposes to the respondent at or before the time personal information is collected in a survey.” Furthermore, “Any time you participate as a respondent in one of our surveys, you can be assured that your individual responses will be kept confidential and never linked to your personal identifying information without your express permission.”

35. Did the Respondent inform the complainant of the purposes for its collection of her personal information on the profiling survey in question? The Respondent maintains that it advises participants that their profiles are built to determine which surveys they will be invited to complete. Therefore, the organization believes that it is implicit, if not explicit, that a person’s responses will be linked to their profile. The e-mail invitation to complete the January survey said “This monthly study is […] intended to build a picture of YOU: what your characteristics, opinions and habits are − through a mixture of questions on a variety of topics.”

36. According to the complainant, she was not fully aware of the purpose of the January 2010 survey nor was she aware of the linkage of her survey responses with her profile, which already included her name and date of birth. Her understanding was that the collection of her personal information in that particular survey was to build her profile for one of the Respondent’s client companies, but not for the Respondent itself.

37. Principle 4.2 requires the organization to identify the purposes for which it is collecting personal information at or before the time of collection. The Respondent’s privacy policy echoes this Principle and adds that it will not link participants’ responses to their personal information without their express consent. However, the language of the e-mail invitation, in the opinion of this Office, does not explicitly convey that the survey responses will be added to and linked directly with the individual’s profile held by the Respondent. Principle 4.3.2 requires knowledge and consent, in other words, the consent must be meaningful. We are concerned that the wording is insufficiently clear and could lead some participants to misunderstand the purpose of the survey. Indeed, that is the case with the complaint at hand: She was unaware that all of the information she provided in response to the survey would be added to her profile.

Recommended actions

38. On March 31, 2011, this Office issued a preliminary report of investigation, in which we indicated our view that the Respondent was not in compliance with PIPEDA.

39. In the foregoing report, we recommended that the Respondent delete all of the complainant’s personal information from its files. In response to our recommendation, the Respondent has indicated that membership is completely voluntary and therefore members may unsubscribe at any time. Consequently, they have taken the necessary steps to ensure that the complainant will no longer be contacted by the Respondent and are deleting all of her personal information from their records.

40. Our Office also recommended that the Respondent revise the language of consent for the collection of participants’ personal information in profiling surveys so that the purposes for the collection are explicit and unambiguous, and participants are made aware that their responses will be linked with the personally identifying information in their profile.

41. Despite the fact that it is of the position that the wording is clear, the Respondent agreed to revise it to comply with our request and add language that more explicitly informs members that profiling responses will be linked to their profiles. It is the Respondent’s goal to ensure that 100% of members are clear as to the purpose of those surveys.

42. The Respondent notes that thousands of surveys have been completed and this is the first instance where a complaint was received.

43. We recommended that the Respondent delete the day of the week from the date of birth in all members’ files. Furthermore, we recommended that it cease collecting and confirming the day of the week in the date of birth—in other words, collect and confirm only the month and year of birth.

44. In its response, the Respondent rejected the foregoing two recommendations. It based its response on the fact that it believes the date of birth is important to its survey work, and will not implement these recommendations.

45. The Respondent confirmed that date of birth information is important to its survey work as it is useful in ensuring data quality and it is used to detect potentially flawed survey responses. It therefore maintains its position that the collection and confirmation of date of birth information is a reasonable request.

46. Furthermore, to cease the collection of this data would interfere with their legitimate and reasonable business needs, as well as those of other businesses across Canada.

47. Since only one member has complained, the Respondent is of the opinion that the evidence supports the view that a reasonable person would consider the collection of this information as being appropriate under the circumstances, especially in light of the fact that participation in their surveys is completely voluntary and providing this information is not required for the purpose of any essential service.

48. The Respondent indicated that the date of birth is also used to send birthday greetings to members, which is helpful in engaging and connecting with them. It referred to it being a practice commonly adopted by many organizations.

49. In this regard, we note that there is nothing in the Respondent’s privacy policy or in the statements made to members quoted above that suggests this purpose for collecting date of birth was identified to members.

50. We are disappointed that the Respondent has chosen not to implement our Office’s recommendations with respect to the collection of the date of birth. We are not convinced by the Respondent’s additional submissions that collecting the day of the week, in addition to month and year of birth, is necessary for the purposes it has identified, as required by Principle 4.4. In particular, the Respondent has not explained why its purposes of ensuring data quality and detecting potentially flawed survey responses would not be satisfied through month and year of birth alone.

Conclusion

51. Accordingly, based on the foregoing, we conclude that this complaint is well-founded but is partially unresolved. In particular, the complaint remains unresolved with respect to the recommendations to delete the day of the week from the birth date of all members’ files, and the requirement to cease collecting and confirming the day of the week in the date of birth.

52. Given that the complaint is well-founded and remains unresolved, we will be exploring further options for addressing the issues in accordance with our authorities under PIPEDA.

Other

53. With respect to the wider industry practice of collecting the full date of birth, we have met with representatives of the public opinion research industry to further discuss the matter.

Date modified: