Friday, August 25, 2006

Market Research: Privacy Matters

This week I shared my experience as a subject in a Levitra/Men's Facts research project (see "My Sojourn as Market Research Subject for Levitra" and "Levitra Market Research: The Interview"). This has led to a discussion of market research privacy issues among my colleagues in the Online Pharma Marketing Discussion Forum, many of whom are in the market research business.

In the previous posts, I also asked visitors to vote on whether they thought my privacy was violated. You can cast your vote at the end of this post, if you haven't already done so. So far, a good majority (57%) of respondents felt that my privacy was violated (36% said absolutely, 21% said probably). Forty-three percent (43%), on the other hand, felt that my privacy was not violated (18% said absolutely not, 25% said probably not).


Aside from the poll results, I learned a bit more about pharmaceutical market research from all the comments I received. I would like to share these comments with you and offer my feedback as well.


Waiver

Christi Maginn asked:

"Did you sign a waiver at any time for the release of your medical information and for filming? Usually this would have been handled when you were given honorarium for your time."
Of course, I don't know if I was filmed, videotaped, or recorded -- I wasn't told one way or the other. I did sign a sheet when I received the honorarium. I must say that I did not read what was at the top -- it was only one sentence and there were several other names and signatures on the sheet (which is another privacy faux pas).

So it wasn't a specific waiver and they certainly didn't make sure I knew it was a waiver. I just assumed it was a receipt for payment. Consumers make assumptions all the time. Good privacy practices make sure that consumers have the knowledge they need to make informed assumptions!


I put a call into the agency yesterday and asked if I did or should have signed a waiver. See below under "Online vs. Offline Research" for the response.


A few people, including Katherine O'Neil, wanted to know the market research company name:

"I have done a ton of market research in Philly and I'm dying to know what facility you went to. Would you consider sharing?? You have no obligation to keep the info confidential....."
Before I reveal the name, I want to give them a chance to respond.

Evil or Incompetent?

BTW, I am not accusing the MR agency of "evil doing." As many experts on the
Pharma Marketing Online Forum pointed out, they may be incompetent but not evil.

The worst privacy violations, however, have been perpetrated by people with the best of intentions. Eli Lilly, you may recall, was sanctioned and fined by the FTC because an eager-to-please, but untrained, person sent out an e-mail message to all subscribers informing them that the Prozac reminder service was being terminated.


It was a well-intended gesture, but unfortunately the sender put everyone's e-mail address in the "To" field where all recipients could see it. Neither the individual nor Lilly is "evil." Lilly just did not do what it promised to do in its privacy policy: adequately train its personnel working with personally identifiable information (PII) on its security procedures. For more on this case, see "
The FTC-Lilly Consent Decree: What it Means for PHARMA Vendors and Partners."


Another Code Ignored?

John Mitchell suggested I contact the Council of American Survey Research Organizations (CASRO): "they are the industry watchdogs and I am sure someone there will be both interested in this case and willing to help you answer these questions."


I might take John up on that, but, frankly, I can only take one or two organizations stonewalling me at a time. Right now, I am still awaiting feedback from GSK and the MR company on this issue. (I've given up on Sepracor ever responding to my complaint about their violation of the PhRMA DTC Code; see "
More Reminder Ad Sightings").

I did, however, look up the CASRO Code and found the following:


"Respondents should be:

  • willing participants in survey research;
  • appropriately informed [my emphasis] about the survey'’s intentions and how their personal information and survey responses will be used and protected;
  • sufficiently satisfied with their survey experience;
  • willing to participate again in survey research."
I was indeed a "willing participant" of the research. The question is, did the MR firm that interviewed me "appropriately" inform me how my personal information and survey responses will be used and protected?

The answer is "No," I was not appropriately informed. You can see why I feel this way by reading the previous posts on this subject.


The code also states:

"Electronic equipment (taping, recording, photographing) and one-way viewing rooms may be used only with the full knowledge of Respondents."
"Sounds like there were some communications and procedural glitches in the process of bringing you in for your interview," said John Mitchell. "You should have been told whether you were being recorded or videotaped, it's an obligation to do so when conducting market research." As I pointed out, I was told that there was someone behind the mirror observing, but I was not told one way or the other if the session was being recorded or videotaped (although I have reason to believe it was -- see the discussion below under "Online vs. Offline Research"). I did see recording equipment and a video camera in the room.

The CASRO code has some interesting provisions about how MR research firms should report de-identified data to their clients and how they should destroy personally identifiable information (PII) when no longer needed. Unfortunately, only European Union subjects have the right to be
notified of these practicess.

Here's what John Mitchell had to say about this:

"In terms of sharing your information for market research purposes, so that the research company knew some of your profile ahead of time, and contacted you for research purposes, you're in a bit of a gray area. There's a lot of leeway that research companies have that is not granted to marketing organizations. However, the leeway is based on their adhesion to strict professional standards."
I question if there is any "leeway" in this situation.

This was research carried out on behalf of GSK for marketing purposes. The MR company, therefore, is an agent of GSK and should practice the same level of privacy protection and notice as does GSK as described in the mensfacts.com privacy statement.


I've worked with several market research agencies that were required to pass a rigorous Privacy Critical Self-Assessment audit before they could work on behalf of Eli Lilly to process consumer information on Lilly's behalf. This was a requirement of Lilly's consent decree with the FTC. Lilly, therefore, now has a model privacy program that other pharmaceutical companies should follow.


John agrees that the MR firm should follow the same set of privacy rules that GSK abides by.

"Not sure where the glitch was," John said. "I don't work for either party, and my guess is that from the contract signed between the brand and the company hired to do the market research, and the people on the ground executing, there was a loss of clarity in purpose and communication. Happens when you have too many low paid bodies involved! Typically recruiters for market research studies are under pressure to get bodies in the door and if rigorous quality controls aren't in place, there are glitches. That's why I work online now."
Tahnee Jackson Whitlock disagrees (somewhat):
"In my experience setting up DTC call center campaigns (both the inbound 1-800 response vehicle and outbound market research function) the Pharma DTC privacy policies do not apply to market research -- although they should. Some pharma companies keep the market research privacy practices consistent with their privacy policies. This is the best way to go."
Katherine O'Neil also disagreed:
"I disagree with the previous post about the market research company having to follow the same confidentiality issues as the Pharma. The standard and ethical practice is that names and any identifyingcharacteristicss of market research respondents are NEVER given to the client.

"I have been interviewing docs and patients for many years, and always start an interview by telling them that their identity is not revealed and that what they tell me in the interview is reported in the aggregate.

"I am alsosurprisedd that a professional MR company would conduct in person interviews on the subject of ED. If I were designing the study, I would have suggested doing patient diaries or online research where the respondent can maintain some anonyminity and is therefore more likely to provide authentic feedback."
For me it's not a question of whether or not the MR company reveals my name and other PII to the pharmaceutical company that hired it. The question is, does the MR company protect my PII to the same rigorous level and does it notify subjects about it's security and data handling practices? That, at least for Lilly, is also important even though Lilly never gets identified data from its MR vendors. However, if there ever was a leak of PII from the MR vendor, guess who would be sued along with the vendor?

Online vs. Offline Research
It's interested that both John and Katherine make reference to alternative means of doing market research involving sensitive issues such as ED: online. It turns out that the MR company that interviewed me also seems to have a large online panel that it uses for market research.

So why didn't they do this research online?


One reason I can think of is body language. At several points in my interview I squirmed and probably displayed very telling messages with my facial expressions and body language. This is something you can't get from online research. Therefore, I am sure I was videotaped!

A representative from the MR company confirms that I was indeed recorded or videotaped: "The interviews were recorded strictly for the use of research to assist the interviewer in preparing her report. The recordings will not be used for any other purpose and therefore, no one was asked to sign a waiver."

Laurie Bredenfoerder had this to say:

"I'm a female qualitative marketing consultant specializing in medical market research, and I easily can imagine being asked to conduct an interview much like the one you described. However, I can't imagine doing it for an ED product!

"In a former professional life on the payor side, I had an opportunity to observe my male colleagues' squeamish reactions in multiple discussions of the potential corporate bottom-line impact of the (then) new oral erectile dysfunction meds. The guys seemed reluctant to even refer to this condition by its initials. I am not interested in going there again.

"However, if I somehow got backed into the project, one of my top priorities in the interview would be to make sure you, the respondent, feel as much in control as possible of this very artificial situation. I do this for all my work, and for a practical reason: a tense or distracted respondent is not a very good interview.

"Further, I'd lobby my client to allow me to at the beginning of the interview, to inform you that you can refuse to provide any of the sensitive personal information I request. (However, I'd also explain to you that the greater good of mankind would be served should you choose to provide it.) To do otherwise turns the interview into an inquisition and further chips away at your sense of control. Telling you that I've 'heard it all before' only means that I've been listening very closely.

"It goes without saying that I would inform you early on that you are being audio- and video-taped (standard in the industry) and that there are people behind the mirror observing the interview. However, I can't imagine personifying the observers by telling you their names or genders. Make those people too 'real,' and I've lost you again - as you silently calculate how to avoid coming off looking too stupid on the other side of the glass.

"Frankly, I am amazed you were such a willing and complicit subject. 'Sheila' probably was too! I bet if you called her, she'd tell you she had either a very low show rate -- or a very low completion rate (because the guys who were brave enough to show up refused to divulge so much personal information) or both!"

"In your poll about a potential violation of your privacy rights, I voted 'probably not.' Whether 'Sheila' told you or not, you ALWAYS have the option to tell a market research interviewer that you don't feel comfortable answering a question -- and if he or she is ethical, that will be the last time it comes up [sorry, I couldn't resist].

"In my opinion, and in the broad scheme of things, you essentially CHOSE to allow the interview to proceed and you CHOSE to give that information to 'Sheila' and her colleagues, social pressure notwithstanding. The real violation here was in the good judgment, personal sensitivity and taste of those who designed this research project."
Perhaps I am being too rigid, but I made those choices without being adequately informed of the potential consequences. After all, I did not know if they were or were not going to reveal my name to third parties. What about keeping all the papers, videotapes, etc. with my personal information safe? Again, I made the choice without actually having enough knowledge -- it was consent, but not informed consent.

It would have been comforting to know that only de-identified data would berevealedd in any reports to 3rd parties and that documents are kept secure 24/7 under lock and key or that they were destroyed after a certain time or upon request by me.


What Do You Think? Was My Privacy Violated?

Has my privacy been violated? Was it violated when the market research company looked up my phone number and contacted me by phone without my permission to do so? Was it violated during the interview because I was not given notice of the privacy practices in effect and who the responsible party was? Was it violated because I was not given an explicit opportunity to opt-in before revealing personally-identifiable information? Was it violated because I was not informed how the market research company and the drug company that hired it was going to use the information I provided?


Were my privacy rights violated?
Absolutely Yes
Probably Yes
Absolutely Not
Probably Not
Don't Know/No Opinion

5 comments:

  1. I have been behind the glass when the subject was identified by his first name. By simply typing his first name into Google I could get identifying information on the subject from the first page of listings. Needless to say, his name was not John. As a client, I am charged with keeping this information away from people who might contact the subject.

    Some of the industry veterans have stories about reps making calls after a marketing research interview to help "educate" the physician on some of the points they missed in the interview. Privacy policies in marketing research allow us to retain access to physicians without them experiencing personal consequences from an interview.

    ReplyDelete
  2. Just for the record.

    Regarding the GSK side of this: Recall that I called GSK to ask them if the Mensfacts.com privacy policy was violated when I was contacted by phone without having given GSK permission to contact me that way (and not having provided my phone number).

    I called the mensfacts.com 1-800 number that appeared on the privacy policy again on August 24, 2006 and asked if they had any other information about my compliant. I also inquired about getting access to the PII that GSK had on file about me.

    I was told that this usually takes several days and not to expect an answer until next week.

    Just for the record.

    ReplyDelete
  3. I can't believe that they used a female to talk to you about ED? Like the post on www.worldofdtcmarketing.com said "What's wrong with this picture?" They expect a man with ED to talk about his problem with a stranger he just met who happens to be a women..this is beyond bad it's really bad.

    ReplyDelete
  4. Anonymous10:36 AM

    If you were worried about your privacy in the first place, why go to a MR study?

    ReplyDelete
  5. I wasn't worried about my privacy in the **first** place -- only afterward when I went through the experience. I'll admit I was doing a bit of research myself -- that's part of my job -- to see what kinds of things they were testing. The privacy issue arose as an after thought and after thinking about the whole experience.

    ReplyDelete