A Survey Disclaimer is a short statement that lets users know that your survey may collect personal information, and that it may be used in certain ways. This type of disclaimer offers you a level of legal protection, while helping inform your users more about important information.
This article discusses the content of survey disclaimers and why you should attach them to your surveys.
A Survey Disclaimer outlines what a survey participant can expect from volunteering their information for a survey.
Surveys cover a diverse range of topics. Consumer preferences, daily habits, and medical research are just a few topics addressed by surveys.
No matter the content, each survey should begin with a Survey Disclaimer.
It may also contain warnings such as when data is shared with a third party or if sensitive data may not be protected.
The Survey Disclaimer fulfills four purposes which are addressed in its provisions:
Privacy protection is the most important element of a Survey Disclaimer. Even if your Privacy Policy agreement covers your compliance requirements, the Survey Disclaimer enhances that compliance by making your terms obvious to participants.
Having this kind of disclaimer also encourages participation. No matter the topic, participants may feel uneasy, especially if the survey involves something deeply personal like psychological treatment.
Unless people understand their answers are protected, it's unlikely you will secure enough research to meet your purposes.
There are no laws or directives directly reflecting privacy practices in regard to surveys.
Survey disclaimers are frequently designed to comply with current laws mainly as a cautionary note but also because it reassures participants. That creates an intersection between Survey Disclaimers and the relevant privacy laws.
The U.S. does not have a general privacy law, but it takes the security of medical information seriously. HIPAA in particular can affect health surveys and require particular considerations for the Survey Disclaimer.
Even when surveys related to medical treatment and conditions are anonymous, U.S. research facilities, universities, and companies still handle the data under the responsibilities outline in the Health Information Portability and Accountability Act (HIPAA).
HIPAA seeks to assure health data is protected while allowing the information to be available for assessing treatment, securing public health concerns, and supporting research.
In any of these cases, the medical provider or researcher must provide notice and secure consent from the patient first.
Survey Disclaimers regarding physical or mental health frequently include a provision that data is not associated with the answers provided on the survey.
Normally, since surveys occur online and are automated, answers are not associated with an email address but given a random identifying number.
This protects privacy because there's data relevant to research but no personal identifying information linked to it.
As mentioned, the U.S. has no general law protecting privacy. California enacted one in 2004 called the California Online Privacy Protection Act (CalOPPA). This act places specific notice requirements on entities which collect personal data from their users.
California is one of the most populous states in the U.S. so if you look to transact business or run surveys there, you need to comply with California law.
It's nearly impossible to restrict business or collect information from one state within an online survey, so following CalOPPA is a good precaution.
CalOPPA requires a conspicuous link to the Privacy Policy on every website. It also requires specific content for the Privacy Policy. The following requirements are relevant to surveys:
Many surveys do not link data to personally identifiable information. However, any information collected specifically about an individual is subject to these requirements.
Even if you have a complete Privacy Policy, your Survey Disclaimer can provide enhanced compliance with CalOPPA and reassure participants.
Canada maintains an Office of the Privacy Commissioner of Canada and passed two laws regarding privacy protection. One law, the "Privacy Act" contains provisions requiring federal government agencies to protect and disclose personal data responsibility.
The law that affects information collected in surveys sponsored by for-profit entities is the Personal Information Protection and Electronic Documents Act (PIPEDA).
PIPEDA requires companies to obtain consent before collecting, using or disclosing personal information. The data can only be used for the purpose it was collected.
PIPEDA is limited to commercial activity. However, businesses that fall directly under legislative authority of Parliament must also follow these regulations. Airports, airlines, banks, public transportation authorities, telecommunication companies, television and radio broadcasters, and offshore drilling operations must all adhere to this law.
For example, if you are conducting a survey on behalf of a radio station, you must obtain consent before collecting information. You can do this with a Survey Disclaimer at the beginning and use clickwrap design methods to assure acceptance.
Health information is primarily protected by provincial laws. Ontario, New Brunswick, and Newfoundland and Labrador all have acts modeled under PIPEDA but specific to health information.
Like in the U.S., it's impossible to direct a survey to Canada and only involve a few provinces. Therefore, you need a Survey Disclaimer and click-wrap methods as well in order to assure you secure consent to collect information.
The GDPR doesn't specifically address surveys. However, like other laws, it has the requirement that data must be collected for specific, legitimate, and explicit purposes.
A Survey Disclaimer that explains the reason for collecting the survey data, what data you're going to collect and how it's used likely meets this standard - especially if you use clickwrap methods to assure the participant accepts the terms.
New Zealand's Privacy Act 2020 has a number of requirements for what businesses must disclose when collecting and using personal information, including what would be collected through a survey in some cases.
If an individual feels their rights under the New Zealand Privacy Act were violated, they can file a complaint with the Privacy Commissioner.
Below are some examples that show how you can draft a Survey Disclaimer.
If you're collecting opinions on less personal issues, like consumer products, perceptions in the news or anything else that an individual would share willingly with a stranger over coffee, a General Survey Disclaimeris likely all you require.
This includes some reassurance because participants may not want spam, junk mail or unwanted promotions. If the survey involves more personal products, they may also want the results not associated with their name or made public.
SurveyMonkey, a leader in providing a platform for conducting surveys, can include a Survey Disclaimer, also called a "Consent Form"that emphasizes anonymity:
GE uses a similar structure that shows how this is put into practice. Its survey portal appears to be limited to employees and independent contractors in its organization.
GE's Survey Disclaimer is a catch-all for data although it discourages sharing sensitive data:
Both examples are general yet comprehensive:
If you are handling sensitive data, the SurveyMonkey example may work better for you. It clearly indicates commitment, confidentiality protection, and provides space to provide the purpose of the survey.
The Survey Disclaimer/Consent Form from SurveyMonkey ends with the "I agree" checkbox so the participant can decide whether they still want to participate after reading the listed conditions.
Survey Disclaimers also work by integrating other agreements with them, like the Privacy Policy agreement. This may be done by having each document contain overlapping provisions.
Wikimedia has a general clause regarding surveys in its Privacy Policy:
And here's how Wikipedia offers a separate Survey Disclaimer outside of a Privacy Policy:
It seems like a Survey Disclaimer can get away with merely being a reference to the Privacy Policy or Terms and Conditions.
However, it's not recommended. Linking to long legal agreements as a way to reassure their data is safe is not a good way to encourage participation.
Even if your Survey Disclaimer shares provisions in the Privacy Policy, repeat those provisions in plain language when you draft the disclaimer. That assures participants understand the use of their data and feel safe in knowing that their answers are not personally linked to them.
Surveys conducted to gauge the quality of medical care or conduct research fall under strict privacy guidelines in laws like the U.S.'s HIPAA.
The Cleveland Clinic conducts surveys to measure service quality. It sends out a Patient Satisfaction Survey and maintains a FAQ-style disclaimer and introduction page for this survey.
Its disclaimer starts with a statement of purpose:
Then the disclaimer describes the information collected and who has access to it. In this case, the data is kept internally:
However, the feedback will also contribute to a star rating for physicians and patient reviews may also be posted. While this posting is anonymous, patients have the option to ask that their comments are removed:
It's a good idea to detach survey results from the identity of the participant. That means no links to email addresses, user names or even the IP address. While this is a good practice overall, it is critical if you wish to conduct a health or medical related survey.
Surveys conducted for a closed group may seem reassuring on their own. However, it's a good practice to never assume participants know this.
Survey Disclaimers exist more for reassurance. Even if the data is not personal, clearly indicating that the data is limited to one particular institution or group only helps your survey. It also shows that you comply with privacy laws even if you already have a solid Privacy Policy.
Consider this a step in enhancing those practices. This Survey Disclaimer used by the University of Michigan works with both health-related and general surveys because it indicates clear limitations for data access and keeps results anonymous:
Any time you immediately delete personal data or limit it to anonymous release to a closed group of researchers, describe these practices in your Survey Disclaimer. As seen the University of Michigan example, this does not have to be long or complex.
A Survey Disclaimer reinforces compliance with privacy laws but also contains extra material to encourage participation and assure confidentiality.
Rather than merely link to other agreements as a replacement for your disclaimer, draft a plain language summary of the purpose of the summary and how you will protect data. That will draw in more participants and make your survey much more helpful.