CASRO is the national association established in 1975 to represent the U.S. research industry and those organizations engaged in the conduct, support, or education of market, opinion, and social research, often described as data analytics, consumer insights, or business intelligence. CASRO’s member organizations, which reflect about 85% of U.S. annual research revenues, are represented in CASRO by the Chief Executives and other corporate officers, serving on CASRO’s Board and leading CASRO’s initiatives and events. CASRO’s mission is to provide the environment and leadership that will advance the integrity, quality, and best interests of research businesses, as well as the U.S. and global research industry. CASRO advances the business of research through mandatory and enforceable standards, guidance and guidelines, education and information resources, and self-regulation in research process, practice, and performance. CASRO works with national and international associations to support and improve the integrity and quality of research across geographic and cultural borders. This Code of Standards and Ethics for market, opinion, and social research sets forth the agreed-upon rules of ethical conduct for research organizations. Acceptance of this Code is mandatory for all CASRO members, and Code Enforcement Procedures are available to address any complaints and alleged breaches of the Code. The Code has been organized into sections describing the responsibilities of a research organization to research participants (also called “respondents” or “data subjects”), to research clients, to subcontractors, and to interviewers; as well as the responsibilities of organizations in reporting research project results. This Code is not intended to be, nor is it, an immutable document. Circumstances may arise that are not covered by this Code or that may call for modification of some aspect of this Code. The Standards Committee and the Board of Directors of CASRO will evaluate these circumstances as they arise and, if appropriate, revise the Code. The Code, therefore, is a living document that seeks to be responsive to the changing world of research, while setting forth important principles that should inform the judgment and behavior of research organizations based on the ethical spirit of the code, even in circumstances for which definitive standards have not been updated or articulated. In this spirit, CASRO advocates ongoing communication among members, research participants, clients, subcontractors, consultants and interviewers.
The Principles of Market, Opinion and Social Research
Market, opinion, and social research is an information gathering and analytical activity distinct from marketing and advertising. The following Principles define the research industry and support its unique and critical separation from the societies, industries, and economies that it serves. These research principles are national and universal, allowing CASRO and other national associations to ensure that research is (a) not confused with, (b) subsumed under, or (c) manipulated by other professions, industries, or activities.
1. Research organizations shall ensure that participation in research is voluntary and based on informed consent.
2. Research organizations shall respect the rights and well being of individuals who participate in research, and shall make all reasonable efforts to ensure that individuals are not harmed or disadvantaged as a result of their participation in research.
3. Research organizations shall make all reasonable efforts to protect the privacy of research participants and to keep personal information confidential and secure.
4. Research organizations shall be honest, transparent, and straightforward in their professional and business relationships.
5. Research organizations shall conduct research based on a consistent commitment to integrity, objectivity, and quality.
6. Research organizations shall exercise independent and professional judgment in the design, conduct, documenting, and reporting of their research projects and activities.
7. Research organizations shall ensure that research is conducted by persons with appropriate training, qualifications, and experience.
8. Research organizations shall comply with all applicable national and international laws and regulations.
I. Responsibilities to Research Participants
Research organizations have ethical and legal responsibilities to research participants. These ethical and legal responsibilities must be disclosed to research participants, thereby forming a “chain of trust” relationship between research organizations and research participants.
The research process is a systematic collection, aggregation, and/or analysis of opinions and behaviors for informational purposes.
The protections of personal information are governed by the principles of participant privacy and confidentiality, and the aggregation and reporting of research data.
The purpose of research is informational; there is no direct commercial intent or direct result in the activity of research. The research activity shall be the primary and prevailing purpose of the contact with the individual, and it is always separate and distinct from direct marketing, sales, and advertising activities. Research informs marketing; it does not achieve it.
Research participation may be active or passive:
a. Active Research Participation:
Research participation is considered active if an individual is asked to participate in research (e.g., a survey, a focus group, or other research project, either in-person or via some other means of communication, such as telephone, mail, or online). When research participation isactive, the individual is most often referred to as the “respondent” as research surveys are typically used. In this situation, research participation is voluntary and is always based on informed consent. With active research participation, individuals must be: (a) willing participants in the research process; (b) appropriately informed (about the intentions of the research and how their personal information and responses will be used and protected); and (c) treated respectfully, in such a way as to maximize the likelihood that they will be satisfied with the experience and willing to participate in research in the future.
b. Passive Research Participation:
Research participation is considered passive if the individual does not personally engage in the research activity (examples include social media listening and mystery shopping). When research participation is passive, the individual is typically referred to as the “research participant” or “data subject.” In passive research participation, the individual’s behavior or actions typically are observed and recorded.
In passive research participation in public spaces, individuals may not be aware that their behavior is being observed and recorded and obtaining permission typically is not possible. In this situation, if the individual’s personal identity and/or personally-identifiable information are obtained in the process of observation or online data collection, the research organization shall protect the privacy and security of that information as required by law, this Code, and the standards of professional research practice. If personally-identifiable information cannot be de-identified, the research organization must delete the personal data or seek informed consent from the individual for any further research or data record use.
In passive data collection in non-public spaces, the research participant must be appropriately notified and permission obtained whenever possible. However, in cases where PII is collected in non-public spaces, the research participant must always be appropriately notified and his/her permission obtained.
In either circumstance of active or passive research participation, the research relationship between the research organization and the research participant is defined by, and limited to, the gathering of information. Research Organizations must take all reasonable efforts to ensure that there is no harm, harassment, or direct action taken against the individual based on his or her participation (active or passive) in research.
A. Privacy and Confidentiality
1. Research organizations are responsible for protecting from disclosure to third parties–including research clients and the public–the identity of individual research participants as well as participant-identifiable information, unless the research participant expressly permits or requests such disclosure (or otherwise permitted in the exceptions in 3. below). In no circumstances, however, shall the permission to disclose participant-identifiable information be for the purpose of direct marketing, sales, or advertising.
2. The principles of privacy and confidentiality include the following specific applications and safeguards:
a. Research organizations’ staff or personnel cannot use or discuss participant-identifiable data or information with any third party unless permission from the participant is obtained and the third party has executed a Non-Disclosure Agreement (NDA).
b. The research organization has the responsibility for ensuring that subcontractors and consultants are aware of and agree to maintain and respect participant privacy and confidentiality whenever the identity of participants or participant-identifiable information is disclosed to such entities.
c. Before permitting clients or others to have access to completed questionnaires or research data in circumstances other than those described in this Code, participant-identifiable data or information must be deleted.
d. Invisible identifiers on mail questionnaires or other documents that connect participant data to particular participants must not be used. Visible identification numbers may be used but should be accompanied by an explanation that such identifiers are for control purposes only and that participant confidentiality will not be compromised.
e. Any research organization that receives information from a client or other entity that it knows or reasonably believes to be participant-identifiable information must only use such information in accordance with the principles and procedures described in this Code.
f. The use of survey or other research results in a legal proceeding does not relieve the research organization of its ethical obligation to maintain the privacy and confidentiality of participant-identifiable information or lessen the importance of participant privacy and confidentiality. Consequently, research organizations confronted with a subpoena or other legal process requesting the disclosure of participant-identifiable information must take all reasonable steps to oppose such requests, including informing the court or other decision-maker involved of the factors justifying participant confidentiality and interposing all appropriate defenses to the request for disclosure.
3. The overarching principles of privacy and confidentiality are qualified by the following exceptions:
a. The minimum necessary amount of participant-identifiable information may be disclosed to the client to permit the client:
(1) to validate interviews and/or
(2) to determine an additional fact of analytical importance to the study (including the practice of appending client-owned database information to the research organization’s data file as an analytic aid). Where additional inquiry is indicated, research participants must be given a sound reason for the re-inquiry; a refusal by the participant to continue must be respected.
Before disclosing participant-identifiable information to a client for purposes of interview validation or re-inquiry, the research organization must take whatever steps are needed to ensure that the client will conduct the validation or re-contact in a fully professional manner. This includes the avoidance of multiple validation contacts or other conduct that would harass or could embarrass research participants. It also includes avoidance of any use of the information (e.g., lead generation) for other than legitimate and ethical research purposes or to respond to participant complaints. Assurance that the client will respect such limitations and maintain participant confidentiality must be confirmed in writing before any confidential information is disclosed.
Where participant-identifiable data are disclosed to clients so that the client’s internal research organization may analyze research data in combination with other participant-level data (such as internal customer data, participant-level data from another research project, etc.) it is understood that the information will be used for model building, internal (client’s internal research organization) analysis, research question targeting (for future research efforts), or the like rather than for individual marketing efforts, and that no action may be taken toward an individual participant simply because of his or her participation in the research project. To ensure client compliance, the research organization must obtain written confirmation from the client before releasing any data. (A suggested CASRO Client Agreement Clause is available.)
Further, with respect to such research uses as database segmentation and/or modeling (see preceding paragraph), specific action(s) may not be taken toward an individual participant as a result of his/her research responses and participation beyond those actions taken toward theentire database population group of which the participant is a member. To initiate such specific action, the following two elements must be met:
(1) the participant has given permission to do so, having been informed as to what information is to be revealed, to whom, and the purpose and limitations of such use; and
(2) the research organization has obtained a written agreement from the client assuring that no other use will be made of participant-identifiable information.
Predictive equations or other techniques that integrate a segmentation scheme into a client database may be applied so long as no action is taken toward an individual participant simply because of his or her participation in the research project. Participants must be treated like all other individuals in the database according to the segment(s) to which they belong or have been assigned.
c. In the case of observation of in-person or online quantitative or qualitative research sessions or associated video or audio recordings, such observers must agree to keep confidential and not to disclose the identity of individual research participants or other participant-identifying information except as needed to respond, with the participant’s prior specific approval, to any complaint that the research participant may have about a product or service supplied by the client.
B. Transparency and the Avoidance of Harassment
1. Since research participants are the lifeblood of the research industry, it is essential that those approached to participate be treated with respect and sensitivity.
a. The voluntary character of the interviewer-participant contact must be stated explicitly where the participant might have reason to believe that cooperation is not voluntary.
b. Research organizations must respect the right of individuals to refuse to be interviewed or to terminate an interview in progress. Techniques that infringe on these rights must not be employed, but research organizations may make reasonable efforts to obtain an interview including:
(1) explaining the purpose of the research project;
(2) providing a gift or monetary incentive adequate to elicit cooperation;
(3) re-contacting an individual at another time or providing a toll-free number for the individual to call back; or
(4) providing an alternative method for the individual to participate (e.g., online).
2. Research organizations shall be open, honest, and accountable in their relationship with research participants. This principle of transparency includes the following specific applications:
a. The research organization, subcontractors, and interviewers shall make every reasonable effort to ensure that the participant understands the nature of the research project and the interviewer/participant contact.
(1) The interviewer/research organization/sponsoring entity representative or the research invitation must provide prompt and honest identification of his/her research organization affiliation.
(2) Participant questions must be answered in a forthright and non-deceptive manner, within limitations set by methodological considerations (e.g., research sponsor).
b. Deceptive practices and misrepresentation, such as using research as a guise for sales or solicitation purposes, are expressly prohibited.
3. Research participants will be protected from unnecessary and unwanted intrusions and/or any form of personal harassment:
a. Research organizations shall exercise good and sensitive judgment in soliciting participation in research by contacting people at reasonable times and eschewing pressure to participate.
b. Lengthy interviews can be a burden. Research organizations are responsible for weighing the research need against the length of the interview, and participants must be informed of the approximate duration of the interview.
c. Research organizations are responsible for developing techniques to minimize the discomfort or apprehension of participants and interviewers when dealing with sensitive subject matter.
d. Recording equipment, e.g., audio and video recording, photography, and one-way viewing rooms, may be used only with the knowledge of participants.
e. Research organizations may utilize passive technologies, like identity validation, for the purpose of ensuring identities and fraud prevention. The informed consent or opt-in of the research participant is required for any other purpose.
4. Informed Consent
a. Additional assurances that informed consent has been obtained may be required in order to conduct research with certain segments of the population (e.g., children—see Section D).
b. Additional assurances that informed consent has been obtained may be required in order to conduct research in certain countries.
5. Disclosure of Client Identity
a. Depending on requirements of (1) the law and regulation, (2) the CASRO Code, and (3) research best practices, research organizations may be required either to disclose client names to research participants or not to disclose client names to research participants. For example:
(1) Law and regulation: In pharmaceutical research, some state laws require that client names cannot be disclosed to research participants.
(2) CASRO Code requirements: Subject to the exceptions to in Section E. 1. e. below, if a research organization uses a client-supplied list of customers’ email addresses for research purposes, the research organization must identify the client, to whom the emailed individual has given permission to be contacted.
(3) Research Best Practices: Client confidentiality may be required in order to avoid research bias.
C. Privacy Laws and Regulations
1. Research organizations must comply with existing state, federal, and international statutes and regulations governing privacy, data security, and the disclosure, receipt and use of personally-identifiable information (collectively “Privacy Laws”). Some of the Privacy Laws affecting market, opinion, and social research are limited to specific industries (e.g., financial and health care industries), participant source (e.g., children), and/or international venues.
2. In instances in which privacy laws apply to research operations for specific industries or participant source, research organizations will:
a. Always enter into a confidentiality or “chain of trust” agreement when receiving and using legally-protected, personally-identifiable information from a source other than the research participant or data subject, ensuring that the research organization will protect the information and only use it for the purposes specified in the agreement;
b. Always require subcontractors and other third parties to whom they disclose personally-identifiable information to enter into confidentiality or “chain of trust” agreements that require such party(ies) to provide the same level of security and limitations of use and disclosure as the research organization;
c. Always store or maintain personally-identifiable information in a secure manner;
d. Always control and limit accessibility to personally-identifiable information;
e. Always use reasonable efforts to destroy or effectively secure personally-identifiable information once the research project is complete and validation has been conducted, unless the personally-identifiable information relates to participants in panels, to ongoing studies, or for some other critical research reason; or the research client is legally or contractually obligated to require its research providers to maintain such information for a certain period of time and contractually imposes this requirement on the research organization;
f. Never knowingly receive, use or disclose personally-identifiable information in a way that will cause the research organization or another party to violate any privacy law or agreement.
a. Notice: A description of what information is collected, how it is collected, its purpose, and its disclosure to third parties.
b. Choice: A statement of and procedures for allowing individuals to choose not to participate in the research and/or to have their personal information used or disclosed to a third party.
c. Onward Transfer: A statement that personal information will be transferred only to third parties who also are in compliance with the Safe Harbor Principles.
d. Access: Procedures to provide individuals with access to their personal information in order to correct, amend, or delete that information where it is inaccurate.
e. Security: A description of the reasonable precautions taken to protect personal information from loss, misuse and unauthorized access, disclosure, alteration, and destruction.
f. Data Integrity: A statement that information will be used consistent with the purpose for which it was collected.
g. Enforcement: A description of internal and external mechanisms for assuring compliance, and addressing and resolving disputes and complaints.
4. Research organizations will, to the extent required by law or as necessary to fully and completely comply with the principles set forth in the section of this Code entitled Responsibilities to Research Participants, adopt effective and comprehensive legal and operational policies, such as those set forth in CASRO’s Privacy Protection Program, which will be updated as necessary to conform with additions to and changes in privacy laws.
D. Children, Young People, and Vulnerable Populations
Conducting research with children and young people includes the requirement for research organizations to protect their privacy and interests, as well as to respect and adhere to the wishes of their parents or guardians. This requirement becomes increasingly critical the younger the child and the more sensitive the subject matter. In addition, the laws governing interviewing children and the age at which children become young people and then adults varies from country to country and, sometimes within countries, from state to state. In the U.S., the Children’s Online Privacy Protection Act (COPPA) requires verifiable parental or the legal guardian’s consent for interviewing children below the age of 13 years. Consequently, prior to conducting a research project with children or young people, research organizations should (i) identify and comply with any applicable laws and (ii) consult with their legal counsel.
E. Special Considerations for Online and Mobile Research
The unique characteristics of online and mobile research require specific notice that the principle of participant privacy applies to these research methodologies. The general principle guiding this section of the Code is that research organizations will not use unsolicited emails or text messages to recruit research participants or engage in surreptitious data collection methods.
1. Email and Text Message Solicitation.
a.Research organizations are required to verify that individuals contacted for research by email or text message have a reasonable expectation that they will receive email or text message contact for research. Such agreement can be assumed when ALL of the following conditions exist:
(1) A substantive pre-existing relationship exists between the individuals contacted and the research organization, the client supplying email addresses or mobile phone numbers, or the sample providers supplying the email addresses or mobile phone numbers (the latter being so identified or linked to by the email invitation or text message);
(2) Potential research participants who are sent email invitations or text message invitations have a reasonable expectation, based on a pre-existing relationship where email or text message invitees have specifically opted-in for online or mobile research with the research organization or sample provider, or in the case of client-supplied lists that they may be contacted for research and they have not opted-out of email or text message communications;
(3) Email invitations on text message invitations to potential research participants clearly communicate or link to the name of the sample provider, the relationship of the individual to that provider, and clearly offer the choice to be removed from future email or text message contact;
(4) The email sample or mobile phone number list excludes all individuals who have previously requested removal from future email or text message contact in an appropriate and timely manner; and
(5) Participants in the email mobile phone sample were not recruited via unsolicited email or text message invitations.
b. Research organizations are prohibited from using any subterfuge in obtaining email addresses or mobile phone numbers of potential participants, such as collecting email addresses or mobile phone numbers from public domains, using technologies or techniques to collect email addresses or mobile phone numbers without individuals’ awareness, and collecting email addresses or mobile phone numbers under the guise of some other activity.
c. Research organizations are prohibited from using false or misleading return email addresses or any other false and misleading information when recruiting participants. As stated previously in this Code, research organizations must comply with all federal regulations that govern market, opinion, and social research activities. In addition, research organizations should use their best efforts to comply with other federal regulations that govern unsolicited email and text message contacts, even though they do not apply to research.
d. When receiving email lists or mobile telephone lists from clients or sample providers, research organizations are required to have the client or sample provider verify that individuals listed have a reasonable expectation that they will receive email contact or text message, as defined, in (1) above.
e. The practice of “blind studies” (for sample sources where the sponsor of the study is not cited or linked to in the email solicitation or text message) is permitted if disclosure is offered to the participant during or after the interview. The participant must also be offered the opportunity to “opt-out” of this research project and also, if so requested, from the sample source list.
f. Other messaging technologies such as mobile application (mobile app) notifications can have characteristics and capabilities that are similar to text messages. Accordingly, when using messaging technologies such as mobile app notifications for research, research organizations must comply with any applicable requirements of this section.
g. Information about the CASRO Code of Standards and Ethics should be made available to participants.
II. Responsibilities to Clients
1. Relationships between a research organization and clients for whom the research project is conducted should be of such a nature that they foster confidence and mutual respect. They must be characterized by honesty and confidentiality.
2. The following specific approaches describe in more detail the responsibilities of research organizations in this relationship:
a. A research organization must assist its clients in the design of effective and efficient studies that are to be carried out by the research organization. If the research organization has misgivings about whether a study design will provide the information necessary to serve the client’s purposes, it must make its reservations known.
b. A research organization must conduct the study in the manner agreed upon. However, if it becomes apparent in the course of the study that changes in the plans should be made, the research organization must make its views known to the client promptly in writing.
c. A research organization has an obligation to allow its clients to verify that work performed meets all contracted specifications and to examine all operations of the research organization that are relevant to the proper execution of the project in the manner set forth. While clients are encouraged to examine questionnaires or other records to maintain open access to the research process, the research organization must continue to protect the confidentiality and privacy of research participants.
d. When more than one client contributes to the cost of a project specially commissioned with the research organization, each client concerned shall be informed that there are other clients (but not necessarily their identity).
e. Research organizations will hold confidential all information that they obtain about a client’s general business operations, and about matters connected with research projects that they conduct for a client.
f. For research findings obtained by the research organization that are the property of the client, the research organization may make no public release or revelation of findings without expressed, prior approval from the client.
3. Bribery in any form and in any amount is unacceptable and is a violation of a research organization’s fundamental, ethical obligations. A research organization and/or its principals, officers and employees should never give gifts to clients in the form of cash. To the extent permitted by applicable laws and regulations, a research organization may provide nominal gifts to clients and may entertain clients, as long as the cost of such entertainment is modest in amount and incidental in nature.
III. Responsibilities in Reporting to Clients and the Public
1. When reports are being prepared whether for client confidential use or public release purposes, it is the obligation of the research organization to ensure that the findings they release are an accurate portrayal of the research data, and careful checks on the accuracy of all figures are mandatory.
2. A research organization should supply in its reports or be ready to supply on short notice to a client or to the public as applicable, the following information about the research:
a. The name of the organization for which the study was conducted and the name of the organization conducting it.
b. The purpose of the study, including the specific objectives.
c. The dates on or between which the data collection was done.
d. A definition of the universe that the research is intended to represent and a description of the population frame(s) that was actually sampled.
e. A description of the sample design, including the sample source, the method of selecting sample elements, method of interview, cluster size, number of callbacks, participant (respondent) eligibility or screening criteria, and other pertinent information.
f. A description of results of sample implementation including (a) a total number of sample elements contacted; (b) the number not reached; (c) the number of refusals; (d) the number of terminations; (e) the number of non-eligible; and (f) the number of completed interviews.
g. The basis for any specific “completion rate” percentages must be fully documented and described.
h. The questionnaire or exact wording of the questions used, including interviewer directions and visual exhibits.
i. A description of any weighting or estimating procedures used.
j. A description of any special scoring, data adjustment or indexing procedures used. (Where the research organization uses proprietary techniques, these must be described in general and the research organization must be prepared to provide technical information on demand from qualified and technically competent persons who have agreed to honor the confidentiality of such information).
k. Estimates of the sampling error and of data should be shown when appropriate, but when shown they should include reference to other possible sources of error so that a misleading impression of accuracy or precision is not conveyed.
l. Statistical tables clearly labeled and identified as to questionnaire source, including the number of raw cases forming the base for each cross-tabulation.
m. Copies of interviewer instructions, validation results, code books, and other important working papers.
n. In some cases the source of the data used to prepare a report may permit the research organization access to an entire population of interest (a census rather than a sample). Examples can include customer transaction data and billing data. In such cases, the requirements for reporting information about a sample do not apply. However, when reporting to clients or the public, the research organization must comply with any applicable requirements of this section when using such data sources.
3. At a minimum, any general public release of research findings should include the following information:
a. The sponsorship of the study.
b. A description of the purposes.
c. The sample description and size.
d. The dates of data collection.
e. The name of the research organization conducting the study.
f. The exact wording of the questions.
g. Any other information that a layperson would need to make a reasonable assessment of the reported findings.
h. Information required for the computation of any reported sample error.
i. In some cases the source of the data used to prepare a report may permit the research organization access to an entire population of interest (a census rather than a sample). Examples can include customer transaction data and billing data. In such cases, the requirements for reporting information about a sample do not apply. However, when reporting to clients or the public, the research organization must comply with any applicable requirements of this section when using such data sources.
4. A research organization will seek agreements from clients so that citations from research project reports will be presented to the research organization for review and clearance as to accuracy and proper interpretation prior to public release. A research organization will advise clients that if the publicly-disclosed research data are incorrect, distorted, or incomplete in the research organization’s opinion, the research organization reserves the right to make its own release of any or all research data necessary to make clarification.
IV. Responsibility to Subcontractors and Interviewers
1. Research organizations will not ask any subcontractor or interviewer to engage in any activity that is not acceptable as defined in other sections of the Code of Standards and Ethics or related CASRO publications.