Policy update for Rangahau Aotearoa
July 1, 2024
At Rangahau Aotearoa we take great pride in ensuring that all our policies are up-to-date and in sync. with current legislation. As part of this, we review our major policies on a rolling annual basis.
This year, we reviewed three policies:
· General privacy policy.
· Policy relating to the involvement of children and vulnerable people in research.
· Complaints policy.
Thankfully, we don’t receive many complaints; in fact, we cannot recall the last time we received a formal complaint. Nevertheless, that policy has been refreshed and an important result of this has been some recent training with our call centre interviewers, to help them better manage respondents who are contacted and don’t want to take part in a survey.
Our policy on the involvement of children and vulnerable people has now been brought in line with some new guidelines published by the professional research society we belong to; namely, the European Society of Marketing & Opinion Research. We have taken advantage of this opportunity to also acknowledge special obligations we have under the Children’s Act 2014.
As a result, a Privacy Impact Assessment will be completed for any survey or qualitative research project involving children or vulnerable people. A child is defined as under 15 years of age and a vulnerable person is defined as a person who belongs to a group within society that is either oppressed or more susceptible to harm[1].
The key aspects of the policy are:
· Researchers have an obligation to consider the degree of maturity/confidence when deciding what subjects may or may not be safely dealt an interview that involves children or vulnerable people (e.g., topics that may upset or cause anxiety).
· Contact databases received from our clients for the purposes of conducting research will be delivered to us in an encrypted, password protected form, through our dedicated SharePoint client portal (or equivalent). These files are to only be used for the research they have been provided for, and must be deleted on the project’s completion.
· Participation in a research project will be on a voluntary, informed consent basis. Where a research participant is under the age of 15, written consent will be obtained from the child's legal guardian(s) or caregiver(s).
· All research with children or vulnerable persons conducted in-person, will be undertaken in an environment that is safe, secure, private and appropriate. Participants will be encouraged to have a support person present.
· The identity of participants will always remain confidential and will not be shared with anyone outside of the research team, without explicit permission. The only exception to this is if a child or vulnerable person is suspected of being at risk of or is being abused or neglected, in which case New Zealand Police will be informed.
· All research will be designed to only collect the personal information necessary to analyse and report the results (e.g., age and location). Any personally identifying information, capable of directly or indirectly identifying a research participant, will be removed before any analysis and reporting takes place.· In order to recognise and provide a practical commitment to te Tiriti o Waitangi, and to protect the cultural safety of a participant, research primarily or exclusively involving Māori will be led by a researcher or interviewer who themselves identifies as Māori. To the extent possible, the same will apply to participants of other ethnicities.
Finally, our general privacy policy has also been strengthened, and in addition to research projects involving children or vulnerable people, we now produce a Privacy Impact Assessment as part of the development of a Risk Management Strategy for all major projects, and especially those that receive samples from our clients for the purposes of conducting their surveys.Privacy Impact Assessments are based on a template provided by the Privacy Commission and involve a four-step process:
· Step 1: Complete a compliance assessment based on 13 ‘privacy principles’.
· Step 2: Prioritise any identified risks and develop a mitigation strategy.
· Step 3: Develop an action plan, with responsibilities and completion dates.
· Step 4: Schedule a review of the action plan, to confirm that the plan has been implemented.