Survey tools are routinely used by agencies to collect information for the improvement of programs and to inform development and service planning.
The Information Privacy Act 2009 (Qld) (IP Act) sets out obligations to ensure that the privacy of the personal information that Queensland Government agencies collect is protected. This guideline sets out the privacy considerations of conducting a survey.
Personal information is any information about an individual whose identity is apparent or can reasonably be ascertained.1 If the survey does not collect information about reasonably identifiable individuals, it presents no privacy concerns.
It is a myth that surveys which do not ask for the respondent’s name are anonymous. You should not assume that just because the survey does not record the participants’ names that their participation is automatically anonymous. Individuals can be identifiable from information other than their name. For example, an individual’s identity may be ‘reasonably ascertainable’ where:
Broadly put, the collection obligations are:
Assessing what might be a ‘lawful and fair collection’ and a ‘not unreasonable intrusion upon the personal affairs of the individual concerned’ requires an agency to consider:
The nature and amount of information being collected and the way in which it is collected should be able to be justified.
Providing a ‘collection notice’ to a respondent on commencement of the survey is a practical way to make them aware of how the agency will use and disclose their personal information.
A collection notice is a one-way communication that does not require that the individual agree with the content. As such, it does not constitute an agreement to their participation. However, where an individual has an element of choice in whether to participate in the survey—that is, the individual acts in a purely voluntary manner—it is arguable that the individual indicates their agreement through their choice to participate in the survey.
If the collection notice informs of the potential for publishing of the respondent's’ responses to a voluntary survey, then the participation of the respondent can also be taken as agreement for the publication of their responses.
However, caution needs to be taken with surveys that give respondents an option of providing a ‘free text’ response. While free text fields can encourage full and meaningful responses, it is this very flexibility that allows respondents to enter any text they wish, including the personal information of a third party. While the respondent themselves may have consented to the publishing of their response through their participation in the survey, any third party discussed in a free text field may not have provided agreement to their information being published; in fact, they may not even be aware of this until after the publishing has already taken place.
Two common methods of distributing a survey are to:
Whether it is a breach of an agency’s privacy obligations to use existing contact information hinges on the purpose for which it collected this information in the first place—the primary purpose. Sometimes a ‘secondary purpose’ is actually part of the primary purpose. For example, conducting a trial of a product would entail collecting feedback on the product; the feedback is an integral part of the conduct of the trial and so it is part of the purpose as a whole.
Looking at the collection notice that was provided to the individual at the time of collecting their contact information can assist in determining whether the purpose of the survey is part of the primary purpose or a secondary use.
However, if the secondary purpose is distinct from the primary purpose—where it is a case of 'we got this data for this purpose but how good would it be to use it for something more than this'—then there is a secondary use and the agency will need to rely on one of the permitted exceptions to use personal information for a secondary purpose.
Two possible exceptions may be applicable to this circumstance.
The first exception6 is that the individual the subject of the personal information has expressly or impliedly agreed to the use of the information for the secondary purpose. The agency could send an email to customers asking them if they would consent to the agency using their email addresses to contact them about the potential secondary purpose, however this is in itself a secondary use.
Implied consent arises where consent may be reasonably inferred from the facts and circumstances of a particular situation. Reliance on implied consent always involves an element of risk. In general, there is a stronger presumption for implied consent where the individual concerned receives a clear benefit from the process and accordingly would not challenge the process that provided that benefit.
Here, the benefit is that the customer is given the opportunity to exercise a choice about the potential use of their email address for a service improvement exercise. However, implied consent is generally not reliable when dealing with a group of individuals, as the ‘law of averages’ would suggest that there will inevitably be some individuals who would not consent to the agency using their email address to contact them about the potential secondary use.
If an individual is contacted for the purpose of seeking their consent for participation in a survey and they decline to give their consent—the agency should respect this and no longer contact the individual for this purpose.
The second exception7 is that the other purpose is directly related to the purpose for which the information was obtained8. There must be a close association between the purpose for which the personal information was obtained and the purpose of the secondary use9. Looking at why the agency choose these particular individuals to receive the survey will assist in determining if the secondary purpose was closely associated with the primary purpose.
If an agency provides a service to an individual and it obtains and uses a contact email to deliver that service, it would be a ‘directly related secondary use’ to later contact the individual to obtain feedback on the service.
The IP Act recognises that personal information can be particularly vulnerable when it passes outside of its jurisdiction. Section 33 of the IP Act states that an agency cannot transfer personal information outside Australia unless certain conditions are met.
Many of the popular online survey tools, such as SurveyMonkey and Google Forms, are provided by companies that are located overseas and/or use servers located outside Australia to store survey responses.
Also, if the agency intends to publish respondents’ survey responses online, for example, on a website or social media site, any personal information in the survey responses will potentially be accessible from outside Australia.
Section 33 sets out four circumstances in which an agency may transfer personal information out of Australia. The circumstances that are most likely applicable to conducting a survey are:
If a survey is voluntary, an agency can obtain the individual's agreement by making them aware of the potential for overseas transfer in the collection notice provided on commencement of the survey.
We are conducting this survey using SurveyMonkey, which means that the information collected in this survey will be transferred outside Australia and stored securely on SurveyMonkey's servers. By volunteering to complete this survey you agree to this transfer. You can find out more about how SurveyMonkey handles your personal information here12.
Agencies may not wish to impose conditions that could discourage respondents from participating in the survey. Designing a survey that does not collect personal information is a common method. Alternate options can include allowing respondents to provide feedback via email or telephone, or providing a downloadable version of the survey; this will enable individuals to exercise choice about how their personal information is handled.
The twin operation of sub-sections 33(d)(i) and (iv) requires that personal information transferred overseas enjoys the same privacy protections as the information would have in Queensland. These protections include: collection and use of relevant personal information, security of storage and limits on secondary use and disclosure of personal information.
These protections are invariably set out in the terms of the contract for services. Determining an ‘equivalent privacy regime’ can be tricky. For highly particularised contracts that provide focussed cloud services, it is easier to demonstrate protection of the information. For ‘free’ and more generic services, their terms and conditions are usually geared around their commercial interests and may be set up to not limit the use of users’ personal information.
Before using an online survey tool, an agency should take reasonable steps to satisfy itself that the company which offers the tool will handle personal information appropriately.
Terms and conditions are not always easy to read as they can be long-winded, technically complex, and/or overly legalistic. However, if you know what to look for, you can easily get the information you are interested in. Here are a few pointers:
Current as at: July 19, 2018