Download the PDF

PREFACE

The Insights Association is the U.S. association representing companies, corporate research and data analytics departments, and individuals working in the marketing, opinion and social research and data analytics industry and profession. The Insights Association was founded in 2017 with the merger of CASRO, a trade association formed in 1975, and MRA, a professional society founded in 1957. The Insights Association, established to foster and promote the interests of the U.S. industry and profession, serves organizations and their research-related employees including data scientists, as well as individual research professionals not affiliated with member organizations. The Association’s members may include research companies and their employees, corporate research departments and their employees, data scientists generating data analytics, organizations and individuals supporting research activities, universities, educators and students, as well as others.

The Insights Association’s mission is to provide the environment and leadership that will advance the integrity, quality, and best interests of the U.S. industry and profession. The Association supports standards, guidelines, education and information resources, and self-regulation in research process, practice, and performance.

The Insights Association also works closely with other national and international associations to support and improve the integrity and quality of marketing research and data analytics across geographic and cultural borders.

The Insights Association Code of Standards and Ethics (the “Code”) is based on the codes of both CASRO and MRA. The Code also draws on the ICC/ESOMAR Code and the codes of other national research associations, embracing and affirming principles common to them.

This Code presents the fundamental, overarching principles of ethics and professionalism for the industry. Its purpose is to promote the importance and value of the work undertaken by Insights Association members and promote the interests of the industry and profession to the constituencies that they serve. Further, the Code seeks to establish a platform for self-regulation, building on the successful efforts of CASRO and MRA, to foster confidence in the industry and profession and ensure its continued success.

The Code is supplemented by guidelines that assist practitioners and companies with its application.

The inclusion of data analytics in the Code recognizes changes in the industry and profession and the proliferation of data that has resulted in a changing role for members and the services they provide. The Code recognizes the global nature of the industry and profession and the requirement to comply with all applicable state, national and international laws and regulations.

In the event of a conflict between this Code and applicable law, applicable law shall govern. This Code is to be interpreted in conjunction with other relevant guidelines and principles. These and other supplemental documents are referenced at the end of this document.

The Code has been organized into sections describing the responsibilities of members. The Code is not intended to be, nor is it, an immutable document. Circumstances may arise that are not covered or that may call for modification. The Code, therefore, seeks to be responsive to the changes in marketing research and data analytics. The Standards Committee and Board of Directors of the Insights Association will evaluate these changes and, if appropriate, revise the Code.

Adherence to the Code is required by all members of the Insights Association. The Insights Association requires its members to review and attest to this Code as part of their membership application and annual membership renewal. In so doing, members grant the Insights Association the authority to enforce the Code and will cooperate with the Association’s enforcement efforts. Information regarding enforcement may be found in the Enforcement section at the end of this document. The Association’s Standards Committee is available to address any complaints and alleged breaches of the Code.

Throughout this document, the word “must” is used to identify mandatory requirements, a principle or practice that researchers are obliged to follow. The word “should” indicates a recommended practice.

For the purposes of the Code, the following terms have these specific meanings:

Children – Individuals for whom consent to participate in research must be obtained from a parent or legal guardian. Definitions of the age of a child vary substantially and are set by national laws and self-regulatory codes. In the U.S., a child is defined as being age 12 and under. In the absence of a national definition, a child is defined as being age 12 and under and a “young person” as age 13 to 17.

Client – Any individual, organization, department or division, internal or external that requests, commissions or subscribes to all or any part of a research project.

Consent – Voluntary and informed agreement by a person for participation in research and/or the collection and processing of their personally identifiable information or "PII." This consent is based upon the data subject having been provided with clear information about the nature and purpose of the data being collected or used, with whom it will be shared and how it will be used. Depending on applicable law and regulation, particularly with consent for children or other vulnerable individuals, such consent may need to be verifiable.

Corporate researcher – An individual or department in a company or organization that commissions or carries out research or acts as a consultant on research that is for internal use by that company or organization.

Data analytics – The process of examining data sets to uncover hidden patterns, unknown correlations, trends, preferences and other useful information for research purposes. Data analytics also includes data integration, which is the process of integrating data from different sources.

Data subject – Anyone from whom data, which may include PII, are collected or used for research purposes. In cases where the data subject actively engages in research, a data subject may also be referred to as a research participant.

Non-research activity – Taking direct action toward an individual whose data, which may include PII, was collected or analyzed with the intent to change the attitudes, opinions or actions of that individual. Non-research activities include but are not limited to advertising, direct marketing and automated decision-making.

Passive data collection – The collection of data by observing, measuring, or recording a data subject’s actions or behavior.

Personally identifiable information or PII (referred to as personal data in the EU and other jurisdictions) – Information that can be used to distinguish or trace the identity of an individual, either alone or when combined with other personal or identifying information. PII can include information such as name, social security number, date and place of birth, mother‘s maiden name, biometric records, photographs, sound or video recording, and other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.

Privacy policy (sometimes referred to as privacy notice) – A published summary of an organization’s privacy practices describing the ways an organization gathers, uses, discloses and manages data subject's PII.

Primary data – Data collected from or about a data subject for the purpose of research.

Research – All forms of marketing, opinion and social research and data analytics used in the systematic gathering and interpretation of information about individuals and organizations. It uses the statistical and analytical methods and techniques of the applied social, behavioral and data sciences to generate insights and support decision-making by providers of goods and services, governments, non-profit organizations and the general public.

Researcher – Any individual or organization carrying out or acting as a consultant on research, including those working in client or corporate research departments as well as any subcontractors used.

Secondary data – Data collected for another purpose and subsequently used in research.

Sensitive data – Specific types of PII that local laws require be protected from unauthorized access to safeguard the privacy or security of an individual or organization to the highest possible standards. The definitions of sensitive data vary by jurisdiction. In the U.S., sensitive data includes health data and financial data. In other jurisdictions, like the EU, sensitive includes racial or ethnic origin, health records, sexual orientation or sexual habits, criminal records, political opinions, trade association membership, religious or philosophical beliefs, location, financial information, and illegal behaviors such as regulated drugs or alcohol.

Subcontractor – A service provider executing any element of a research or data analytics project on behalf of another entity.

Vulnerable individuals (may also be referred to as vulnerable people or populations) – Individuals who may have limited capacity to make voluntary and informed decisions.

The Code is based on the following principles:

1. Respect the data subjects and their rights as specified by law or by this code.
2. Be transparent about the collection of PII, only collect PII with consent and ensure the confidentiality and security of PII.
3. Act with high standards of integrity, professionalism and transparency in all relationships and practices.
4. Comply with all applicable laws and regulations.

Section 1: Duty of Care

Researchers must:

1. Be honest, transparent, and straightforward in all interactions.
2. Respect the rights and well-being of data subjects and make all reasonable efforts to ensure that data subjects are not harmed, disadvantaged or harassed as a result of their participation in research.
3. Always distinguish between research and non-research activities so as to maintain public confidence in the integrity of research.
4. When engaging in non-research activities (for example, promotional or commercial activities directed at data subjects, including but not limited to advertising and direct marketing), do not permit any direct action to be taken against an individual based on his or her participation in research.

Section 2: Primary Data Collection

Transparency, Notice and Choice

Researchers must:

1. Promptly identify themselves to data subjects so that the participants can easily verify researcher identity and credentials.
2. Clearly state the general purpose of the research as soon as methodologically possible.
3. Ensure that participation is voluntary and based on accurate information about the general purpose and nature of the research.
4. Respect the right of data subjects to refuse requests to participate in research.
5. Respect the right of those already engaged in research to terminate their participation or refuse requests for additional or other forms of research participation.
6. Upon request, permit data subjects to access, correct or update any PII held about them.

Consent

Researchers must:

1. Obtain the data subject’s consent for research participation and the collection of PII or ensure that consent was properly obtained by the owner of the data or sample source.
2. Inform data subjects if there are any activities that will involve re-contact. In such situations, the researcher must obtain the data subject’s consent to share PII for re-contacting purposes. Re-contacting data subjects for quality control purposes does not require prior notification.
3. Allow data subjects to withdraw their consent at any time.
4. Obtain consent from the data subject prior to using his/her data in a manner that is materially different from what data subject has agreed.

Section 3: Passive Data Collection

Whenever possible, passive data collection must be based on the consent of the data subject. In such situations, researchers must provide clear and simple methods for data subjects to grant and retract their consent.

Where it is not possible to obtain consent, researchers must have legally permissible grounds to collect the data and must remove or obscure any identifying characteristics as soon as operationally possible.

Section 4: Use of Secondary Data

When using secondary data for research that includes PII, researchers must:

1. Ensure that the use is not incompatible with the purpose for which the data was originally collected.
2. Ensure that the data was not collected in violation of restrictions imposed by laws or regulations, through deception, or in ways that were not apparent to or reasonably understood or anticipated by the data subject.
3. Ensure that the intended use is compatible with the consent obtained when the data was collected.
4. Honor all data subject requests that their data not be used.
5. Ensure that use of the data will not result in any harm to data subjects.

Section 5: Data Protection and Privacy

Researchers must:

1. Have a privacy policy that is easily available (including being publicly available if appropriate) and clearly states their data protection and privacy obligations and practices.
2. Only share a data subject’s PII with any third-party[1]:
   
   1. With that data subject’s consent; or
   2. In limited situations that are in the interest of the data subject or the public. Such limited situations include, but are not limited to: adverse event reporting, health and safety, and situations pursuant to required legal process.
3. Ensure that all PII collected, received or processed by the researcher or any subcontractor or other service provider is secured and protected against loss, unauthorized access, use, modification, destruction or disclosure by the implementation of information security measures required by applicable laws and regulations.
4. Limit data collection to what is necessary for the specific research purposes.
5. When collecting PII for research that may also be used for non-research activities, inform data subjects of any non-research use prior to data collection and obtain their consent for any non-research activity.
6. Comply with all applicable international, national, state and local laws and regulations, and local codes of conduct with respect to PII and the local variations in the definition and requirements for sensitive data.

Section 6: Children and Vulnerable Individuals

Researchers must take special care when conducting research with children and other vulnerable individuals. When conducting a research project with such individuals, researchers must:

1. Obtain verifiable consent from a parent or legal guardian for children or other vulnerable individuals when required.
2. Take special care when considering whether to involve children and young people (minors) in research. The questions asked must take into account their age and level of maturity.
3. When working with other vulnerable individuals, researchers must ensure that such individuals are capable of making informed decisions and are not unduly pressured to cooperate in research.

Section 7: Honesty and Transparency

Researchers must:

1. Be honest and transparent in all interactions.
2. Accurately represent their qualifications, skills, experience and resources.
3. Upon request, inform the client if any part of the work is subcontracted.
4. Inform all clients when a project is conducted on behalf of more than one client.
5. Not use any data collected solely for a specific client for any other purpose without permission.
6. Retain all data and research materials in compliance with applicable laws and regulations, industry quality standards, company processes or as requested by a specific client.  
7. Work in good faith to resolve all disputes with clients.

Section 8: Research Quality

Researchers must:

1. Assist the client in designing effective research and clearly communicate any issues or limitations that may be associated with a chosen research design.
2. Perform all work in accordance with the specifications detailed in the research proposal or statement of work.
3. Perform all work in accordance with accepted methodological practices and principles. When new and emerging methodological practices are used, researchers must ensure that the underlying principles are methodologically sound.
4. Ensure that findings and interpretation are adequately supported by data and provide such supporting data to the client upon request.
5. Provide the technical information required to permit the client to verify that work meets contract specifications, while protecting PII (refer to Section 2: Primary Data Collection, Consent, #2 for more information).
6. Provide sufficient information to permit independent assessment of the quality of data presented and the validity of conclusions drawn.

Section 9: Corporate Researchers

Corporate researchers play multiple roles in the industry and profession. Depending on the specific situation, they may be clients, researchers, or both. Corporate researchers must always comply with all applicable requirements of this Code.

Section 10: Subcontracting

Researchers and subcontractors must:

1. Ensure that subcontractors are provided the appropriate level of information so that the researcher and the subcontractor can make an informed decision as to the subcontractor’s suitability for participation.
2. Ensure that the parties do not have any conflicts of interest.
3. Ensure that the parties maintain the confidentiality and security of confidential and proprietary information, including PII, which was provided by either party.
4. Not use the confidential and proprietary information of either party, including PII, illegally or contrary to the agreement under which confidential or proprietary information was obtained.
5. Document all work and confidentiality requirements with written agreements that protect the interests of clients, researchers and subcontractors.

Section 11: Research for Public Release

Researchers must:

1. Always obtain clear approval from clients to release findings publicly.
2. Ensure that the findings they release are an accurate portrayal of the research data, and that careful checks on the accuracy of all data presented are performed.
3. Provide the basic information, including technical details, to permit independent assessment of the quality and validity of the data presented and the conclusions drawn, unless prohibited by legitimate proprietary or contractual restrictions.
4. Make best efforts to ensure that they are consulted as to the form and content of publication when the client plans to publish the findings of a research project. Both the client and the researcher have a responsibility to ensure that published results are not misleading.
5. Not permit their name or that of their organization to be associated with the publishing of conclusions from a research project unless those conclusions are adequately supported by the data.
6. Promptly take appropriate actions to correct information if any public release is found to be incorrect.

Section 12: Legal Requirements

Members must:

1. Comply with all applicable international, national, state and local laws and regulations, and local codes of conduct.
2. Not engage in any acts of bribery or induce any party to engage in illegal behavior.

Section 13: Professional Responsibility

Members must:

1. Comply with this Code.
2. Act with high standards of integrity, professionalism and transparency in all relationships and practices.
3. Engage in competitive practices that are reasonable in view of the interests of those competing and the public and do not include practices condemned by law as hostile to the public interest.

Enforcement of the Code is the responsibility of the Insights Association Standards Committee. Investigations into a Code violation may come as a result of a complaint that is filed or for any other reason deemed appropriate by the Insights Association. Investigations will include direct contact with the member involved in a Code violation complaint.

Investigations that find a failure to abide by this Code may result in sanctions ranging from the issuance of a private written warning to public expulsion from the Insights Association.

This Code will be reviewed annually by the Insights Association Standards Committee.

To file a complaint against a Member, please contact the Insights Association at enforcement@insightsassociation.org or (202) 800-2545.

The following provide supplemental guidance for specific research applications: 

• Joint guidelines published by ESOMAR and GRBN[2]:
  • The ESOMAR/GRBN Online Research Guideline
  • The ESOMAR/GRBN Guideline on Online Sample Quality
  • The ESOMAR/GRBN Guideline on Duty of Care (In development)
  • The ESOMAR/GRBN Mobile Research Guideline (To be released shortly)
  • The ESOMAR/GRBN Social Media Research Guideline (In development)
  • The ESOMAR/GRBN Guideline on Children, Young People, and Vulnerable Individuals (in development)
• EphMRA Code and Guidelines
• PMRG Code and Guidelines
• ISO 20252, Market, opinion and social research
• ISO 26362, Access panels in market, opinion and social research
• ISO 27001, Information technology — Security techniques — Information security management systems — Requirements