Call our confidential query service for advice on the MRS Code of Conduct , Regulations and Guidelines. Codeline provides swift, reliable and free advice.

When you contact Codeline, you’ll get the very best information and advice on the MRS Code of Conduct.

The MRS Standards Team are experts on the MRS Code of Conduct and related UK legislation such as the Data Protection Act 1998. We’re here to help you understand, interpret and, most importantly, keep within the rules.

Codeline offers support and advice on the MRS Code of Conduct, Regulations and Guidelines. Data protection guidance is provided as general information for research practitioners. It is not legal advice and cannot be relied upon as such. Specific legal advice should be taken in relation to any specific legal problems or matters.

Contact the Standards Team via email codeline@mrs.org.uk

Nearly all banks in the UK subscribe to the Banking Code and the Business Banking Code. These Codes set down how banks will treat their customers, respond to complaints and also the purposes for which customer data will be used. Of particular relevance to this discussion is rule 11.1, common to both Codes:

11.1 We will treat all your personal information as private and confidential (even when you are no longer a customer).We will not reveal your name and address or details about your accounts to anyone, including other companies in our group, other than in the following four exceptional cases when we are allowed to do this by law.

  • If we have to give the information by law.
  • If there is a duty to the public to reveal the information.
  • If our interests mean we must give the information (for example, to prevent fraud). However, we will not use this as a reason for giving information about you or your accounts (including your name and address) to anyone else, including other companies in our group for marketing purposes.
  • If you ask us to reveal the information, or if we have your permission.

This means that as banks that adhere to this Code have made a commitment to their customers not to pass their data to anyone else for any other purpose. Bank records are therefore different from other client databases commonly used for research.

MRS is aware that some banks enter into quite complex legal arrangements to internalise the research process, so that customer data is not transferred outside of the bank.

When establishing a relationship with a customer most banks do not obtain the necessary consent from their customers to enable them to provide a research organisation with details of their customers. When intending to conduct a market research project some banks will ask a customer for their permission for a research organisation to make contact. In this case any data collected by the research organisation is confidential as between the customer and the research organisation unless specific consent is obtained to pass information back to the bank.

Where permission has not been obtained from customers, a bank will often employ a research organisation as its “agents” to make contact with customers. In this case all data belongs to the bank and cannot be removed or controlled by the research organisation.

Care must always be taken with regard to data gathered as to who owns it and controls it and the customer must always be clear as to who is controlling the data.

Providing the names of companies contacted, but not respondents within the companies, is permitted for validation purposes as long as the respondent is neither directly nor indirectly identified. This will depend on the job title of the respondent, eg if all respondents were managing directors then the name of the company could not be revealed as to do so would indirectly identify the respondent.

In some circumstances, respondents may be sensitive to the name of their company being revealed, particularly if their responses may cast their company in a negative light. It should be explained to respondents that the company name may be revealed and the valid purpose for this.

Under the Data Protection Act 1998 the definition of 'individuals' includes sole traders and partnerships in England and Wales, and sole traders in Scotland. Therefore all the rights available to individuals will be available to business organisations of this type. In addition most business data collected during a survey will include personal opinions from the respondents and as such will be defined as personal data (irrespective of the type of organisation). A simple test is whether, if the job holder changes, the data (other than the individual's name) will change in any way. If it does the Data Protection Act 1998 is likely to apply. This would also apply to databases/sampling frames that contain details of individuals.

The client does have a right to anonymity but this must be waived a) if the client has provided the database from which the respondent's name was drawn, and b) if the client is a present or potential competitor of the respondent. In this case the agency's reported vagueness in response to the caller's questions as to whether the client had requested anonymity and whether respondents were or could be competitors of the client is surprising, as these two matters should reasonably have been well known to an agency before any potential respondents were first approached.

Online surveys still require permission to be sought to continue with a survey. This can be obtained by inserting an age screener before moving on to the questionnaire section. If a respondent is underage then you can ask them for parental contact details to call to ask for permission to continue. An identification code number can then be given to the parent for the child to enter on the screen in order to continue. This should not be done via email as personal identification is impossible.

You must always get parental permission to interview a child. However, there are certain circumstances when permission may cause potential harm to the child due to the sensitivity of the research topic. A consent waiver may be obtained but only with explicit prior approval from the MRS Market Research Standards Board.

See:MRS Code of Conduct: Rule B27 and comment

Market research is not above the law. The advice given in these circumstances is to discuss the matter with a supervisor (to ensure no misunderstandings) and if there is evidence, to report the matter to the relevant authorities.

Yes there are. The European Telecoms Standards Institute (ETSI) has produced some guidelines for the design of ICT products for children. There are a number of issues which have been raised by this body including the fact that pre-teens’ needs are not the same as teenagers, Anne Clarke the ETSI project co-ordinator commented that “we cannot allow young children unsupervised access to telecommunications products and services which are designed primarily for responsible adults” mainly because children under 12 do not have the manual, physical, emotional or psychological skills of adults or older teenagers.

The MRS Code of Conduct defines children as those under 16. Consent of a parent, guardian or a responsible adult who is acting in the place of a parent is required before an interview is conducted. For sensitive research, where requesting consent would likely inhibit the answers given by the child, consent may be waived only with the prior approval of the MRS Market Research Standards Board.

MRS guidance is that incentives should be appropriate to the age group. In the case of vouchers, retailers are responsible for ensuring they do not sell products which are illegal for the age of the buyer. Parents should be informed of the nature and value of the voucher. By doing this, the onus is placed on the parent to indicate whether he/she objects to the incentive being given.

Research carried out on behalf of manufacturers of products which are illegal for the age group involved in the research would not be permitted under the MRS Code of Conduct. The only exception is when research needs to be conducted to ensure products are not manufactured or marketed in such a way that encourages under age use or consumption. In this case, research may only be conducted with children with the explicit and prior approval of the MRS Market Research Standards Board.

Schools present a unique challenge in that they are highly structured environments but also places where children are perhaps free of constraint placed on them by their parents. The school itself has responsibilities to the wide range of parties, including, the DfES, local authorities, board of governors, teachers, parents and the children themselves. Researcher should be aware that depending on an individual school’s policy extensive consents may be required before research can be conducted.

This is a matter for the school to decide. The MRS Code of Conduct states that interviews with persons aged under 16 require the consent of a parent or a responsible adult acting in loco parentis. Researchers should consult with the school, or if necessary the Board of Governors and Parent Teacher Association, as to whether the position of the Headmaster or class teacher is one where they have a personal responsibility for the well being of the children to be interviewed.

Parents or responsible adults give consent for research to take place but informed consent as to participation rests with the child respondent. A respondent’s participation in research must be voluntary at all times, even if it takes place in a school where participation in other activities is mandatory. Participation must be presented as optional and provision should be made for those children who choose not to participate.

One particular point of consideration is how the subject or methodology of the research fits with what the children learn at school. Conflicts may arise in relation to the Personal Social and Health Education (PSHE) curriculum which for younger children touches on talking to strangers and the keeping of confidences. Again, this can be discussed at the original point of consent by the school.

The Compensation Act 2006 provides the statutory framework for the regulation of claims management activities. The legislation applies to claims made for compensation in relation to personal injury, criminal injuries compensation, industrial injuries disablement benefit, employment matters, housing disrepair and financial products and services (including refund of bank charges).

Almost any activity in relation to claims, from simply referring claims through to representing clients, is covered.

Authorisation for the following activities, amongst other things, is now required:

(a) advertising for, or otherwise seeking out (for example, by canvassing or direct marketing), persons who may have a cause of action;

(b) referring details of a claim or claimant, or a cause of action or potential claimant, to another person.

It is possible that clients such as solicitors firms may buy space on omnibus or financial research projects to collect this information or may engage fieldwork agencies to build a database of potential claimants. Depending on the contractual relationship, either the agency or their client must have prior authorisation from the regulator, or be exempt from the Act.

Additionally, cold calling in person for such purposes is prohibited. Any other cold calling (by telephone, email, fax or text) must be in accordance with the Direct Marketing Association’s Direct Marketing Code of Practice. Any face to face contact initiated by the claims management businesses is cold calling in person. This includes knocking on doors and approaching people in the street or shopping centres, including what the regulator refers to as “clipboarding”. It is permissible to have a booth or stand in a shopping centre or exhibition as long as the people manning it do not attempt to make the first contact.

The website www.claimsregulation.gov.uk provides the full text of all the legislation, guidance notes, and details of the authorisation process.

It depends on the respondent's address. If they live in a rural area where there may be only a few homes in the area you could only give the first set of characters of the postcode. This is because these reference the area, anything more provides information on the particular sector where the home is situated and it is possible in rural areas for there to be only one home in a sector, and thus a respondent may be identified. If the home is situated in a town or city then it would be possible to provide the first set of characters plus one from the second set of characters. A detailed description of the postcode breakdown can be found in the document Postcode Format (9KB).

Video-clips from group discussions can be shown to clients as long as written permission for such clearly specified uses has been given by each respondent in the groups before the video recording begins. If they were to be used later on the client's internal network/intranet then permission for that would have to be sought as well, but this permission must be sought prior to or at the time of interview and not post the event unless you have permission to re-contact the respondent to gain additional consent. The agency should at the same time obtain written assurance from the client that the use of such video-clips would be limited to the uses specified to respondents.

As you would be collecting personal data without the consent of the respondent you would be in breach of the Data Protection Act 1998 as you would be using the data for purposes that the respondent is not aware of, hence in breach of the 1st data protection principle regarding fair processing. Data must only be used for the purposes stated at the time of the recruitment and research.

If the study was positioned as market research and not 'market research with a training element' then it would not be possible to fulfil the client's request. This is an example of a mixed purpose project (for more information on a mixed purpose project please see the Data Protection Guidelines). These can be carried out by researchers, however during such projects no reference can be made to the MRS IID cards or the Freephone service as to do so would confuse the respondents and lead to associating market research with other activities. Respondent's permission must be sought before any personal details are passed on to a third party and the purposes for which the data will be used must be consistent with the consent gained from the respondent.

The client needs to ensure that their notification (registration) with the Information Commissioner concerning the use of the data covers market research purposes. If this is not the case then the notification will need to be amended. If the client's notification includes market research, then there should be no problem. The notification register can be checked on the Information Commissioner's website at www.informationcommissioner.gov.uk.

See: The Data Protection Act 1998 and Market Research: Guidance for MRS Members: 4.1.

Updating a customer database is an important activity for any data controller to do on a regular basis but this is not market research. In any case, the client should be updating all of their database and not just the small proportion of those sampled as research respondents. If the client wishes to continue with this approach the project must be positioned as a mixed purpose exercise i.e. market research and database building, making it clear to the respondents how the data is to be used.

See: MRS Code of Conduct: Rule B48 and separate regulations Using Research Techniques for Non-research Purposes

Agency B will need to contact each person on Agency A's panel and ask their permission to use their data as part of the access panel. Only those who give their consent can be used. Non-response cannot be treated as implied consent.

The client may only wish to say thank you but whatever the purpose, the client cannot have respondent details without the respondents' consent.

Providing the names of companies contacted, but not respondents within the companies, is permitted for validation purposes as long as the respondent is neither directly nor indirectly identified. This will depend on the job title of the respondent, e.g. if all respondents were managing directors then the name of the company could not be identified as to do so would indirectly identify the respondent.

See: Draft Business to Business Guidelines: section 2

If cardholders have given this permission then there is no problem in using the details for market research purpose, as long as this is a notified use of the database. Opt out/in conditions do not have to legally include market research, so you will only need to check these if the client who runs the loyalty card scheme has decided to include market research in the conditions.

See: The Data Protection Act 1998 and Market Research: Guidance for MRS Members: categories section.

In view of the difficulty of obtaining a statistically valid sample and the eventual desire to build a database, this should be positioned from the start as a marketing rather than market research exercise - giving interesting but not necessarily representative results.

See: MRS Code of Conduct: Rule B48 and separate regulations Using Research Techniques for Non-research Purposes

Under the Data Protection Act 1998 the definition of 'individuals' includes sole traders and partnerships in England and Wales, and sole traders in Scotland. Therefore all the rights available to individuals will be available to business organisations of this type. In addition most business data collected during a survey will include personal opinions from the respondents and as such will be defined as personal data (irrespective of the type of organisation). A simple test is whether, if the job holder changes, the data (other than the individual's name) will change in any way. If it does the Data Protection Act 1998 is likely to apply. This would also apply to databases/sampling frames that contain details of individuals. Employee data is covered by the Data Protection Act 1998. See: Draft Business to Business Guidelines: introduction.

This would be unacceptable under the MRS Code of Conduct. The whole project would need to be undertaken as a mixed purpose project and not positioned as 'classic' market research. Respondents would also need to have consented to this additional purpose and have the opportunity to opt-out.

See: MRS Code of Conduct: Rule B48 and separate regulations Using Research Techniques for Non-research Purposes

If the information is passed back (eg to an in-house market research department) for use solely for research purposes, then this would be acceptable with the consent of the respondent. However, if used for non-research purposes, then this would be unacceptable if positioned as a market research project. It would be acceptable if the data were provided in a form that did not enable individuals to be identified - eg by out-bound postcode level (ie the average of fifteen households in the out bound section of the postcode, the 9RY in the following example - RG18 9RY). The data can only be used for the purposes for which it was collected and for which respondents have consented.

See: The Data Protection Act 1998 and Market Research: Guidance for MRS Members: categories section.
See: a detailed description of the postcode breakdown can be found in the document Postcode Format (PDF 9KB).

Whilst database cleaning is not compatible with 'classic' market research, the agency may provide certain amendments to the data controller for the database extract (the client) - limited to feedback on instances where the named person was either no longer living at the address given but not where they have moved to or had died. The Data Controller ie the client has an obligation under the 1998 Act to keep their database up to date. If the agency finds lots of incorrect records they should advise the client to conduct a separate data cleansing exercise.

See: The Data Protection Act 1998 and Market Research: Guidance for MRS Members: categories section.

This request can only be met under 'classic' research rules in cases where the respondent himself has consented to the information about a service experience being passed back to the client specifically for the purpose of enabling the case to be investigated, and this feedback must be separated from the data collected in the survey.


All you can do is notify to the client instances where the customer was no longer at an address or had died. The best course of action is to discuss the general issues with the client as in their capacity as data controller of the database they are probably breaching the fourth principle of the 1998 Act (keeping personal data accurate and up to date).

See: The Data Protection Act 1998 and Market Research: Guidance for MRS Members: categories section.

Information about incorrect addresses and deaths can be passed back but the correct addresses can only be supplied with the express permission of the respondent. In future it may be worthwhile for social researchers to include in their contracts a clause to the effect that they will not pass back any information on individuals or the lists. Equally the 4th principle of the Data Protection Act 1998 stipulates that personal data should be accurate and up to date. Therefore if a large number of inaccuracies are found the client should conduct a data cleansing exercise.


Assuming that the credit agency has the informed consent of the individuals on their database for their data to be used in this way, this can be done by entering a written data processing agreement. Under the agreement the researcher would be the data controller and the credit agency the data processor. The researcher could then instruct the credit agency to append to individual respondent research data, information held by the credit agency. Note that there is no transfer of data to a third party in this situation (a data processor is not a third party) so the researcher does not have to obtain the informed consent of respondents to enhance the data in this way.

Data can only be processed in this way in accordance with the rights of data subjects as defined by the Data Protection Act 1998 and the research rules defined in the MRS Code of Conduct. In a research context one of the rights is the right to remain anonymous. In such case a client could not be designated as a data processor as this would breach this right. Additionally, clients may be unable to transfer their data to a researcher due to specific commitments made to their customers (as in the Banking Code, for example).

However, it may be possible for both parties (researcher and client) to instruct a single data processor to match the two data sets and produce an aggregated model to be provided to both data controllers, which would not contain any information about identifiable respondents or customers as the case may be. Alternatively the researcher could match the data and provide the aggregated model.

The Data Protection Act was written to be technology-neutral so it does not contain specific requirements for data security. What it does say however is that appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. What is appropriate will depend on the sensitivity of the data and the risk of harm to individuals should the data be lost, damaged or otherwise mishandled.

Data Security will not be the same in any two organisation but measures can be categorised in to four broad categories: organisational security, staff, physical security and computer security.

Organisational security relates to the implementation of an overall security policy with adequate resources and support. Staff issues cover recruitment training and supervision. Physical security will include access to offices, shredding of documents and the use of locking cabinets of files and laptops.

Finally, computer security is the most rapidly changing of these areas. A state of the art solution is not required but organisations must take into account technological development when they decide on security measures. Issues will include the use of adequately strong passwords, the encryption of mobile devices and the secure deletion and destruction of information stored on computers.

Organisations can continue to use the old statutory procedure if they wish. The aim of the new legislation however is to place less emphasis on the mechanics of how to manage disciplinary issues, grievances and dismissals and to provide more flexibility to resolve problems at an early stage and in a way that suits the employer best. The previous heavy penalties for not following the procedure have been removed.

Under the new system employers and employees will have to demonstrate a reasonable standard of behaviour in the resolution of disputes. Principles for that standard are set out in new ACAS Code of Practice:

  • Establish the facts of each case
  • Inform the employee of the problem
  • Hold a meeting with the employee to discuss the problem
  • Allow the employee to be accompanied at the meeting
  • Decide on appropriate action
  • Provide employees with an opportunity to appeal

Failure to follow the Code will not, in itself, render employers liable to proceedings or a finding of automatic unfair dismissal. However, Employment Tribunals will take it into account when considering relevant cases and will be able to adjust awards by up to 25% for unreasonable failure to comply with any provision of the Code.

The right to disciplinary and grievance procedures is a right accorded to employees rather than workers. However, under the MRS Quality Commitment, Company Partners are required to ensure that their field department has a dispute resolution and/or disciplinary procedure in place.

Employers should consider applying to the principles of the ACAS Code to their dealings with workers to ensure that disputes are resolved fairly and effectively and to avoid practices which could lead to claims of discrimination or victimisation.

Employee research has all the problems of conducting research in a small universe. Sample sizes in specialised areas may be very small to the point where employees themselves could be identified. If there is a reasonable risk of an employee being identified, due to the sample size of the population or sub-population being covered, the employee should be informed of this risk at the beginning of the interview and given the opportunity to withdraw.

Where confidentiality has been promised, the researcher must take special precautions. All information provided to the client should be checked to ensure that respondents cannot be identified – this includes the selection of any verbatim comments from depths or groups that they may wish to use in a presentation or report.

It is not uncommon for employees to use research projects to raise problems they have in the workplace. Researchers should agree in advance with the client as to how employee complaints about internal company matters are to be handled. As a general rule, researchers should only pass back complaints at a very general level of detail, given that the complaints will have been made anonymously. Anonymous allegations made in the course of a research project should not be the sole grounds for disciplinary action against a named employee. Rather, they should be a starting point for an investigation by the employer, if it is warranted.

If management or staff attend an employee group discussion, they must be fully introduced to the group before it begins and respondents given a chance to withdraw.

See: MRS Code of Conduct: Rule B40

The Freedom of Information Act creates a right of access to official information and places a duty on public authorities to publish information.

A public authority includes central government departments and agencies, local government, state schools and universities, police, NHS and publicly owned companies.

Yes, including research data; although there are twenty-three exemptions from the general rights of access.

There are two types of exemptions: absolute and qualified exemptions. Absolute exemptions are where the right of access is wholly disapplied (eg information relating to security matters). Qualified exemptions are cases where the public authority has identified a possible exemption and must consider whether it is in the public interest to withhold such information. Examples of qualified exemptions included commercial interests which could possibly be applied to research information.

Public authorities have to conduct a public interest test to determine whether information should be released under the Act. Put simply, the public authority decides whether it serves the interest of the public better to withhold or disclose information as a result of a request for disclosure. In cases where exemptions are applied the public authority must be able to justify doing so.

Data protection legislation is relevant; both pieces of legislation are overseen by the same regulator, the Information Commissioner. Similarly there exists other legislation which makes it an offence to disclose some types of information eg census data is protected by the Census Act of 1920 and 1991 and data collected in statutory business surveys is protected by S9 of the Statistics of Trade Act 1947.

The Data Protection Act enables individuals to gain access about them; the Freedom of Information Act enables individuals to gain access to all information held by public authorities. It should be noted that personal data is an absolute exemption under the Freedom of Information Act and as such this legislation can not be used to gather personal data about other individuals.

Under the Health and Safety at Work Act 1974 (HSW Act) and the Management of Health & Safety at Work (MHSW) Regulations 1999, Employers have responsibilities for the health, safety and welfare at work of their employees and the health and safety of those affected by the work, e.g. visitors, such as contractors and self-employed people who employers may engage. These responsibilities cannot be transferred to people who work alone. It is the employer's duty to assess risks to lone workers and take steps to avoid or control risk where necessary. Employees and workers have responsibilities to take reasonable care of themselves and other people affected by their work and to co-operate with their employers in meeting their legal obligations.

According to the Health and Safety Executive, there are five steps to risk assessment:

  • Identify the hazards
  • Decide who might be harmed and how
  • Evaluate the risks and decide on precaution
  • Record your findings and implement them
  • Review your assessment and update if necessary

A hazard is anything that may cause harm, such as chemicals, electricity, working from ladders, an open drawer etc. The risk is the chance, high or low, that somebody could be harmed by these and other hazards, together with an indication of how serious the harm could be.

Hazards may vary from project to project but employers should consider the following list:

  • Increased exposure to risks of everyday life
  • Physical/verbal threat or abuse
  • Psychological trauma, as a result of actual or threatened violence, either verbal or physical
  • Being in a compromising situation, in which there might be accusations of improper behaviour
  • Manual handling & repetitive strain injuries from carrying and using lap top computers

Measures that could reduce or eliminate the risk of these hazards may include training, supervision and adequate instruction.

For further information on risk assessment, visit the Health and Safety Executive website www.hse.gov.uk

No. By offering own company incentives, the client is creating a sales opportunity from the research project because respondents are obliged to become customers to redeem their vouchers. Clients obtain a benefit from respondents’ participation in the research. They are not permitted to gain a secondary benefit by turning the respondents into captive customers.

Incentives should be appropriate to the age group. In the case of vouchers, retailers are responsible for ensuring they do not sell products which are illegal for the buyer’s age. Responsible adults should be informed of the nature and value of the voucher when they give consent. Then the onus is on them to indicate whether they object to the incentive.

You must take reasonable precautions to ensure that respondents are not adversely affected as a result of taking part in a project. If possible, you should contact the most recent set of respondents to find out how many have not yet redeemed their vouchers, allowing you to quantify the possible size of the problem. You should arrange with your client to provide replacement vouchers (from a different organisation) for those not redeemed. Your staff should be informed and given appropriate guidance on how to address complaints and issue a new voucher.

To meet your obligation under the MRS Code of Conduct you should take reasonable precautions to ensure that participants are not harmed or adversely affected. 
So if you want to introduce a charge or make changes to panellists incentives it is important that you give panellists:
 • reasonable notice in advance of any increases or changes to the charges or threshold levels required to redeem awards, in order to provide them with sufficient time to act 
• the option to cash out their points before any change is implemented if they have reached the existing threshold level 
• clear information explaining how the changes will affect their account balance

Updating a customer database is an important activity for any data controller to do on a regular basis but this is not market research. In any case, the client should be updating all of their database and not just the small proportion of those sampled as research respondents. If the client wishes to continue with this approach the project must be positioned as a mixed purpose exercise ie market research and database building, making it clear to the respondents how the data is to be used.

See: MRS Code of Conduct: Rule B48 and separate regulations Using Research Techniques for Non-research Purposes

In view of the difficulty of obtaining a statistically valid sample and the eventual desire to build a database, this should be positioned from the start as a marketing rather than market research exercise - giving interesting but not necessarily representative results.

See: MRS Code of Conduct: Rule B48 and separate regulations Using Research Techniques for Non-research Purposes

This would be unacceptable under the MRS Code of Conduct. The whole project would need to be undertaken as a mixed purpose project and not positioned as 'classic' market research. Respondents would also need to have consented to this additional purpose and have the opportunity to opt-out.

See: MRS Code of Conduct: Rule B48 and separate regulations Using Research Techniques for Non-research Purposes

Many participants may feel misled by the use of terms like as ‘survey’ and/or ‘questionnaire’ in a non-MR project as these words are traditionally associated with research. The advice from MRS to its members and Company Partners is to avoid such language in this context and use ‘providing opinions’ or ‘views and opinions’ instead.

If the information is passed back (eg to an in-house market research department) for use solely for research purposes, then this would be acceptable with the consent of the respondent. However, if used for non-research purposes, then this would be unacceptable if positioned as a market research project. It would be acceptable if the data were provided in a form that did not enable individuals to be identified - eg by out-bound postcode level (ie the average of fifteen households in the out bound section of the postcode, the 9RY in the following example - RG18 9RY). The data can only be used for the purposes for which it was collected and for which respondents have consented.

See: The Data Protection Act 1998 and Market Research: Guidance for MRS Members: categories section
See: a detailed description of the postcode breakdown can be found in the document Postcode Format (9KB)

See also Frequently asked questions: Telephone Preference Service

Where mystery shopping collects personal information about individuals, the mystery shopping event can only be recorded where the client has a direct relationship with those individuals, such where they are their employer or their regulator.

The reason for this is that personal data can only be collected with the informed consent of the individuals concerned. In order to obtain this consent, the individual must be informed in advance of the data collection, who will have access to the information collected, and the purposes for which it would be used.

Employees can be notified of mystery shopping exercises in employee contracts, staff handbooks, bespoke communications, circulars or newsletters. Details need not be given on when exactly the review will take place, exact details of aspects to be covered, or the types of mystery shoppers to be used. Employees must be informed at this time if any form of recording will be used.

Names of staff members or identities through visual or sound recordings etc can be revealed as long as appropriate communication as to this effect has been given. Clearance from unions or staff organisation representatives should be sought in such cases.

You must take reasonable steps to ensure that mystery shoppers are fully informed of the implications and protected from any adverse implications of conducting a mystery shopping exercise. For example, they must be made aware that their identity may be revealed to the organisation/individual being mystery shopped if they use personal cards to make purchases, loan arrangements etc. and that credit ratings may be affected. In online environments, mystery shoppers making multiple visits to a website should ensure that they delete any cookies before connecting to the website. This will reduce the likelihood of identification of the mystery shoppers.

Online surveys with children require parental permission to be sought in order to continue with a survey. This can be obtained by inserting an age screener before moving on to the questionnaire section. If a respondent is underage then you can ask them for parental contact details to call to ask for permission to continue. An identification code number can then be given to the parent for the child to enter on the screen in order to continue. This should not be done via email as personal identification is impossible.

See: MRS Code of Conduct: Rule B31

The collection of personal data from social networks such as Facebook or MySpace must be done in accordance with the Data Protection Act 1998 and the MRS Code of Conduct, i.e. the processing of personal data may only occur with the informed consent of the individuals concerned.

Some researchers have expressed the view that traditional concepts of privacy and confidentiality do not apply to social networks as individuals are publishing information about themselves that can be freely used for other purposes. It has become clear however in recent developments in English privacy law that this is not the case.

Where individuals share information on these sites researchers must remember that it is being done within the confines of a social network. The information is being shared with friends and members of common networks. These networks may be very large, numbering many thousands of members, but this is not the same as publishing information to the world at large. Newspapers for example may publish information gathered through social networks only where there is a strong public interest in doing so.  Otherwise, members of social networks have a general expectation of privacy.

Persons from whom personal data are collected must also be informed as to what information is being collected, who will have access to it and the purposes for which it will be used. Where researchers who wish to gather personal data from a social network or another online forum must make their presence known in their capacity as a researcher. This means that when researchers befriend potential respondents to gain access to their online profile the researcher must introduce themselves as a researcher and outline the subject and purpose of the data collection they propose to undertake. The respondent must clearly consent to this before any data collection begins.

The current legislation on this issue is the Immigration, Asylum and Nationality Act 2006, which came into force in February 2008. It updates a series of similar legislation starting in 1996, creating stronger civil and criminal penalties for engaging illegal migrant workers.

Companies engaging interviewers as workers are subject to this legislation, i.e. they have a duty to check that interviewers are authorised to work in the UK before offering them work.

The legislation specifies which documents are acceptable. This list of documents is too detailed to be provided here. However, there is extensive guidance available from the UK Borders site: www.ukba.homeoffice.gov.uk/employers/preventingillegalworking/.

It is important to note that the checks are about the right to work, not about identification alone, so the documents listed relate to nationality and immigration status. Drivers’ licences or utility bills, for example, are not acceptable documents.

You should check all interviewers who are retained as workers. The prevention of illegal working can often raise race discrimination issues. When carrying out checks on workers, employers must be careful not to use discriminatory recruitment practices. The best way to ensure that you do not discriminate is to treat all applicants in the same way at each stage of the recruitment process. For example, if you provide information to prospective applicants, or if you supply application forms, you should also include a reminder that successful shortlisted applicants will be required to produce an acceptable document or combination of documents.

No, respondents must be provided with details of all of the ingredients contained within the biscuits being tested. The list of ingredients must be clearly visible on the packaging itself. In addition, you may also use an accompanying information sheet to hand to the respondent to read before tasting any of the chocolate biscuits. You do not need to highlight the proportion or amount of each ingredient, just provide a list of ingredients presented in descending order of weight.

Full details of all of the requirements are contained within the Food Standards Agency’s Safer Food document which is available at www.food.gov.uk/foodindustry/. In summary, food handlers must:

  • Not be unwell, or have been unwell in the previous 48 hours
  • Wash their hands using soap and water and dry them before handling any food after using the toilet and after handling rubbish
  • Have their hair fastened back
  • Not eat, chew gum or smoke in the room where the food is being stored, prepared or tested.

You must ensure that on attendance at a venue respondents are informed about the nature of any observation, monitoring or recording, and how the data will be used, and are given the option of withdrawing from the hall test.

Similar to the supply of food, the supply of cosmetic products is strictly regulated by law. The Cosmetic Products (Safety) Regulations 2004 require that the packaging in which it is supplied bears, in lettering which is visible, indelible and easily legible, a list of its cosmetics ingredients (preceded by the word "ingredients") in descending order of weight, the weight to be determined at the time the ingredients are added to the product.

The container and packaging in which it is supplied must also bear: the name or trade name and the address or registered office of the manufacturer of the product or of the supplier; details of certain specified substances, preservatives and UV filters; any particular precautions to be observed in use and any special precautionary information on a cosmetic product for professional use, in particular in hairdressing; and the function of the product unless this is clear from its presentation.

Products supplied in the course of market research do not have to give information on: best before dates or use within a specified period of opening; the batch number or date and location of manufacture.

Rule A10 of the Code of Conduct provides that Members must take all reasonable precautions to ensure that Respondents are not harmed or adversely affected as a result of participating in a research product.

Reasonable precautions in the case of product testing would include: ensuring that the client confirms the product has met all regulatory requirements for supply to the public; that respondents are clearly informed of the ingredients and possible side effects or reactions, so that they can make an informed decision to participate in the project; and ensuring that products are stored and handled properly, to prevent spoilage or contamination.

Firstly the respondent must be informed and must agree to the group being viewed in this way. Secondly your contract with the client who is to observe must stipulate that all viewing is conducted in a manner which could ensure that no-one outside the project team would have sight of the group.

See: MRS Code of Conduct: Rules B34 to B42 and B49

If management or staff attend an employee group discussion, they must be fully introduced to the group before it begins and respondents given a chance to withdraw.

See: MRS Code of Conduct: Rule B40

Clandestine recording methods can only be used for 'own-organisation' mystery shopping where the staff have been informed (via staff contracts, handbooks etc) that recording and monitoring of this type may take place. The only other situation where clandestine methods can be used is where a regulator is reviewing adherence to codes or legislation eg FSA mystery shopping mortgage providers, and those monitored were informed that this type of monitoring may take place.

See: MRS Code of Conduct: Rules B43 to B46

Re-contact questions should be asked no later than the end of the previous interview. For re-contact requests that relate to the current Qualitative project, it is common to advise respondents at recruitment that they may/will be invited to participate in a follow-up interview or re-convened group after a certain period of time. ‘At-recruitment’ requests help to make sure that respondents know what they are committing themselves to and also that they will be available when required. When using small sample sizes, early agreement is usually best. However, under the Code, the actual re-contact question does not have to be asked at recruitment and may even be better left to the end of the first group or interview so that respondents may make a fully informed decision about their continued or future participation. All such re-contact requests should however be clear about when the next contact will be made and by whom.

For re-contact requests that relate to other unspecified future research projects, the open-ended nature of this request must be made clear to the respondents.

The rules of the MRS Code of Conduct exist primarily to protect the interests of respondents and are not designed to regulate the relationship between recruiters and their researcher clients.

Recruiters may often be concerned about client researchers re-contacting respondents that the recruiters have recruited. As a matter of law, respondents are free to decide to whom they give their personal details, and if they are asked for contact information by researchers, they are free to do provide this information. If recruiters wish to prevent researchers from re-contacting respondents, for existing or future studies, without prior agreement or financial compensation, they must agree appropriate terms with their researcher clients at the start of the project.

In accordance with rule B5 of the Code of Conduct members are required to take reasonable steps to ensure that the rights and responsibilities of themselves and clients are governed by a written contract and/or internal commissioning contract. (Thus, recruiters who wish to control the future contact of respondents whom they have recruited should consider adding such a clause to their terms of business.)

As the Data Protection Act 1998 does not specify data retention, it should form part of a contract between the research supplier and the client. The key issue is that data is kept securely whilst in an supplier's care and only kept for a reasonable length of time. You should be aware that respondents have the right of access to any identifiable personal data held.

Whether recorded data or paper based questionnaires, all personal data must be destroyed confidentially. This may mean confidential shredding for paper questionnaires and wiping tapes clear. All personal data must be kept securely before it is destroyed.

The recruiter would have to ask at the first point of contact whether they could keep the respondents' information on file and contact them again. They would also have to stipulate how the information was to be used (ie for market research purposes). The recruiter would become a data controller of such data and as such must notify their database with the information commissioner. It should also be noted that the recruiter may be in breach of contract with the client if they keep data from one project and use it for other projects.

See: The Data Protection Act 1998 and Market Research: Guidance for MRS Members: 4.1 and 4.2

The Data Protection Act 1998 stipulates that individuals have the right to know who holds data on them and expects the source of the list data to be revealed and the data controller’s identity (ie the source of the data) must be revealed . This right overrides the client's right to anonymity as defined in B6 of the Code. Therefore, if respondents ask, they have a right to know, as additionally provided for in B7 of the Code. If there are concerns regarding how this information may affect responses you can tell the respondents that the source of the data will be revealed at the end of the interview rather than the beginning.

See: The Data Protection Act 1998 and Market Research: Guidance for MRS Members: 4.1 and 4.2
See: MRS Code of Conduct: Rules B6 and B7

Information about incorrect addresses and deaths can be passed back but the correct addresses can only be supplied with the express permission of the respondent. In future it may be worthwhile for social researchers to include in their contracts a clause to the effect that they will not pass back any information on individuals or the lists. Equally the 4th principle of the Data Protection Act 1998 stipulates that personal data should be accurate and up to date. Therefore if a large number of inaccuracies are found the client should conduct a data cleansing exercise.

See: The Data Protection Act 1998 and Market Research: Guidance for MRS Members: category 2

You should prepare two versions of the information. Version 1 would include the name and contact details of the respondents. This is for the research organisation so that they can verify that the respondents match the required specification, contact respondents to remind them to attend or if they are late or do not show up, and to check that they have received their incentive.

Version 2 of the information should have the surname/address/telephone and/or e-mail address removed. This version is for any clients who attend and who need to see product usage data.

Additionally, researchers present at the viewing studio should ensure that that they do not take a copy of version 1 into the room or have it in sight of the client.

The Regulation of Investigatory Powers Act 2000 governs the interception (monitoring or recording) of transmissions on telecommunications networks. Although the Act in large part is concerned with the circumstances in which the government can 'tap' communications on the phone or internet, it also regulates how organisations can monitor communications on their own communication systems.

Under the associated Telecommunications (Lawful Practice) (Interception of Communications) Regulations 2000, organisations can intercept communications: to establish the existence of facts; to ascertain compliance with standards or regulations; in the interests of national security; for the purpose of detecting crime; or to investigate or detect unauthorised use of the system. The interception must be solely for the purpose of the organisation’s business on a communication system provided for use in connection with that business, where the organisation has made reasonable effort to inform users that their communication may be intercepted.

This issue was raised in the consultation conducted by the Department of Trade and Industry prior to the coming into force of the Regulations. The Government came to the conclusion that it would not be in the interests of businesses or consumers to require consent before monitoring for quality control. They expanded the scope of the Regulations to allow businesses to intercept without consent in order to ascertain or demonstrate the standards which ought to be achieved by persons using their systems. This allows businesses to continue monitoring as before for purposes such as staff training which are of benefit for consumers.

The dissemination of conclusions from a marketing research project is the subject of rules B49 to B61. B49 of the Code states that researchers must not knowingly allow the dissemination of conclusions from a market research project, which are not adequately supported by the data. B59 provides that members must take reasonable steps to check and where necessary amend any client-prepared materials prior to publication to ensure that the published research results will not be incorrectly or misleadingly reported. Under B60, members must take reasonable steps to ensure that findings from a research project, published by themselves or in their employer’s name, are not incorrectly or misleadingly presented. Further B61 states that if members are aware, or ought reasonably to be aware, that findings from a research project have been incorrectly or misleadingly reported by a client he/she must at the earliest opportunity refuse permission for the client to use their name further in connection with the incorrect or misleading published findings and publish in an appropriate forum the relevant technical details of the project to correct any incorrect or misleading reporting. In addition A7 states that members must take reasonable steps to ensure that others do not breach or cause a breach of this Code. This, of course, includes clients.

Thus, the Code makes it clear that researchers who are aware of a prima facie case of misrepresentation of research conclusions; ie between the results of a survey and the conclusions drawn from those contents, have obligations under these rules, to bring this matter to the client's urgent attention and to seek and obtain, either a fully satisfactory explanation or justification of these differences or the withdrawal of the misleading documentation and its substitution by one which properly reflects the content of the project. To omit raising these issues with the client would imply the market research agency's collusion with the client to distort the views of the respondents, which would damage not only the market research agency's reputation but that of the entire market research profession.

See: MRS Code of Conduct: Rules B49 to B61

If an agency's methodological competence has been questioned, that agency has the right, if not the duty, to provide such information about segments of the questionnaire used and the broad range of responses to those segments, to reassure the questioner that any inferences made in a report overly published, by the client has been properly made. However, this applies only where a report prepared for the client has been published and its contents are in the public domain and can thus be criticised by third parties. If no part of a report published for a client has been made public by the client, then it cannot be reasonably challenged by an external third party. Only information that has been made public can be challenged for validity by third parties.

See: Code of Conduct: Rule B50

If these finding have not already been published, their use in advertising will engage the rules of the MRS Code of Conduct that relate to the publication of results (rules B49 to B60). Secondly, your client as the marketer will be bound by the rules for advertising in the UK, the CAP Code (for non-broadcast advertising) and the BCAP Code (for broadcast advertising).

The MRS Code in summary requires that:

  • results are clearly and adequately supported by the findings
  • that information is available on request to show how the results were obtained
  • client prepared materials are checked and where necessarily amended by the researcher.

Under the CAP and BCAP codes the use of research findings will be deemed to be a “claim” that consumers are likely to regard as objective and capable of substantiation. Your client will have to hold documentary evidence of the research findings used (i.e. substantiating the claim) before the relevant marketing communication is distributed.

There are two issues here. The first is that the claim must be capable of substantiation. As long as the client holds the documentation required and can produce it on request the this standard will be met.

The second issue is qualification. The BCAP Code provides:

    3.10 Advertisements must state significant limitations and qualifications. Qualifications may clarify but must not contradict the claims that they qualify.

    3.11 Qualifications must be presented clearly.

Advertising guidance note no. 1 - On-screen text and subtitling in television advertisements goes on to provide that:

    The principal offer and any important qualifications to it should not normally appear only in the form of superimposed text.

    Superimposed text may be used to expand or clarify an offer or to make minor qualifications. It may also be used to resolve minor ambiguities. Superimposed text that flatly contradicts a claim made elsewhere in the advertisement is not acceptable.

The role of superimposed text in an advertisement using research will be to clarify the precise claim being made by the marketer, rather than to substantiate it. Ideally the whole of the claim should be clearly expressed in the main body or script for the advertisement. Often this will not be possible so the “small print” may be used to provide limited clarification. It may not be clear for example in the text used in the advertisement or the voiceover to what population the claim relates. Is it customers? Adults? In Great Britain or the UK? Is the sample random, representative or self-selecting?

The level of detail in the superimposed text will also be limited by time on screen and size of the text. The BCAP guidance note also provides detailed rules on these points for marketers and broadcasters.

The Advertising Standards Authority (ASA) investigates and adjudicates on complaints under the CAP and BCAP Code. Full information on the ASA’s complaints procedure is available on www.asa.org.uk.

The RGF is a standards model for the governance of research where poor practice could have a direct impact on the health or well-being of the public. The governance framework describes:

  • arrangements to define and communicate clear quality standards;
  • delivery mechanisms to ensure that these standards are met, and
  • arrangements to monitor quality and assess adherence to standards.

No. If you obtain samples via any of the bodies listed in question 3 the RGF will apply.

The standards in this framework apply to all research which relates to the responsibilities of the Secretary of State for Health - that is research concerned with the protection and promotion of public health, research undertaken in or by the Department of Health, its non-Departmental Public Bodies and the NHS, and research undertaken by or within social care services that might have an impact on the quality of those services. This includes clinical and non-clinical research, research undertaken by NHS staff using NHS resources, and research undertaken by industry, the charities, the research councils and universities within the health and social care systems.

Research within the NHS, which involves individuals, their organs, tissues or data, must have the prior approval of an NHS research ethics committee. For other social care research, the Association of Directors of Social Services (ADSS) Research Group approves multi-site studies. The Implementation Plan for the RGF in Social Care requires all local social care bodies to ensure that ethical reviews are undertaken for externally funded research. Such ethic reviews are conducted via university ethics committees, the review process of local Councils or via the peer review processes of social care research funders.

In instances where a researcher finds respondents via privately run residential homes, where fee-assisted respondents are excluded from a study or where respondents are found via 'free-find' the RGF will not apply.

Researchers will need to discuss the RGF responsibilities with their Client. Information on the RGF can be found on the Department of Health website www.dh.gov.uk/Home/fs/en.

All MRS members must adhere to the MRS Code of Conduct which sets out the ethical principles which all researchers must follow when conducting market, social or opinion research. The ethical principles of the MRS Code of Conduct are: that research is conducted honestly, objectively, without unwelcome intrusion and without harm to respondents. These principles reflect those within the RGF. Details of the MRS Code of Conduct and its associated disciplinary procedures can be found on the MRS website.

Yes, there must be someone responsible for receipt, storage, preparation, serving and disposal of the food items.

The labels must be suitable and include all the required information, this being:

• Name of product 

• Place of origin 

• Durability 

• Instructions for use 

• Ingredients 

• Manufacturer/packer or seller details 

• Net quantity


The participants must be suitably informed of the required information e.g. how many units of alcohol they are being asked to consume (ideally this would be a low number). They should also be advised against driving to/from the venue and operating machinery following the testing.

Yes, there must be someone responsible for receipt, storage, preparation, serving and disposal of the food items.

The labels must be suitable and include all the required information, this being:

• Name of product 

• Place of origin 

• Durability 

• Instructions for use 

• Ingredients 

• Manufacturer/packer or seller details 

• Net quantity


The participants must be suitably informed of the required information e.g. how many units of alcohol they are being asked to consume (ideally this would be a low number). They should also be advised against driving to/from the venue and operating machinery following the testing.

Get the latest MRS news

Our newsletters cover the latest MRS events, policy updates and research news.