When using the internet to conduct surveys, the same responsibility exists to ensure that the participant is fully informed, which exists for face to face research. Since there is no participant-researcher interaction, it becomes even more important to create consent forms which are clear, and which present the important consent issues in such a way that the participant will be aware and understand. Sometimes it may be important to include questions in the survey to ensure that the participant has reach and understood the consent information. The need for this is, of course, proportionate to the risk involved in the survey.
Provide consent information on the first page of the survey and invite the participant to print a copy of the consent form for their records. Provide a PRINT button or post a .pdf of the consent information.
Inform the participant that they will indicate their consent by continuing to the survey.
See the Information/consent section of the website for full discussion of how to write info/consent documents and see below for wording suggestions,
Using Qualtrics, which is now supported by the University, is the best choice.
When using the internet to conduct surveys, you must answer the following questions directly in the REB Application:
- Are you (or the service provider) collecting IP addresses?
- Are you using Qualtrics? If not,
- Are your surveys encrypted prior to being sent to the server?
- Is your server secure?
- In which country is your server located?
Information to provide incentives is often collected in a second survey, ‘unconnected’ to the data collection survey. Since the time stamp on each survey may allow the research to connect the identifiers to the data, researchers can no longer state that such a survey is ‘anonymous’. It would be considered ‘anonymized’.
To prevent the hacking of a survey used for incentive draw purposes, two items should be placed in the incentive draw survey:
- A Captcha question, and
- A setting so that the survey can only be accessed by a referral from the URL of the primary survey (i.e. will only be accessible when called by the primary survey).
Both capabilities are in Qualtrics, which is now supported by the University.
- Item 1 stops a bot from spoofing the URL of the primary survey and then repeatedly completing the incentive draw survey.
- Item 2 stops people from manually completing the incentive draw survey repeatedly once they discover its URL, as the setting will only allow access to the survey when it is invoked by the primary survey i.e. called from the URL of the primary survey.
The combination of Items 1 and 2 greatly improve the security around incentive draw surveys. Please address your use of each of these items in the REB application or provide justification as to why you think these items are unnecessary in your case.
Wording for Consent Statements
Following is suggested wording for e-survey consent statements that should be used as applicable to your particular study:
- If you are not collecting identifying information or IP addresses from participants and you are using Qualtrics, or the surveys are encrypted prior to being sent to the server and the server is secure, then you can claim that the survey is anonymous.
- The following wording must be included in consent forms: “Please note that confidentiality cannot be guaranteed while data are in transit over the internet.”
- In the case of data being collected in or transferred to any foreign country, “absolute anonymity cannot be guaranteed since the laws in some countries may permit access to the data.”
- If the participant may fill out the e-survey on a public computer, text to the effect of the following should be added to the consent form/instructions (please confirm with your departmental IT support what current wording would be appropriate):
“If you respond to this survey using a public computer, we recommend you ensure your confidentiality by taking the following precautions to clear all private data from the computer you are using to respond to the survey:
- Clear the browsing history
- Clear the cache
- Clear the cookies
- Clear the authenticated session
- LOG OFF
If you are using Internet Explorer, the first 4 steps can be accomplished by going to Tools and selecting Delete Browser History. Your browser application may have a similar system to remove potentially identifying personal information.”