Recruiting research participants and protecting their privacy
Good user research depends on recruiting appropriate participants.
This might mean recruiting:
- members of the public with experience of a particular life event, like bereavement
- small business owners who claim a particular tax relief, like an investment allowance
- public servants who review and make decisions about applications, like those for visas
We make sure that our recruitment practices are inclusive and accessible, so that we don’t exclude groups such as disabled people, and people with other protected characteristics.
And we carefully manage participants’ contact details and other personal data to protect their privacy and comply with the law.
Note that this guidance applies to all dxw staff, dxw friends, and partner and client staff doing research activities, like interviews, visits, surveys and tests.
Following our client’s practices #
When we are following our client’s practices in how we manage research data, we will usually also follow their practices in how we recruit participants, and how we manage their contact and other personal details.
Check with your delivery lead if you’re not sure which practices we have agreed to follow.
Recruiting research participants #
This guidance explains how we recruit participants for research at dxw. It builds on the general guidance on Finding participants for user research in the Service Manual.
Planning for recruitment costs #
As soon as we know what they might be, we make sure that likely recruitment costs and elapsed time are covered in the budget and schedule for a project.
Using a recruitment agency #
We often use specialist agencies to recruit members of the public.
We do not have any agreements with preferred agencies. But we have had good experiences of using:
Protecting participant privacy #
This guidance explains how we collect and use information about research participants at dxw. It builds on the general guidance on managing participant privacy in the Service Manual.
Collecting only the participant details we need #
We collect as little information about participants as possible. And only the information we really need to manage their participation. For example, collecting just the participant’s name and email address to arrange a video call.
When we use a screening questionnaire, we ask only the questions we need to select participants. For example, we don’t ask for a date of birth if we only need an age range.
We avoid keeping participants’ personal details as a record of who we spoke to, or to manage subject access or deletion requests. We may keep counts of numbers and types of participants, but these should not include any personal details.
Storing participant details securely #
We usually store participants’ details in the Google Drive folders for the relevant project, for example in a spreadsheet in a Research subfolder. We limit access to just the colleagues who need to use them to help people participate.
The Google Drive Help Centre has a useful guide on ways to stop, limit, or change sharing of files and folders.
When using an online questionnaire tool to recruit and screen participants, transfer the responses from the tool to Google Drive as soon as possible, and securely delete the original responses from the tool.
We avoid sharing email conversations that include participants’ contact and other personal details.
And we avoid sharing participants’ details in any other tool, such as Slack or Trello.
Managing participant details in calendars #
We avoid sending calendar invites to participants, as they contain participants’ personal details and can be hard to find and delete latest.
Where we do include participants in calendar invites, we restrict access to the guest list so that only colleagues involved in the research will see participants’ contact details.
We sometimes use tools like Calendly, to manage participant scheduling and invitations. We limit access to the events and participant details stored in the tool.
Deleting participant details when no longer needed #
We delete participants’ details from Google Drive, Gmail and Calendar as soon as we no longer need the details to manage their participation in research.
Labelling emails exchanged with participants is a good way to find and delete them. For example, in Google Gmail you might create ‘Participant’ and ‘RODA’ labels and search for them using ‘label:(participant RODA)’.
Identifying calendar events that might contain participants’ details is not so easy. In Google Calendar you can create a personal Research calendar and add all research activities involving participants to that calendar. Or you might adopt a naming convention such as ‘Research:’.
Sharing research activities and findings #
We are careful to protect our participants’ privacy when we share descriptions of research activities and report on our findings.
By default, we share only fully anonymised findings, that do not include any personal data or anything that could identify a participant.
We only share more with the properly informed consent of our participants.
Doing fully confidential research #
We sometimes do research where the participants are known only to the researchers. Other members of the team will not know who participated in the research.
When doing fully confidential research:
- we strictly limit access to participant details
- use private meeting invites
- share only fully anonymised findings
Last updated: 18 March 2024 (history)