Best Practices for Avoiding the Collection of PII

Overview:

UserTesting’s platform allows customers to record audio and video of test participants interacting with websites, apps, prototypes, and other products. Occasionally, a test will require test participants to enter information into a form. To protect test participants’ privacy, it’s important to avoid collecting Personally Identifiable Information (or “PII”) whenever possible.

PII is defined as information that can be used to identify a particular individual, including name, date of birth, social security number, email address, postal address, phone number and any other information that, either alone or in combination with other data, could be used to identify or contact a particular person.

We do not allow the solicitation and collection of sensitive PII under any circumstance when conducting studies. Sensitive PII includes:

  •  Credit card information
  •  Social Security Number (SSN)
  •  Driver’s License
  • Medical Records (including treatment or medical documentation; self-reporting of medical information and history is allowed)

You should never request that test participants provide sensitive PII, regardless of whether tasks are blurred. UserTesting will delete any video found to contain sensitive PII and thus in violation of this rule.

Best practices:

Follow these best practices when you run a test that may prompt test participants to provide their PII: 

1. When requiring a test participant to complete a form requesting PII, instruct them to enter false or “dummy” information that will not identify a specific individual.

For example: “Enter the email address = fake@google.com and password = fake.” 

2. Never ask for social security numbers, medical records, or bank and credit card information.  
For example: “Please use fake information like 5555-5555-5555-5555 Exp: 12/20”  

3. If your test requires test participants to go through a complete checkout process, provide participants with gift cards or gift codes in order to complete the checkout process without entering their own credit card information.


4. If it’s necessary for a test participant’s PII to be visible on the screen during a certain task, enable the “blur tool” (if available with your account) to make the screen unreadable during that specific task. Contact UserTesting Support for assistance using the blur tool. You can also visit this link for more on the blur tool.

5. If these best practices will not be sufficient for your research needs, please contact the UserTesting Support team to discuss alternatives. If it is determined that it is acceptable to record PII during your test, you will need to provide test participants with a detailed explanation of what PII will be recorded, what it will be used for, and get their written consent before the start of the test.

6. If you expect test participants’ PII to pop up during the recording (such as notifications), please create screener questions to set expectations before the test starts.

For example: Create a screener saying, “This test requires you to disable notifications. Have you disabled all notifications on your smart device?”
              
1. Yes, I have disabled notifications. [Accept]

2. No, I do not wish to disable notifications. [Reject]

Was this article helpful?
13 out of 16 found this helpful