Understanding Personally Identifiable Information (PII)

Prohibited PII

The rule regarding Prohibited PII is to never ask for it, even if your test asked for consent or you use the Blur Tool. 

Categories of PII data vary by jurisdiction. Some examples of Prohibited PII include but are not limited to:

• Credit card numbers or credit card purchases
• Personal financial account numbers
• Passport numbers
• National ID card numbers
• Car loan number
• Drivers license number
• Social Security number
• Account passwords
• Specific genetic information
• Biometric identifiers used for identification purposes (e.g., fingerprints, voice prints, iris and retina scans)
• Health plan account or beneficiary numbers

Note: Please review our Data Processing Agreement, Content Policy, and Privacy Policy for more information. 

Sensitive PII

The rule regarding Sensitive PII is that you must obtain contributors' consent to collect this information via a screener question.

Categories of PII data vary by jurisdiction. Some examples of Sensitive PII include but are not limited to:

• Racial or ethnic origin
• Political opinions, religious or philosophical beliefs, trade union membership
• Data concerning health or a person's sex life or sexual orientation
• Data relating to criminal convictions and offenses

Note: Please review our Data Processing Agreement, Content Policy, and Privacy Policy for more information. 

Special Considerations

• Screener questions: If you determine that it is acceptable to record PII during your test, you will need to provide test contributors with a detailed explanation of what PII will be recorded, what it will be used for, and get their written consent before the start of the test. You should provide a question as your first screener. For example: “During this test, you will be required to enter your full name and home street address as part of a registration process. This information will only be used for the purposes of this test and will not be shared. Do you consent to provide this information?”

• • Yes, I consent to provide my full name and street address to participate in this test. [Accept]
  • No, I do not consent to provide my full name and street address to participate in this test. [Reject]

• Other PII: You are required to get contributor consent before requesting or processing any PII. If you’re running a test that may collect other PII, such as a full name or home street address, it’s a best practice to ask for contributors’ permission using a screener question.
• Blur Tool: Depending on your internal policies and applicable data laws for collecting and handling personal information, you may want to use the Blur Tool for certain tasks that expose PII you want to protect.
• Health information: Medical information is considered Sensitive PII and may only be collected after obtaining consent. And if your organization is a Covered Entity under HIPAA, medical information may be Protected Health Information (PHI) and should only be collected if your organization has a signed Business Associate Agreement with UserTesting.
• Testing purchase transactions: UserTesting contributors must never be required to purchase anything while testing or to participate in any financial transactions. If you have questions about how to test processes which include a financial transaction, visit our course.
• Testing social media: Social media feeds may contain the personal data of others that have not provided their consent to share such personal data. Ultimately, the best approach is to only enter engagements where you are processing personal data from the contributor participating in the test.

Best Practices

Follow these best practices when you run a test that may prompt test contributors to provide their PII:

1. When requiring a test contributor to complete a form requesting PII, instruct them to enter false or “dummy” information that will not identify a specific individual.
   For example: “Enter the email address = fake@google.com and password = fake.”
2. Never ask for social security numbers, medical records, or bank and credit card information.
   For example: “Please use fake information like 5555-5555-5555-5555 Exp: 12/20”
3. If your test requires test contributors to go through a complete checkout process, provide contributors with gift cards or gift codes in order to complete the checkout process without entering their own credit card information. For more guidance on testing purchase transactions, visit our course.
4. If it’s necessary for a test contributor’s PII to be visible on the screen during a certain task, and your internal policies require you to protect this information, enable the Blur Tool to make the screen unreadable during that specific task.
5. If you expect test contributors’ PII to pop up during the recording (such as notifications), please create screener questions to set expectations before the test starts.
   For example: Create a screener saying, “This test requires you to disable notifications. Have you disabled all notifications on your smart device?”
   1. Yes, I have disabled notifications. [Accept]
   2. No, I do not wish to disable notifications. [Reject]
6. If you are concerned that PII might inadvertently be provided by contributors during a test, consider a Live Conversation rather than an unmoderated test. During the test, you can manage the conversation to prevent sharing this information. 
7. Be mindful that personal information might also appear on the dashboard or other pages within logged in experiences. Review these pages as you plan a test and consider using the Task question and Blur Tool.
8. If you need to communicate with a UserTesting contributor outside the test, follow our guidelines for messaging. 

If these best practices are insufficient for your research needs, please contact the UserTesting Support team to discuss alternatives.