What Quallies Need to Know about Data Privacy and Security in 2019



10am – 10:30am Registration

10:30am – 11am – Chapter news, past meeting summary and attendee introductions

11am – 1pm – Panel (5 minutes for introductions, 20 minutes for each to speak for 5 minutes, 95 minutes for the panel)

1pm – 1:45pm – Lunch

1:45pm – 2:45pm – Data security presentation

2:45 – 3pm – Wrap-Up



Panel Description:


A core component of market research has always been to protect the privacy and confidentiality of our participants and to ensure they have provided consent for the research process.  However, these terms – privacy, confidentiality and consent – have taken on new meaning in the era of GDPR, which came into effect in May 2018.   While GDPR has had the most profound effect on research conducted in the EU, there has been, and it is anticipated there will continue to be a trickle-down effect to the US.  This can in part be seen with the passage of the California Consumer Privacy Act of 2018, which will go into effect in January 2020.   Also, consumers, in general are more aware and concerned about their privacy and how their personal information will be handled given large data breaches that have been widely publicized. 


What does this mean for small market research firms based and primarily operating in the US?  What do we need to do to be prepared now?  And, for what may come down the road?  How can we ensure that we are in compliance with company MSAs and data requirements? 


Get these and other questions answered as this panel discusses the practical implications of GDPR (and the forthcoming CA Consumer Privacy Act) on market research companies, particularly independents and small firms. 





Presentation Information:


Data Privacy and Security for Small Businesses (David Menichello)


As research consultants, we are routinely entrusted with our clients’ data. Consequently, we have an obligation to safeguard client data from theft, loss, and misuse while it is in our possession. Client security requirements, often driven by industry privacy regulations, continue to intensify, which can be a challenge for small businesses. This session will cover control and security of data for small businesses. It will touch on key points related to:


  • Privacy regulations driving the requirements for data security (HIPAA, GDPR, other)

  • Understanding different types of data and the required safeguards

  • Fundamental controls needed to secure yours and your clients’ data (Technical, Administrative, and Physical)

  • Meeting clients’ security requirements





Jana Rueten, M3 Global Research, Director of Operations (UK)


Jana has been working in healthcare market research since relocating from Germany to London in 2010. She gained her first experience as a project manager before moving on to become a moderator for both German and English-speaking markets, using a variety of methodologies and speaking to different stakeholders.  In 2014, Jana began working in M3 Global Research’s operations management leading the quantitative team. After heading up M3’s European compliance team since its inception and working on the implementation of GDPR principles, she now focuses full time on compliance and processes across M3 GR’s global divisions. Jana is also a member of the EphMRA (European Pharmaceutical Market Research Association) Learning and Development Committee.



David Menichello, BTB Security, Director of CISO Advisory Services


David has 20 years of experience spanning roles in Information Security, IT, Risk, and Audit. He has held senior leadership positions at two Fortune 500 financial software and services companies, with extensive global experience in capital markets, banking, insurance, broker-dealers, and payment technologies.  David leads BTB Security’s CISO Advisory practice, where his focus includes working with clients on their information security strategies. By being able to thoroughly understand his client’s business environment, major initiatives, and value creation process, David helps clients develop roadmaps for building information security programs that are practical, effective, commensurate with

risks, and aligned with business goals.


Before joining BTB Security, David developed information security and technology risk programs for several companies. He has also built and led high performing global information security teams. Because much of his work experience was spent in two demanding, regulated industries (financial services and pharmaceuticals), David has an appreciation for the operational and compliance challenges that many of his clients face.



 Hilary Fisher, HJF Consulting, Founder


With over two decades of experience in the healthcare market research sector, Hilary founded HJF Consulting in 2017 to share her data privacy expertise with clients working in the global research space. Hilary honed her skills during tenures at Kantar Health, All Global and SHC where she held senior level positions and helped to expand revenue and market growth in the US and Europe.   Hilary has deep expertise in compliance management and data privacy, operational effectiveness, leadership development and market expansion.  At Kantar Health, Hilary served as the organization’s first Global Compliance Director from 2008 until 2012 – a role in which she supported 40+ global offices and 600 employees – when she was asked to step into the role of COO, US for All Global (now Lightspeed Health). 

Most recently, she led the compliance management initiatives at SHC in her role as Chief Revenue/Strategy Officer for the organization.  Hilary is known for her collaborative and thoughtful approach which enables her to establish a rapport with the key stakeholders and team members she works alongside to deliver on organizational goals.  Hilary is a member of the Insights Association, Intellus Worldwide, BHBIA and the International Association of Privacy Professionals (IAPP). Hilary also currently serves as Director of Chapter Engagement for the Insights Association.  


Rick Seale, Shugoll Research, Executive Vice President

Rick Seale is part of Shugoll Research’s senior management team, overseeing the strategic direction of both the Research Consulting and the Data Collection divisions of the firm. Rick has been very involved in developing Shugoll Research’s data privacy policy, and also reviews all master services agreements and data privacy agreements for the Data Collection division for compliance. Rick’s 27 years of experience in the research industry have given him a comprehensive view of how the industry has evolved, and the changes that have come with the ever increasing importance of respondent and data privacy. An important part of his role is to keep Shugoll Research up to date and compliant with those changes.


Rick holds a BS and an MBA from the University of Southern Mississippi. He is an active member of the Insights Association, and is a past-president of the Mid-Atlantic Chapter, and has been a member of numerous committees over the years including the Code of Standards and Best Business Practices committees.


Meeting Location:

M3 Philadelphia Studios

1650 Market St Suite 3030, Philadelphia, PA 19103

To RSVP or for remote viewing info:  Email Karen Zimmerman