Research and analysis

Research on cyber security skills: Ipsos privacy policy

Updated 24 June 2022

Ipsos has been commissioned by the Department for Digital, Culture, Media and Sport (DCMS) to conduct research on cyber security skills needs among UK businesses, public sector organisations and charities. This includes businesses offering cyber security products and services, and a wider set of businesses across different sectors with regards to their own cyber security needs. The research includes a survey of these groups and follow-up interviews with some of the organisations taking part in the survey.

Ipsos is a specialist research agency in the UK. Ipsos is part of the Ipsos worldwide group of companies, and a member of the Market Research Society. As such we abide by the Market Research Society (MRS) Code of Conduct and associated regulations and guidelines.

Participation in this research is voluntary – you are free to decide not to take part if you do not want to. You can withdraw your consent at any time. Your decision will not affect your relationship with DCMS or the government in any way.

This privacy policy only applies to this research project.

Contents of this privacy policy

What personal data has Ipsos received for this survey?

Ipsos has personal data relating to your business because we have been asked by the Department for Digital, Culture, Media and Sport (DCMS) to carry out survey research on their behalf about cyber security skills. See DCMS personal information charter.

We have received contact details for four types of organisations:

  1. Businesses and public sector organisations, taken from the Inter-Departmental Business Register (IDBR) held by the Office for National Statistics (ONS).
  2. Charities, taken from the charity commission databases.
  3. Phone numbers from Office of the Scottish Charity Regulator (OSCR) made via a request from DCMS.
  4. Cyber sector firms, taken from a DCMS database of this sector.

For all the samples received, we have supplemented the list of telephone numbers we received with additional telephone numbers, emails and contact names matched from the Dun & Bradstreet database, from company websites and from other publicly available sources (e.g. publicly available LinkedIn pages).

Businesses and public sector organisations

We have used the Inter-Departmental Business Register (IDBR) to select a sample of businesses and public-sector organisations. The IDBR is a list of UK enterprises maintained by the Office for National Statistics (ONS) for statistical purposes. The ONS securely transferred this sample to DCMS, who transferred it to Ipsos. It includes:

  • organisation registered and trading names
  • organisation address and postcode
  • organisation telephone number

Charities

If you are a registered charity on one of the following charity regulator websites, we have collected your personal data from one of these websites. This is in order to invite your charity to take part in the survey.

In addition, the OSCR provided DCMS and Ipsos with additional telephone numbers for charities in its database for the purpose of this research project only.

Cyber sector firms

DCMS controls a database of cyber sector firms. The database has been compiled based on publicly available information about these firms, including contact details. The information come from the following sources:

  • the Bureau van Dijk Fame database
  • the Orbis database
  • the Beauhurst database
  • a DCMS list of businesses involved in various cyber security start-up initiatives
  • business websites.

The data DCMS have shared with Ipsos from this database includes:

  • business name
  • business telephone number
  • contact name and job title within the business where available.

The database of cyber sector firms also includes contact details collected in an earlier survey carried out by Ipsos on behalf of DCMS, where respondents had given permission for these contact details to be reused for this latest research.

Ipsos requires a legal basis to process your personal data.

  • Ipsos ’s legal basis for collecting charity contact details from the charity regulator websites is the legitimate interests of DCMS.
  • Ipsos ’s legal basis for processing personal data from each type of organisation beyond this stage is their consent to take part in this research study. If you wish to withdraw your consent at any time, please see the section below covering ‘Your Rights’.

How will Ipsos use any personal data including survey responses you provide?

  • Responding to this survey is voluntary and any answers are given with your consent.
  • Ipsos will keep your personal data and responses private in strict confidence in accordance with this Privacy Policy. You will not be identifiable in any published results.
  • Ipsos will use your personal data and answers solely for research purposes, to produce anonymous research findings for DCMS.

How long will Ipsos retain my personal data and identifiable responses?

  • Ipsos will only retain any personal data and identifiable answers for as long as is necessary to support this research. In practice, this means that once we have reported the final anonymous research findings to DCMS, we will securely remove any personal data from our systems.
  • For this project, we will securely remove your personal data from our systems by 24 April 2023.

Your rights

  • You have the right to access your personal data within the limited period that Ipsos holds it.
  • If you want to contact Ipsos about data they hold about you, please see the contact details below.
  • You also have the right to rectify any incorrect or out-of-date personal data about you which we may hold.
  • If you want to exercise your rights, please contact us at the below Ipsos address.
  • You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you have concerns on how we have processed your personal data. You can find details about how to contact the Information Commissioner’s Office at https://ico.org.uk/global/contact-us/ or by sending an email to: [email protected].

Where will my personal data be held and processed?

  • All of your personal data used and collected for this survey will be stored by Ipsos in data centres and servers within the United Kingdom.
  • Your survey answers will be combined with answers from hundreds of other respondents and will be deposited onto the UK Data Archive (UKDA) in an anonymous format. There is no information in the data that can be used to identify you. Any analysis is done on the whole sample, and results will be quoted in terms of specific percentages of people, and are not reported as individual answers. The collected survey responses are made available, through the UK Data Archive (UKDA) Service, to academic researchers who must register with with UK Data Archive (UKDA) to be able to use the data.

How can I contact Ipsos and DCMS about this project and/or about my personal data?

If you have any questions or require further information our privacy policy, our compliance with data protection laws or information we hold about you, please contact our Compliance Department. They can be contacted by email sent to [email protected] with 22-028677-01 – Ipsos cyber security skills research as the subject line.

Or by letter sent to:

Ref: 22-028677-01 – Ipsos cyber security skills research
Compliance Department
Market and Opinion Research International Limited
3 Thomas More Square
London
E1W 1YW
United Kingdom

You can email DCMS at [email protected] with 22-028677-01 – Ipsos cyber security skills research as the subject line.

Or reach DCMS by letter sent to:

Ref: 22-028677-01 – Ipsos cyber security skills research
FAO DCMS Data Protection Officer 
The Department for Digital, Culture, Media and Sport  
100 Parliament Street  
London
SW1A 2BQ 
United Kingdom

Changes to this privacy policy

We keep our privacy policy under regular review. This policy was created on 14 June 2022.