Data security and ethics when using IPA Nordic’s personal test

– information for test takers

IPA Nordic and the people who use our tests need to comply with a number of rules and guidelines in regard to the processing of personal data and with regard to ethics when using business-oriented personal tests. As a test taker, you have by the law on the processing of personal data, among other things the following rights:

  • Your test result must be kept confidential and may only be passed on with your consent.
  • Your test result should not be kept beyond a set time period.
  • You have the right to have your test results anonymized at any time.

In collaboration with a number of other test providers and interest groups, IPA Nordic has further defined a set of quality requirements for professional personal assessment in public and private companies. These quality requirements incorporate the Danish Psychological Association’s ethical guidelines for the use of tests in the business world and relate to both the quality of the test tool itself as well as fairness in connection with test feedback and interpretation / use of your test results.

This is done e.g. applicable to:

  • You must have explicit knowledge of the content of what and how to report further from the test process.
  • You must be informed of the consequences by opting out of testing before making a choice whether to take the test.
  • The test result must be considered as a series of hypotheses that form the basis for a further dialogue, and decisions or advice must never be based on the test result alone
  • The person giving you feedback on the test should communicate with respect for you and any other parties involved.
  • Oral and written feedback of test results and content of test feedback interviews may only include information that is relevant to the purpose for which you were tested.
  • There must be consistency between the choice of test and the purpose of the testing, and the person administering the test must have a thorough knowledge of the test, including being aware of the strengths and weaknesses of the test.
  • There must be documentation of the validity of the test used and your test results must be assessed on the basis of comparison with test results for a relevant group.

Everyone with the right to use IPA Nordic’s personal test is certified and examined in the use of the tests at IPA Nordic and has obtained their authorisation provided that the above guidelines are complied with. With regard to requirements for the quality of the test tool, IPA Nordic continuously checks and documents the validity of the tests and continuously provides an updated comparison basis for individual test results. The quality of the test tool in these areas is of common interest to both you and the person testing you: high quality counteracts misinterpretations and randomness in the assessment of your test results.

You can become acquainted with the full wording of the Personal Data Processing Act and the quality requirements for personal assessment that IPA Nordic agrees with by following the links below. If you read further on this page, IPA Nordic will elaborate on aspects regarding the confidentiality and storage of your test answer and try to clarify some of the questions you as a test taker may have in connection with the terms of your testing.

The Danish Data Protection Agency (here you will find the “Personal Data Processing Act”)
www.person rating.dk (ethical guidelines and quality requirements)

How long will information about me be stored?

Your name and contact information are automatically deleted from the system database 6 months after your login. The company that tests you then has no option to call you or your test results back into the system. If the company prints reports and saves them for later use, the test manager must inform you how long these papers are stored before they are deleted. As test results have limited validity, there will rarely be any reason to keep test results for more than 6 months. Please note that you have the right to have test results deleted at any time, whether on paper or in electronic form. If you want your test results deleted, please contact the person testing you.

The confidentiality of your test results – ie. which persons / companies have access to your test results, which persons are informed about them and to what extent this happens – must in all cases be specified for you by the person in charge of your testing. Subsequent transfer of information about you to persons or companies that are not initially specified for you may only take place with your prior consent.
The person (s) and company (ies) responsible for your testing and feedback are responsible for ensuring compliance with confidentiality and storage laws regarding authorized access and transcripts of test results. Violation of this will have consequences for the test user’s right to use IPA Nordic’s personal test and can be complained to the Data Protection Authority.

How to secure electronic access to my test results?
It is IPA Nordic’s responsibility to take security measures to ensure access to data regarding electronic storage in our data system. IPA Nordic must ensure means that only authorised persons can gain access to the system and that communication back and forth between your computer and the system’s server can not be intercepted by third parties. The system is secured at all levels with passwords, so there is full control over who has access to what and to what extent.

As an additional security measure, all communications between the system and your computer are encrypted. The encryption is done with so-called SSL (Secure Socket Layer), symbolised by a small padlock in the lower right corner of the browser. SSL encryption ensures that the data sent back and forth between your computer and IPA Nordic’s server is meaningless to anyone who might intercept this communication between computer and server. Furthermore, it is ensured that the messages you receive from our server do not come from third parties. You can thus be sure that it is actually IPA Nordic’s website that you are logged in to and that your data does not end up elsewhere.

SSL encryption is available in several different strengths. IPA Nordic uses an encryption strength (256-bit), which is currently considered to be practically unbreakable. If you use a very old browser version, it is possible that it only supports a weaker encryption standard (128-bit), which, however, also meets the Danish Data Protection Agency’s requirements regarding the type of data that is operated with in this system. However, if you have an older browser version, you should consider upgrading to a newer version, as a higher level of security will also benefit you in other contexts.

I have to give my consent for my answer to be included in IPA Nordic’s statistics. What should IPA Nordic use this for, and what information is actually included in the statistics?

When you answer a test, your test answer is forwarded to the IPA Nordic statistical database. All answers you provide in connection with the test – except for your name, login name, password and contact information – are stored in this database. This thus applies to gender, age, level of education, job title (optional), job level, etc. This data is used to find averages for different population groups and is necessary for our work to ensure the quality of the tests and for their further development. There is no possibility to identify you personally in this database, and the database is only available to those people in IPA Nordic who work to ensure the quality of the test in statistical terms. As data only exists in anonymised form in this database, it is not possible to specify deletion of answers to an identified person, and unlike your personal test answer, we can therefore not recall your test answer from our statistics after the test is answered.

We hope you have found the answers to any questions you may have regarding the terms of testing or securing your test answer and feel comfortable using our system. If you have further questions regarding data security, confidentiality or ethics, you are welcome to contact IPA Nordic directly. You can contact us via the email address steen@ipanordic.dk