Data security and ethics when using IPA Nordic’s personality test

– information for test takers

IPA Nordic and the people who use our tests undertake to comply with a number of rules and guidelines with regard to the processing of personal data and with regard to ethics when using business-oriented personal tests. As a test taker, you have the following rights under the Danish Act on Processing of Personal Data:

Your test result must be kept confidential and may only be disclosed with your consent.
Your test result may not be stored beyond a set period of time.
You have the right to demand that your test results are anonymised at any time.

IPA Nordic, in collaboration with a number of other test providers and interest organisations, has further developed a set of quality requirements for professional personal assessment in public and private companies. These quality requirements incorporate the Danish Psychological Association’s ethical guidelines for the use of tests in business and concern both the quality of the test tool itself as well as fairness in connection with test feedback and interpretation/use of your test results.

For example, it states that:

You must be explicitly informed about the content of what and how to report on the test process.
You must be informed of the consequences of opting out of testing before you decide whether to take the test.
The test result should be seen as a series of hypotheses that form the basis for further dialogue, and decisions or advice should never be based on the test result alone.
The person giving you feedback on the test must communicate with respect for you and any other parties involved.
Oral and written reporting of test results and the content of the test feedback dialogue must only include information that is relevant for the purpose for which you have been tested.
There must be consistency between the choice of test and the purpose of testing, and the test administrator must have a thorough knowledge of the test, including awareness of the test’s strengths and weaknesses.
There must be documentation of the validity of the test used and your test results must be assessed based on comparison with test results for a relevant group.

All persons authorised to use IPA Nordic’s personality tests have been trained and examined in the use of the tests at IPA Nordic and have obtained their authorisation subject to compliance with the above guidelines. With regard to requirements for the quality of the test tool, IPA Nordic continuously verifies and documents the validity of the tests and provides an updated basis for comparison of individual test results. The quality of the test tool in these areas is of mutual interest to both you and your tester: high quality counteracts misinterpretation and randomness in the assessment of your test results.

You can familiarise yourself with the full text of the Personal Data Processing Act and the quality requirements for personal assessment to which IPA Nordic subscribes by following the links below. If you read further on this page, IPA Nordic will elaborate on aspects regarding confidentiality and storage of your test answer and try to clarify some of the questions you as a test taker may have regarding the terms of your testing.

Danish Data Protection Agency (here you will find the “Act on Processing of Personal Data”)
www.personvurdering.dk (ethical guidelines and quality requirements)

How long will my data be stored?
Your name and contact details are automatically deleted from the system’s database 6 months after your login. After that, the company that tests you has no possibility to call you or your test results back into the system. If the company prints out reports and saves them for later use, the test administrator must inform you how long these papers will be kept before they are destroyed. As test results have limited validity, there will rarely be a reason to keep test results for more than 6 months. Please note that you have the right to have test results deleted at any time, regardless of whether they are in paper or electronic form. If you want your test results deleted, please contact the person who tested you.

Who has access to my test results?
The only person who automatically has access to your personal test results in the system is the person who tests you and who has emailed you a test link.

The system allows this person to let one or more other users of the system see your test results, e.g. if the testing process takes place in a collaboration between several people, or if this person is prevented from giving you test feedback and has to pass the task on to a colleague. With regard to printouts from the system, the same rules for storage and confidentiality apply as for electronic data. Access must be restricted to authorised personnel and your test results must be kept locked.

The confidentiality of your test results – i.e. which persons/companies have access to your test results, which persons are informed about them and to what extent – must in all cases be clarified to you by the person in charge of your testing. Subsequent disclosure of information about you to persons or companies that is not initially specified to you may only take place with your prior consent.
It is the responsibility of the person(s) and company(ies) conducting your testing and feedback to ensure compliance with confidentiality and retention laws regarding authorised access and printouts of test results. Violation of this will have consequences for the test user’s right to use IPA Nordic’s personal test and can be appealed to the Danish Data Protection Agency.

How is electronic access to my test results secured?
It is IPA Nordic’s responsibility to take security measures to ensure access to data as far as electronic storage in our data system is concerned. IPA Nordic must ensure that only authorised persons can access the system and that communication back and forth between your computer and the system’s server cannot be intercepted by third parties. The system is secured at all levels with passwords, so there is full control over who has access to what and to what extent.

As an additional security measure, all communication between the system and your computer is encrypted. The encryption is done with so-called SSL (Secure Socket Layer), symbolised by a small padlock in the lower right corner of the browser. SSL encryption ensures that the data sent back and forth between your computer and IPA Nordic’s server is meaningless to anyone who might intercept this communication en route between computer and server. It also ensures that the messages you receive from our server do not come from third parties. You can therefore be sure that you are actually logged in to IPA Nordic’s website and that your data does not end up elsewhere.

SSL encryption is available in several different strengths. IPA Nordic uses an encryption strength (256-bit) that is currently considered practically unbreakable. If you are using a very old browser version, it is possible that it only supports a weaker encryption standard (128-bit), which also fulfils the requirements of the Danish Data Protection Agency for the type of data handled in this system. However, if you have an older browser version, you should consider upgrading to a newer version, as a higher level of security will also benefit you in other contexts.

I must consent to my answer being included in IPA Nordic’s statistics. What will IPA Nordic use this for and what information is actually included in the statistics?

When you take a test, your test answer is sent to IPA Nordic’s statistical database. All answers you give in connection with the test – apart from your name, login name, password and contact information – are stored in this database. This includes gender, age, education level, job title (optional), job level, etc. This data is used to find averages for different population groups and is necessary for our work to ensure the quality of the tests and for their further development. There is no possibility of identifying you personally in this database, and the database is only accessible to the people at IPA Nordic who work to ensure the statistical quality of the test. As data only exists in anonymised form in this database, it is not possible to specify deletion of answers to an identified person, and therefore, unlike your personal test answer, we cannot revoke your test answer from our statistics after the test has been answered.

We hope that you have found answers to any questions you may have regarding the terms of testing or securing your test answer and feel comfortable using our system. If you have any further questions regarding data security, confidentiality or ethics, you are welcome to contact IPA Nordic directly. You can contact us via the email address steen @ ipanordic.dk