Guaranteed Data Anonymization For Your Market Research Projects


As processors of the data of EU residents, we subscribe to the requirements of the EU General Data Protection Regulation and its underlying intent that aims to give the residents of the EU more control over their data. We have established policies and practices that enable us to conform to the data and privacy rules within the legislation. We subscribe to the EU-US Privacy Shield.


Civicom has put safeguards in place to be compliant with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and associated regulations. We have engaged in a comprehensive HIPAA audit and training program for employees and have an active HIPAA compliance policy. We have established an annual review of our compliance practices to assure we remain in line with HIPAA requirements.


We maintain a comprehensive information security policy that is the foundation for the development and implementation of our security practices. These practices are designed to ensure the confidentiality, integrity, and security of data within our locations and the information systems owned and operated by our company. We employ a full time Data Protection and a full time Compliance Officer.


Our organizational mindset is that we are stewards of client and respondent data and it is our responsibility to protect and safeguard it. All employees record our Oath of Confidentiality every quarter and also have signed a confidentiality agreement. The Quarterly Oath helps each employee remember their personal responsibilities to safeguard all data and PII and to follow required protocols.


In line with our GDPR commitments we strive to work with clients to protect privacy in compliance with the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA). We recognize the importance of remaining consistent and ensuring an equivalent level of privacy protection to the EU requirements in order to allow the free flow of personal information from the EU to Canadian organizations.


We are anticipating the impact of the California Consumer Privacy Act (CCPA) that will be effective January 1 2020, including the 12-month “look-back” period. Our comprehensive information security policy and data flow procedures will ensure we are able to work with clients to fulfil legal requirements expanding the rights of California resident consumers and be transparent about how their information is collected, used, and disclosed.

Protecting Your Personally Identifiable Information
Through Data Anonymization Tools

Audio masking software provides extra security

Audio Masking

Keep your respondent’s voice confidential by using our Audio Masking service. Given the importance of protecting PII, this will eliminate the possibility of your respondent being identified by the end client, because of their voice. You may further combine this with our Face Blurring service – especially where webcam interviews are involved.

Image Blurring

Sometimes, your project requires that your respondent is on their webcam during an interview. Use our image blurring service and we will help you edit/blur you respondents’ image so that they are not recognizable when the video is played back. You can combine this with our Audio Masking service.

Laptop secured by firewall and security software

Data Encryption

Our extensive Network Encryption Policy requires the use of cryptography to protect data in transit. All devices connecting to the network must be authorized and documented. Identity of users and computers connecting to the network must be authenticated via network firewall. We control the types of connections permitted.

Data Transfer

Some clients prefer their own file transfer system when working sharing personally identifiable information or personal health information with us. We fully support use of your preferred file transfer method when transmitting respondent between your organization and ours. This can enhance your sense of protection even further when working with us.

Manage respondents real time

Real-Time Respondent Management

We have the expertise to manage PII requirements in real time, on both our audio and web-enabled platforms. GDPR-eligible respondent acknowledgements to participate are logged by respondent, date, and time of agreement. Respondents are required to identify their country when requesting information or participating in a study we facilitate on behalf of our clients.

Civicom's commitment to GDPR compliance

Commitment to PII Protection

Civicom maintains strict information security policies, data flow procedures and security measures, data flow mapping, GDPR training., In addition to our Infosec team, our data protection staff includes a full time Compliance Officer, plus a full time Network Data Protection Officer and two assistants. We are approved and validated participants in the EU-US Privacy Shield.