Even as market-research companies see a recovery in their top lines, their bottom lines could take a hit in the wake of a new Massachusetts law intended to stem identity theft and fraud across a broad range of industries.
Companies ended 2009 with strong gains, according to an index published by the Glastonbury-based Marketing Research Association, many of whose members are based in Connecticut and Massachusetts, which have long been industry hubs.
Fairfield County is home to a large cluster of market-research companies, from Stamford-based Gartner Inc. which has more than 850 employees locally who track technology trends, to By Kids For Kids Inc. and Kid Focus, which have their facilities in Stamford and Norwalk respectively.
In the Marketing Research Association (MRA) survey, half of those polled reported an increase in projects and booked revenue over the previous quarter, and deep cuts in staffing appear to be over.
“Marketing and opinion researchers have had to deal not only with the worst economic and business climate since the Great Depression, but have also faced a series of legislative threats to the way we conduct our work,” said Elisa Galloway, president-elect of MRA and owner of San Antonio-based Galloway Research Center, in a letter to members published in late April.
MRA holds its annual conference in June in Boston, where one hot topic is certain to be a new Massachusetts law that requires businesses with access to personal information of Bay State residents to encrypt data and to ready a comprehensive notification policy in the event of a security breach. The law went into effect in March, and applies to any information that includes a person”™s name paired with a Social Security number; driver”™s license number; or financial account number, including credit card.
Compliance with the regulation will cost market research companies significant time and money, according to LaToya Rembert-Lang, general counsel of MRA.
The legislation is also being closely tracked by the Council of American Survey Research Organizations (CASRO), which is based in Port Jefferson, N.Y.
Under the law, companies must:
- designate at least one employee to lead a data security program;
- identify risks and improve safeguards, including the detection of loopholes;
- train workers;
- develop policies governing how employees should be allowed to store, access and transport records containing personal information;
- establish disciplinary measures for employee violations;
- ensure that former employees no longer have access to personal information, possibly to include changing passwords;
- establish effective oversight of any service providers and vendors with access to personal information;
- monitor any security program to ensure it is operating as intended, including reviews annually and after any relevant change in business practices; and
- document the steps taken to respond to a security breach.
The law also applies to any company that employs a Massachusetts resident.
As the market research industry gathers this June in Boston, companies will likely be discussing not only the new law but renewed attention on hiring, as consumer spending recovers and corporations replenish their marketing budgets.
“As the business climate begins to show signs of recovery, many businesses find themselves needing to rebuild staffing and service capacity to meet client demands that remain unpredictable,” Galloway said. “It is ”¦ hard to remember a time when we faced a labor market so full of bright and highly educated young minds, desperately eager for the opportunity to learn our craft.”
