When running a survey that is limited to members, each potential respondent is given a unique link, and a token is recorded when they complete the survey that is unique to them. As with an election ballot, it is possible to cross-reference that token to the membership number/email address of the respondent, but the following guideline is intended to prohibit this in all but the most exceptional circumstances.

1. When running a survey that is limited to members, a unique token for each respondent may be recorded. This is to ensure no-one can vote twice, and to allow targeted reminders to  be sent to those who have not voted.
2. Access to individualised survey data will be on a need to know basis, and would normally be limited to one or two members of the Executive Committee who may be assisted by UCU staff as appropriate. They shall not be permitted to identify responses to particular respondents except where abuse of the survey is suspected (e.g. someone using someone else’s link to register a vote) and such an intervention is authorised and agreed by at least three executive officers as a proportionate means to prevent future abuses. For any such intervention the reasons must be recorded in writing, with a note of who authorised it, and reported to the Executive Committee. In such a case, only the response connected to the suspected malpractice may be identified.
3. The identifying tokens should be purged within 24 hours of the survey closing, making it impossible to connect responses with respondents after this. Prior to this data being purged, a list of non-respondents may be extracted for the purpose of analysing the distribution of respondents/non-reponsents (this data should also then be anonymised).

Sept 16 (updated Jan 18)