You are currently viewing 5 Ways to Improve Your Data Security (Today!) for Digital Data Collection

Note: A version of this post originally appeared on the Mobile Solutions Technical Assistance and Research (mSTAR) project blog.

Close your eyes and imagine you’re being interviewed about your sexual behaviors, your finances, and your health conditions – and then asked the same questions about each member of your family. The person speaking with you has taken photos of you, your children, and your home, and they captured your GPS coordinates within one meter of accuracy.

You’ve trusted a stranger with incredibly personal and easily identifiable information.

But what steps are they taking to keep your data secure and your family safe?

On Thursday, March 9, mSTAR’s Abdul Bari Farahi and SurveyCTO’s Faizan Diwan led a presentation on data security for electronic field-based data collection with an emphasis on what you can do today to improve security practices during each step of the process.

Here are five takeaways:

1) Improve your security on tablets and smartphones

  • Encrypt your tablets
    • Most Android devices come with 1-2-click settings to encrypt tablets as a whole
  • Install an Android app that allows you to lock, track, and wipe remotely (e.g. Avira)
  • Use a data collection app that allows for encrypting collected data “at-rest”
    • This way, even those who collect the data can no longer see it after the form has been finalized

2) Improve security on your server

  • Use a platform that allows you to use your own encryption keys, so even your software vendor cannot view the data if they try
    • Encryption in transit and encryption at rest are not enough
  • Use a good password!

3) Improve security on your computer

  • Keep exported data in an encrypted folder on your computer when not in use
    • BoxCryptor offers a desktop encryption option that lets you share data via Box while keeping it encrypted
  • Use a good password!
  • For an additional layer of security, you use a cold room computer, which is never connected to the internet
  • Avoid connecting to unknown and insecure and or unencrypted networks

4) Improve security for your organization

  • Develop standards of practice, check lists, and other shared resources
  • Mitigate cybersecurity risk
  • Use technology that is secure but convenient
  • Use two-factor authentication where possible
  • Raise security awareness within organizations
  • Avoid single point of failure on all critical elements of business including employees, servers, technologies, and strategies
  • Backup data continuously
  • Create an environment for continuous monitoring of “everything all the time”

5) Improve security in your sector

  • Encourage donors to increase pressure on grantees to deliver on data security commitments
  • Work with IRBs to create electronic data security policies in their requirements and guidelines
  • Develop sector-wide standards for reporting and investigating data security lapses

Too often the perceived costs of strong data security get in the way of taking low-burden but high-impact action to improve practices. And while the costs of poor practices can be hard to quantify, the risk to your reputation and to the safety of respondents, particularly in humanitarian situations, is all too real.

Photo courtesy of John Snow, Inc.

Chris Robert

Founder

Chris is the founder of SurveyCTO. He now serves as Director and Founder Emeritus, supporting Dobility in a variety of part-time capacities. Over the course of Dobility’s first 10 years, he held several positions, including CEO, CTO, and Head of Product.

Before founding Dobility, he was involved in a long-term project to evaluate the impacts of microfinance in South India; developed online curriculum for a program to promote the use of evidence in policy-making in Pakistan and India; and taught statistics and policy analysis at the Harvard Kennedy School. Before that, he co-founded and helped grow an internet technology consultancy and led technology efforts for the top provider of software and hardware for multi-user bulletin board systems (the online systems most prominent before the Internet).