Security
We at UDS recognize that data security and confidentialty are absolutely essential and non-negotiable when conducting surveys for client orgnaizations and providing them with reports of survey results. We recognize that the success of on-line surveys rests upon the trust and confidence that both the client and the survey respondents feel toward the security and confidentiality of both the electronic data gathering process and the analysis and reporting of data.
Both our privacy policy statement and our privacy practices have been designed to allow client organizations to feel secure that they will not be subjected to legal risks and respondents to feel their responses are confidential and that they can provide completely candid responses.
How do we achieve this level of security and confidentiality?
We follow a rigorously enforced policy of never providing the client organization with any means, including data analysis displays, that would permit the matching of individual respondents and their responses. Only aggregate data summaries, presented by various grouping variables are provided in the survey’s data analysis reports.
Our Security and Confidentiality Philosophy is Simple:
In addition to being every person’s right, confidentiality is basic to obtaining candid response, and there is no informational benefit to be gained by linking individual respondents and their responses in the statistical analysis reports, so we do not do it, period!
Data quality is but one piece of the puzzle. The data collected must be protected 1) as they are collected, and 2) where they are stored. This issue has become so important, even at the international level, that laws have been enacted to protect the privacy of data that are collected. Much of the web-based survey work done around the world falls into the categories that have laws in this area. You can find our privacy policy statement page gives the details about how we ensure privacy of respondent data.
Researchers in the United States who perform studies for health plans, health clearing houses, and health care providers who conduct certain financial and administrative transactions electronically are required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to protect confidential data. This act came into full force on 14th,. April, 2003. You can find out more information about the Privacy Rule that applies to U.S. medical research at the U.S. National Institutes of Heath web site.
Canada committed itself to privacy protection in 1984, by signing the Organization for Economic Co-operation and Development (OECD) Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. The OECD Guidelines were used as the basis for the development of the Canadian Standard Association’s Model Code for the Protection of Personal Information (CAN/CSA-Q830-96). In April, 2000, this standard was, enacted into law as The Personal Information Protection and Electronic Documents Act. As a responsible company committed to ethical data collection, we conform to the act in all respects. We also expect our clients to commit in writing to do doing the same.
UDS encourages all researchers to treat the data they collect in accordance with these laws, even if the laws are not applicable to their research. Your respondents will feel much more comfortable answering your questions if they have confidence that you care about respondents’ privacy.
We use high-level SSL encryption for data transfer, and all data is kept behind two locked doors at all times. Coupled with our privacy and data protection policies, we are confident that both you and your respondents are properly protected.
Here are some highlights of our data and privacy protection:
- SSL encryption (RC4 128-bit) using our certificate or yours. Depending on whether you want your questionnaire(s) to appear to be part of your own internet domain or whether you’d like to use our domain, you are in control of the level of security you require for your data. Just tell us which method you’d like to use.
- Technology not prone to Internet viruses, worms, etc.. For our servers, we have chosen the platform that encounters the fewest Internet viruses and worms. We’ve yet to see a virus adversely affect our servers, even though many have tried.
- Data are mirrored to a separate disk drive, backed up every hour to another disk drive, and backed up nightly to separate physical device. Your data are important, and the last thing you want is to lose them. Hence, even after a catastrophe, data recovery is fast and as complete as possible.
- Your data are stored in password protected databases, so that, even if a hacker or burglar gets to the file, access to your data is guarded at yet another level.
- Unlike many other survey hosting providers, we develop all our own software to publish your survey. This means that we can respond quickly to both new feature requests and to any problems you may encounter.
- High bandwidth for fast response to browsers.
- 24-7 server monitoring and failure correction.
- Our privacy policy that fully conforms to the Personal Information Protection and Electronic Documents Act (2000, Chapter 5), which includes the ten principles of the Canadian Standards Association Model Code for the Protection of Personal Information (CAN/CSA-Q830-96). Our clients who host their surveys are required to certify in writing that they will protect the data we collect on their behalf to the same level of security.