Wait — you want my PII? Oh… oh my…

privacy-policy-538719_640
Isn’t it about every week or so we hear about millions of rows of personally identifiable information swiped, stolen, misplaced or manipulated?

As we wrap up Data Privacy Month (Jan. 28th to Feb. 28th), an article over on SingleHop summarized 5 industries that were exposed (ha ha) in 2014. Some were high profile, others really kept it under the radar or potentially denied it altogether.

Industries affected include:

  • Cloud Services (Dropbox, iCloud);
  • Entertainment (Sony Pictures, Sony PlayStation, Xbox);
  • Finance (J.P. Morgan Chase and Goldman Sachs);
  • Retail (eBay, Home Depot, Michaels);
  • Education (U. Maryland, Seattle Public Schools).

Basically, 2014 was not a great year for data security for a lot of people. It raised awareness of vulnerability of data across the board and started a discussion about how to be smart with data.

In light of this, we wanted to reassure you that we take the privacy of your content and data very seriously! From implementing the highest security standards possible to rigorous security testing and monitoring to service level agreements, 24-hour network and server staff coverage, and much more, keeping your data safe is a very high priority. It’s the least we can do.

But data security can also benefit from action on the part of the end user. So, what about you – what can you do?

Here are a few ideas on what you can do as a QuestionPro customer:

  • Don’t share your username and account with others, even with co-workers. Not only is it a violation of terms, but it also increases the risk of someone transmitting your username/password in an non-secure fashion or it ending up on a computer with malware installed, etc. It’s just best to avoid this altogether. If you need multiple users on your account, we can set that up. The price for a sub-account will far outweigh the cost of ending up on the news for a data breach, let alone losing the trust of your audience.
  • Change your password frequently, make it something only you know, and don’t use the same password over and over.
  • Don’t use your name or your birthday in your password. Instead, use a combination of letters (upper- and lower-case), numbers, and special characters (check the system you’re creating a password on to check what special characters are allowed in a password).
  • Don’t ask for personally identifiable information (PII) from respondents unless it is absolutely necessary. In the event of a data breach, you don’t want to find yourself realizing that you had stored sensitive information in your survey account that didn’t need to be there in the first place.
  • If you do collect PII, secure it. You can password-protect your reports. Once you’re done using the PII, if there is no reason to keep it in your QuestionPro account, delete it. If you think you may need it again in the future, use a secure method to store the information outside of your QuestionPro account, then remove it from your QuestionPro account.
  • Review your data on a regular basis. Check what information you and your team have collected in your surveys. Is there potentially sensitive data being stored that hasn’t been used in the past six months and like won’t be used in the future? Remove it.
  • Carefully review your survey data before you share your report with anyone else. Are you sharing extra data that they don’t need to know? If so, look into creating filtered versions of your report so that those reviewing it only see what they need to see. You can also use row-level data security for dashboard accounts (sub-accounts).

Bottom line, when it comes to survey data, treat respondent data the way you would expect someone else to treat your data.