If you are dealing with very sensitive data, you have to think beyond your own data security systems and also carefully consider the tools you are using. Because of the move to cloud and web-based services, it is important to understand how your data is being kept and stored by outside parties. For example, tools like SurveyMonkey or PollEverywhere may not have the same security settings that you have in your own computer systems.
At The Improve Group, it is our utmost commitment to sustain and protect the sensitive data of our clients and we take comprehensive measures to make sure all the data in our care is protected. First it is important to understand when the data you are dealing with is sensitive. There are some things to look for and some precautionary methods you can take to keep your data protected.
When is my data sensitive?
With client information, you can assume that the data is sensitive and meant to be kept private unless you have come to another agreement with your clients. Information that can be used to identify your client or patient is always sensitive and should therefore be kept private. Identifying information can be as obvious as a client’s name, but may also be less obvious. Examples include: marital status, number of children, residency, etc. If the information can be put together to discover who the client is, then hiding the client’s name really does not do much for you. One precautionary measure to take is to always keep identifying information private. When we did a survey for the Minnesota State Arts Board, we realized that even two fields of information – county of residence and occupation – could potentially be used to identify respondents in some communities.
There are even some unexpected things that might be considered private. For example, it may seem obvious that many participants may want to keep their enrollment in a medical program private, because they don’t want to disclose their health status. However, people might even want to keep their participation in programs private when the program does not have any obvious social stigmas, such as an art program, if it is targeted at a group that people don’t want to associate with publicly, such as victims of violence.
Things to look for and precautionary measures
It is important to stay current on all of the changing rules that govern your data. As a precaution, start with identifying what laws or regulations apply to the information that you keep, so you can ensure your compliance. For example, if storing private health information, know the security rules of HIPAA. Education data is governed by several rules, including FERPA. If you are still cautious about the protection of your data, then encrypt it when it is being sent through web-based services and allow for it to be decrypted upon reception. This is the number one way to ensure that your data is always being protected.
Finally, use services that are very clear about how they store and manage data. They should have a clear statement about the steps they take to ensure security. An example is ClientTrack, an online client-management database, which has a very straightforward security statement and a way to get more information if needed. If the data stored on web-based services is not secure, third parties may mine or purchase the data for their own use, such as market research or other studies. This is not good, because allowing for sensitive information to go public, though not being what you intended, could come back and bite you.
Have there been times when you were unsure whether you were keeping sensitive information protected? Have you ever been the victim due to someone else accessing your data? Please share and provide some more information on methods you use to keep your data safe!