Data privacy and security are vital in today’s world. Large-scale data breaches make headlines on a consistent basis, putting customer data at risk and costing companies big time, both through the financial hit to clean up the mess and immeasurable damage to their reputations.
Relentless vigilance regarding data security should be paramount for everyone in your organisation. It’s essential to do everything possible to prevent hackers from compromising customer and organisational data, including survey data, as well as having a rapid response plan in place to limit the damage in the event a breach does occur.
Any type of data could be subject to a breach, which is why making sure your survey data is well protected is essential for maintaining trust with your customers and assuring them that the data you collect is accurate and not vulnerable to attacks or leaks.
The battle against hackers is a war without an end, and security experts often quip that hackers only need to be right once whereas data security professionals need to win every day.
Security is not an area in which you want to experiment or take any risks. There are established data security best practices that are constantly being updated and improved on to ward off existing risks while anticipating new ones. When it comes to surveys, you need to be certain that you are ensuring the privacy and security of your survey respondents and adhering to relevant regulations, such as HIPAA, GDPR and CCPA.
Also, it’s important to bear in mind the fact that ensuring data privacy goes beyond just keeping the bad guys at bay. A company that has a strong commitment to data privacy builds greater trust with customers. When you are conducting surveys, that trust can translate to a greater response rate and respondents sharing more robust insights that provide you with more credible and actionable data.
Deeper Dive: Check out SurveyMonkey’s Data Collection and Privacy Best Practices
Following established privacy practices can help ensure that data stays secure while giving your survey respondents peace of mind that their information will remain safe. This not only provides protection for your company and respondents but also makes people more likely to complete a survey.
Describe your privacy practices in a survey introduction or in the email inviting people to take your survey. You can also add a hyperlink directly to your privacy notice. You can use skip logic to disqualify respondents who don't agree with your privacy notice or practices.
Data privacy practices should include the following:
For instance, SurveyMonkey’s Privacy Policy describes how we handle your data. The policy was developed in consultation with experts to ensure that it is comprehensive, transparent and implements best practices. Computerworld decided to review our privacy practices and commented that we “get the nod” for codifying our privacy practices “into clear online disclosures and commitments” and that we take security measures that they saw “Fortune 500 firms taking”.
Take a closer look at how SurveyMonkey Handles Your Data
Include a consent form: A consent form gives written permission to another party that they understand the terms of an event or activity that will be performed. Including this as part of a survey protects your company by making it clear to respondents how the information they provide may be used.
Delete data once it’s no longer needed: Hoarding old and outdated data can lead to trouble by increasing risks that long-forgotten data might be compromised. It’s a best practice to establish clear guidelines that govern how long data will be retained, as well as how it will be properly deleted.
Deeper Dive: Fortify your security efforts with SurveyMonkey’s Privacy for survey creators
Sensitive health information about your customers or patients is private, and HIPAA is a law designed to make sure it stays that way in the USA.
Indeed, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a law applicable in the USA which creates national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.
If you work in healthcare in any capacity, you need to be compliant with the regulations applicable in matters of health privacy in your country (such as HIPAA in the United States) or run the risk of being audited or fined and losing the trust of your customers or patients. The bottom line is that if you are handling protected health information (PHI), you need to be compliant with these health privacy regulations.
SurveyMonkey offers a number of options specifically for the healthcare industry, from HIPAA-compliant accounts to healthcare survey templates.
GDPR are regulations that govern data protection in the European Union. But you need to take them into account wherever you are in the world. That’s because GDPR measures still need to be taken regardless of whether a business is located in Europe or not.
The General Data Protection Regulation (GDPR) is a regulation that covers data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas.
The GDPR's primary aim is to give individuals control over their personal data and to simplify the regulatory environment for international business by unifying the regulation. It applies to any enterprise, regardless of its location and the data subjects' citizenship or residence, that is processing the personal information of individuals inside the EEA.
The regulation became a model for many laws outside the EU, including the California Consumer Privacy Act (CCPA), adopted in June 2018.
The California Consumer Privacy Act (CCPA) is a state-wide data privacy law that regulates how businesses all over the world are allowed to handle the personal information (PI) of California residents.
The effective date of the CCPA is 1 January 2020. It is the first law of its kind in the United States.
If you have customers or survey respondents who reside in California, you need to be aware of this law and take steps to ensure that you are in compliance.
CCPA applies to any for-profit business in the world that sells the personal information of more than 50,000 California residents annually, or has an annual gross revenue exceeding $25 million, or derives more than 50 percent of its annual revenue from selling the personal information of California residents.
Additionally, if a company shares common branding (i.e. shared name, service mark or trademark) with another business that is liable under the CCPA, the company will be subject to CCPA compliance as well.
Under the CCPA, California residents (“consumers”) are empowered with the right to opt out of having their data sold to third parties, the right to request disclosure of data already collected and the right to request deletion of data collected.
Deeper Dive: SurveyMonkey’s Data Security and Compliance
Of course, the purpose of conducting a survey is to collect useful data and information about your target audience. Yet, in the process, you have to be vigilant about making sure that you are complying with data privacy and security regulations and guidelines to avoid being out of compliance or compromising personal information from survey respondents.
There are several key security issues to focus on when you intend to collect data, including minimising the amount of personally identifiable information, data encryption, anonymous surveys and secure access.
It’s best practice to minimise the amount of personally identifiable information collected for surveys. In simple terms, you need to avoid collecting information that potentially discloses sensitive personal information of respondents, including National Insurance numbers, telephone numbers and email or physical addresses.
You need to ensure that your data doesn’t end up in the hands of unauthorised users. And data encryption is a key line of defence to prevent that from happening.
Encryption is the process through which data is encoded to keep it hidden from or inaccessible to unauthorised users. Encryption helps protect private information and sensitive data, and it can enhance the security of communication between client apps and servers. When your data is encrypted, even if an unauthorised person manages to access it, they will not be able to read the content of the data.
When data is encrypted, an encryption algorithm is used to translate (encode) plaintext or readable data into unreadable data or ciphertext. Only the corresponding decryption key can then unscramble ciphertext back into readable plaintext.
Making survey responses anonymous can help improve data privacy because you are not collecting personal information that could potentially be compromised. This lowers the risks to your organisation.
A big added benefit of anonymous surveys is that you'll probably see increased response rates and more candid answers from respondents. The promise of anonymity removes some of the more common barriers for survey participants. For instance, if you are conducting a survey of your employees, making the survey anonymous reduces the fear that answers could lead to repercussions from HR and gives employees the freedom to be more candid and detailed in their responses.
SurveyMonkey’s Anonymous Responses collector option makes things easy by allowing you to choose whether or not to track and store identifiable respondent information in survey results. SurveyMonkey records respondent IP addresses in backend logs and deletes them after 13 months.
Data security encompasses many aspects of protecting and securing data, from password security to creating secure access to survey data and results, as well as effectively storing and disposing of old data.
When it comes to passwords, it should be common sense by now that you shouldn’t use the word ‘password’ if you want any hope of thwarting hackers.
Yet a study of the most common passwords of 2020 found that ‘password’ ranked number four. The most common password? 123456. Not good.
Password security is critical to protecting survey data and users should be encouraged to use passwords that are unique and unpredictable. There are password management tools that can help make creating unique passwords easy while not requiring users to have a lengthy list of passwords stored in their minds. Two-factor authentication also adds an extra layer of security to keep the hackers at bay.
If you are using SurveyMonkey, it’s important to pick and maintain your password carefully, as it is the key to accessing respondents’ personal information. We recommend:
It’s critical to ensure that your data storage system is secure. Best practice is to use a secure data centre or Central File Storage and it’s a good idea to be able to have ready visibility into your physical storage location.
When using SurveyMonkey, all your respondents’ information is securely stored in our SOC 2-accredited data centres that adhere to security and technical best practices. We ensure that collected data is transmitted over a secure HTTPS connection and user logins are protected via TLS. Data at rest is encrypted using industry-standard encryption algorithms and strength.
Of course, there are many instances when you want to share survey data with key business partners throughout your organisation. Yet, when doing so, you need to make sure that sharing is conducted in a secure manner to ward off any breaches or prevent unauthorised users from viewing what could be sensitive data or personal information of respondents.
Providing secure access is essential for protecting survey data. For starters, it’s key to avoid storing data in siloed locations such as laptops, mobile devices or personal devices, which have a higher risk of theft and being compromised. Sharing your login credentials can let respondents’ survey data get into the wrong hands. For example, if a colleague you share your account with leaves your company, they can still access the survey responses. They can also give your login credentials to others, increasing the chances that someone can potentially use the data irresponsibly. To let others see your survey and review your responses in a productive and secure way, try one of these two approaches:
SSL (Secure Sockets Layer) is a protocol for establishing authenticated and encrypted links between networked computers for an added layer of security.
When installed on a web server, SSL activates a padlock and the https protocol, and allows secure connections from a web server to a browser. Typically, SSL is used to secure credit card transactions, data transfer and logins. However, as of more recently, it is becoming the norm when securing browsing of social media sites.
Stay secure!
If you want to make the most of your survey efforts while maintaining the trust and engagement of your customers, ensure that you make privacy and security a top priority. SurveyMonkey can help you improve your data security with key information regarding security and compliance.
Learn more about how SurveyMonkey protects your survey data and how you can make sure you keep it safe.
Discover our toolkits, designed to help you leverage feedback in your role or industry.
Learn how to use questionnaires to collect data to be used in market research for your business. We share examples, templates and use cases.
Ask the right questions on your exit interview survey to reduce employee attrition. Get started today with our employee form builder tools and templates.
Get the permissions you need with a custom consent form. Sign up for free today to create forms with our consent form templates.