Sensitive information sharing policy

As part of your SurveyCTO experience you may need to share information with us on a discretionary basis (most often in a support request). When you do this, we ask that you refrain from sharing any information, data, files, or anything else, that might be sensitive in nature. However, there is almost always an alternative which doesn't involve sharing sensitive information. 

This is a separate policy document from our privacy policy which governs all the data we require from you to offer SurveyCTO as a service. This document deals only with discretionary sharing by users.

Who is responsible for sharing sensitive information?

You are. We can share no responsibility for the consequences of sharing potentially sensitive information unprompted. The reason is partly that we won't always know what is sensitive, or be able to identify the sensitive parts of what you share for what they are. Therefore, we cannot assume any responsibility. For this reason, we assume nothing you share with us is sensitive, unless you raise the subject with us.

What security measures exist to protect my data?

We employ industry standard and stronger measures to help keep your data safe (learn about SurveyCTO security here). As a matter of policy, you can trust that the team at Dobility, inc. will treat anything you share as confidential by default. Unfortunately, data security on the internet has to do with more than service providers and their customers. For this reason, you should never share more than you need to, especially when data is sensitive.

What can I do if what I need to share includes some sensitive data?

Here are a few coping strategies, depending on what you need to share:

  • Form designs: make a copy of the form design you need to share, and subset it down to just the necessary fields which are the basis of what you need help with. Consider editing field labels (and other field properties), to redact anything that might be sensitive.
  • Pre-load data: anonymize the data before sharing it. This can be easily done in a spreadsheet using autofill, replacing columns of sensitive data with dummy values. Alternatively, generate a few rows of dummy data in a new file to share instead of your actual pre-load data.
  • Multimedia attachments: for the most part, you can omit attached video, audio, or images, but if you feel you need to share such files, consider sharing freely available media you can find online as substitutes.

What happens if I've already shared sensitive information?

Firstly, don't worry right away. Our systems and security precautions are high, so the risk of exposure beyond our systems are low. Second, explain the situation to the team member you're in contact with, and we'll initiate a process to eliminate all copies of that data. In the case of sharing sensitive information on a support ticket, our checklist looks like this:

  1. Contact every recipient of support ticket updates to ask whether they downloaded any attachments.
  2. Ask all downloaders to delete the files, and empty their trash folders on their computers.
  3. Note confirmation of step 2 by all recipients.
  4. In the case that the sensitive information was shared in body text, all recipients of support ticket notifications are asked to delete their copies of these notifications in their email inboxes.
  5. The support ticket itself is deleted from our support system.
  6. Confirm with you, the user, that all of the above steps have been completed.

If you have any doubts, please write to us first and discuss your data sharing concerns with us before sharing any files.

 

Do you have thoughts on this support article? We'd love to hear them! Feel free to fill out this feedback form.

0 Comments

Please sign in to leave a comment.