Cyber for MEL

Security for Data Collection Tools

June 28, 2022 by Andrea Kornfeld

Factors to Consider

When deciding which tool to use for data collection, here are some factors to consider:

  • What type of data are you collecting? Will you be collecting PII or other sensitive data (financial or health related)?
  • Is there a need to collect data via paper and then transfer it to a system?
  • Will you need to work offline? (i.e., you will be working in a remote village with no access to internet.)
  • Will you have access to the internet while collecting and using the data? Is having enough bandwidth a concern?
  • How will you control who can access the data? Is it possible to set up role-based access rights?
  • What are the data retention policies built-into the system?
  • Can the software anonymize certain fields?
  • Will you need to do data analytics and visualizations within the collection tool?
  • Will you need to integrate the data collection with external systems?
  • How will you be able to share the raw and processed data?
  • If you are using an application, what are the privacy policies?
  • What is your budget?

If you are collecting PII, additional controls are needed to ensure the data is secure.

  • The identifier needs to be anonymized.
  • The whole dataset needs to be encrypted. (See encryption)

If you are collecting financial or health related information, there may be additional regulations and security safeguards required. In the financial sector, there are Know Your Customer requirements in the US. If you are working on a project with mobile money, you’ll want to follow a similar process.

I would discourage you from trying to build your own solution. Many tools have controls in place to keep PII and other sensitive data secure.

Access groups and sharing data

Use tools that have encryption and access groups built-in to the software.

Access groups allow you to put users into groups based on what kind of access to an application they need. Groups are given various levels of access. For example, you might create a group for people who enter or update data. And another group for people who only need to read data. You can add and remove users to groups to control their access to the data.

The preferred method of sharing data is to send a link to the dataset. Avoid emailing data. Emailing data makes it hard to keep track of who has access to the data, where the data is located, and which version you’re looking at. You could run into issues with people unintentionally emailing data outside your organization. There are also data retention challenges.

If you need to email data or results, see the encryption page for instructions on how to do so securely.

Data Collection Tools

Here are some inexpensive data collection tools. Based on security, my recommendation is to use Commcare. RedCap is also a good option if you are collecting PII or health data. If you have the budget, there are many other products on the market.

When you select the tools you are planning to use to collect, store, and transfer data, it’s important to think about the potential security vulnerabilities in each tool.

Product Name Features Cost
Commcare by Dimagi

Collect high quality data online or offline, clean and manage data, build reports, and integrate third-party integrations.

Security Features:
  • Device encryption
  • Two-factor authentication built-in.
  • Remote wipe
  • Device groups and policies
 $2.00/device/month
RedCap REDCap is a secure web application for building and managing online surveys and databases. While REDCap can be used to collect virtually any type of data in any environment (including compliance with 21 CFR Part 11, FISMA, HIPAA, and GDPR), it is specifically geared to support online and offline data capture for research studies and operations. REDCap is free to non-profit organizations who join the REDCap Consortium.
Google Forms
  • Free for non-profits
  • Business Starter Plan (Includes docs, sheets, forms, gmail, and other tools in suite) $6/user/month
KoBo Toolbox Design forms quickly, collect data online and offline, build reports and visualize data on maps, access data via an API, and export data to excel, csv, kml, zip, and SPSS
  • Free
  • Unlimited Use for Humanitarian Organizations
  • Researchers, Aid Workers & Everyone Else
    10,000 submissions / month 5GB data storage/month

There are many other tools on the market. Here are a few other options: Open Data Kit, Fulcrum, JotForm (50% discount for non-profits), magpi, and TolaData (GDPR compliant).

These sites compare several other products:

References

Security is a process not a purchase
– Electronic Foundation Fund

Data Collection

  1. Factors to Consider
  2. Access groups and sharing data
  3. Data Collection Tools