WebSurvey Privacy and Security Precautions
The survey tool runs on a secure website so all information entered by respondents goes via https and the researcher uses the same secure web interface to retrieve the aggregate and/or raw data.
Unique responses can be ensured only if the respondent pool is limited to users with an SFU Computing ID. This is a setting that is available from the administrator interface. There is also a check box to indicate that users should be limited to a single submission. When a user fills in the survey, his or her computing ID is encrypted and stored in a list for that survey. If the same person tries to fill out the survey again, the encryption is repeated and compared to the existing list of encrypted usernames. These usernames cannot be unencrypted and even if one could, they couldn't relate any given username back to a specific submission. This ensures both anonymity and unique responses.
All data is processed and stored on site in the SFU machine room. Data is stored in a mySQL database on a tier three machine and is kept indefinitely. The survey administrator has the ability to delete all submissions permanently at any time.
As long as the data is kept within the WebSurvey system it should meet the security criteria for most projects. The system does have an export function to allow the administrator to export the data as a text file for use in local processing. The data remains secure during transfer as well, but it is up to the people with administrative access to ensure that any exported data remains secure or is deleted after reports are generated.