Confidentiality of data collected for rural health work. Potential funder has reservations

Does anyone have any references or information confirming the ability to
keep ODK-collected date confidential regarding online storage and transfer?
A potential funder for a project using ODK to collect health data in a
rural area has listed this as a major concern.

thx

I'm curious, In this case, who is expected to be responsible for running
the backend server?

/r
Nik

··· On Friday, December 7, 2012, Taylor Mayol wrote:

Does anyone have any references or information confirming the ability to
keep ODK-collected date confidential regarding online storage and transfer?
A potential funder for a project using ODK to collect health data in a
rural area has listed this as a major concern.

thx

--
Post: opendatakit@googlegroups.com <javascript:_e({}, 'cvml',
'opendatakit@googlegroups.com');>
Unsubscribe: opendatakit+unsubscribe@googlegroups.com <javascript:_e({},
'cvml', 'opendatakit%2Bunsubscribe@googlegroups.com');>
Options: http://groups.google.com/group/opendatakit?hl=en

A NGO that runs the projects.

··· On Friday, December 7, 2012 10:30:29 AM UTC+3, ニコノコ wrote: > > I'm curious, In this case, who is expected to be responsible for running > the backend server? > > /r > Nik > > On Friday, December 7, 2012, Taylor Mayol wrote: > >> Does anyone have any references or information confirming the ability to >> keep ODK-collected date confidential regarding online storage and transfer? >> A potential funder for a project using ODK to collect health data in a >> rural area has listed this as a major concern. >> >> thx >> >> -- >> Post: opendatakit@googlegroups.com >> Unsubscribe: opendatakit+unsubscribe@googlegroups.com >> Options: http://groups.google.com/group/opendatakit?hl=en >> >

Hi Taylor

Theoretically there are 2 areas of concern. One is access to stored data,
if they are concerned about security around access to data then it may be
in their interest to use a local instance of ODK. They will then be in
control of who has access to the data.

The other are of concern is the data stored on the devices and the
transmission of the data to aggregate from the device. Transmission can be
encrypted in the transmission from the device to the aggregate server so
interception of data is addressed there, however the stored data on the
devices would require some level of responsibility and access control set
up on the devices to prevent unauthorised access to this local data. This
is a lesser concern as one would need to know the data is there in the
first place and then know how the data is stored. I am sure someone on the
community will be able to give you a mod to sync the data to the server
automatically without having to remember to submit and then remove the
saved form upon successful submission, in this case you data access concern
is negated here.

I am new to ODK so there may be a few things I am missing, if so I am sure
the community will see the error in my ways! :slight_smile:

Bashir

··· On Fri, Dec 7, 2012 at 10:01 AM, Taylor Mayol wrote:

A NGO that runs the projects.

On Friday, December 7, 2012 10:30:29 AM UTC+3, ニコノコ wrote:

I'm curious, In this case, who is expected to be responsible for running
the backend server?

/r
Nik

On Friday, December 7, 2012, Taylor Mayol wrote:

Does anyone have any references or information confirming the ability to
keep ODK-collected date confidential regarding online storage and transfer?
A potential funder for a project using ODK to collect health data in a
rural area has listed this as a major concern.

thx

--
Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@**googlegroups.com
Options: http://groups.google.com/**group/opendatakit?hl=enhttp://groups.google.com/group/opendatakit?hl=en

--
Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en

Is this the same organization who is worried about data confidentiality?

In addition to what Bashir wrote, you may also opt to encrypt the data
stored in the device (after it's finalized), and before it's transmitted
over secure connections.

Encrypted data will also unreadable in the Aggregate server, and cannot
take advantage of many of its features. But where security is a major
concern, perhaps that's worth the effort.

I'm pretty sure this is an important concern for many others and more
experienced ODK implementers will chime in.

/r
Nik

··· On Friday, December 7, 2012, Taylor Mayol wrote:

A NGO that runs the projects.

On Friday, December 7, 2012 10:30:29 AM UTC+3, ニコノコ wrote:

I'm curious, In this case, who is expected to be responsible for running
the backend server?

/r
Nik

On Friday, December 7, 2012, Taylor Mayol wrote:

Does anyone have any references or information confirming the ability to
keep ODK-collected date confidential regarding online storage and transfer?
A potential funder for a project using ODK to collect health data in a
rural area has listed this as a major concern.

thx

--
Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@**googlegroups.com
Options: http://groups.google.com/**group/opendatakit?hl=enhttp://groups.google.com/group/opendatakit?hl=en

--
Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en

http://opendatakit.org/help/encrypted-forms/

··· On Fri, Dec 7, 2012 at 12:37 AM, ゴー・ニコライ wrote:

Is this the same organization who is worried about data confidentiality?

In addition to what Bashir wrote, you may also opt to encrypt the data
stored in the device (after it's finalized), and before it's transmitted
over secure connections.

Encrypted data will also unreadable in the Aggregate server, and cannot
take advantage of many of its features. But where security is a major
concern, perhaps that's worth the effort.

I'm pretty sure this is an important concern for many others and more
experienced ODK implementers will chime in.

/r
Nik

On Friday, December 7, 2012, Taylor Mayol wrote:

A NGO that runs the projects.

On Friday, December 7, 2012 10:30:29 AM UTC+3, ニコノコ wrote:

I'm curious, In this case, who is expected to be responsible for running
the backend server?

/r
Nik

On Friday, December 7, 2012, Taylor Mayol wrote:

Does anyone have any references or information confirming the ability
to keep ODK-collected date confidential regarding online storage and
transfer? A potential funder for a project using ODK to collect health data
in a rural area has listed this as a major concern.

thx

--
Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@**googlegroups.com
Options: http://groups.google.com/**group/opendatakit?hl=enhttp://groups.google.com/group/opendatakit?hl=en

--
Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en

--
Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en

--
Mitch Sundt
Software Engineer
University of Washington
mitchellsundt@gmail.com