- Posts: 103
- Thank you received: 5
Ask the community, share ideas, and connect with other LimeSurvey users!
I don't encryption playing a big role during conduction of a survey. Technically this may become more accessible when done on database level in a transparent way, but I don't see this happening on an application level. Using encryption will be pushed via GDPR in many situations. Think about fullencryption of working environments or static storage. LimeSurvey could be offering more around encryption but the functionality would be different. You could e.g. offer to encrypt everything with a public key of a survey admin. And when the survey admin signs in with the private key, the data will be decrypted during the login session. If you have multiuseraccess you might thing about symmetric encryption. Which will make encrypting data during the survey a lot more difficult (symmetric key needs to be saved in the application and can be used to decrypt data. A public key would be only allow to encrypt and can be exposed).socius wrote: Survey researchers, even in smallest projects, will have to do everything possible to protect the respondents' information. Encryption will play a major role here.
The biggest misunderstand here is that many people think there is DPO exemption for small companies. That is NOT the case when the company is working mostly with personal data. So it doesn't matter if you're have less than ten people in the company.Private sector organisations that on a large scale as part of their core activities regularly and systematically monitor data subjects or process sensitive personal data will also have to appoint a DPO.
And the fines are substantial! (no stable norms without sanctions some sociologists might say here)."If your data is lost or stolen, and if this data breach could harm you, the company causing the data breach will have to inform you (and the relevant data protection supervisory authority) without undue delay. If the company doesn’t do this, it can be fined." ( ec.europa.eu/commission/sites/beta-polit...heet-citizens_en.pdf )
"Be extra careful with special (sensitive) categories of personal data. If the personal data you collect includes information on an individual’s health, race, sexual orientation, religion, political beliefs or trade union membership, it is considered sensitive. Your company can only process this data under specific conditions and you may need to implement additional safeguards, such as encryption." ( ec.europa.eu/commission/sites/beta-polit...e-obligations_en.pdf )
When looking around we see outdated LimeSurvey installations and unencrypted access (no https) to installations. This hasn't changed in all these years. That is a bigger elephant in the room.
Get such issues from time to time. When posting a lot, you get the flooding protection (wait 30 seconds before posting again) and you hit the URL limit (3 or 4 URLs per post). The URL limit really is a pissing me of, since spam robots are posting just one URL per post per x minutes. But I cannot post with the amount of URLs needed.socius wrote: "403 Forbidden" (when I'm logged in) and a
"401 Unauthorized" (when I'm not logged in)
I wonder where you read thatsocius wrote: To add an example: I saw an advice considering printed business cards: