-
Notifications
You must be signed in to change notification settings - Fork 25
Privacy
Ryan Wold edited this page Nov 17, 2020
·
3 revisions
- Touchpoints Privacy Impact Assessment document
- Touchpoints Terms of Service
For this document, “customers” refers to federal agencies utilizing survey tools for collecting user feedback on public services, and “users” refers to members of the public.
- Unauthorized information collection
- Feedback Analytics Program maintains Privacy Impact Assessment documentation
- Provide training for Feedback Analytics agency customers
- Use of approved sampling protocols
- Structured information collections (PRA)
- Training/in-application affordances for Touchpoints users:
- Data minimization: Touchpoints collects minimal metadata with submissions such as IP address, browser name, referrer in addition to survey response
- Protections against unauthorized information collection: instructions and notices to users, limiting the use of open text fields, help text reminding users not to enter sensitive information in survey fields.
- Inappropriate information collection
- Training for Feedback Analytics Program agency customers
- The PRA approval process for new form instruments are required to explain the nature and purpose of their information collection from survey respondents
- Inappropriate information disclosure (e.g. a survey respondent includes their social security number in a free-text response field)
- Training for Feedback Analytics Program agency customers
- Appropriate information disclosures on form instruments
- Ensuring the OMB PRA clearance under which collection occurs allows for publication or release before distributing, publishing, or otherwise sharing
- De-identification as a risk mitigation
- How to flag inappropriate submissions in Touchpoints admin interface to prevent download of unnecessary sensitive info by customer
- Misuse of information
- Training for Feedback Analytics Program agency customers
- Partner agency administrative user data is never shared.
- Access to survey response data in Touchpoints is shared on a need-to-know basis, as determined by each survey's Form Manager.
- Customers are informed of the application of records retention rules for all Touchpoints records (currently via Touchpoints’ Terms of Service).
- Use limitation
- Data submitted by survey respondents is hosted and stored by GSA on behalf of Agency Customers. Submission data may be viewed in a simple tabular format within the Touchpoints Administrative Interface, or downloaded for analysis via common tools, e.g. Excel or Tableau. Data exports are available via file download only, not sent as email attachments. Data exports are recorded in Touchpoints' application logs for audit purposes.