desktop 🠖 project information

IRB and Security Best Practices

We recognize that data security is a primary concern for most researchers. Network Canvas was born in the context of sensitive public health research with marginalized populations, and we have used our experience conducting studies in this space to guide our security paradigm.

Network Canvas uses modern security features, and has built on existing technologies and widely used implementations. Our data security approach focuses on data transfer, since we work on the assumption that devices running the Suite will be fully controlled by researchers. This means that data transfer is the most vulnerable step in the workflow.

Data Storage

Where Network Canvas data is stored is up to the researcher.

We do not transmit, collect or retain any data from or about any study. The data collected in the field is yours, and is only ever stored on your devices. Additionally, we do not use cookies or other tracking tokens of any kind within Network Canvas.

Security Best Practices

Since the onus of data storage and device security is on the researcher, we suggest the following best practices to ensure the security of your Network Canvas study data:

Turn on full-disk encryption (OS). Network Canvas does not not encrypt its data stores, since the keys would be trivial to uncover from within the apps themselves.
Use strong passwords/passcodes on devices. Implement user access controls to prevent multi-user systems from granting access to data from other user accounts.
Restrict physical access to devices. The use of 'kiosk' modes (or similar), along with full constant supervision of the interview, to prevent research participants from accessing data within the app.
Minimize time study data remains on field devices. Uploading data to designated secured storage locations as regularly as possible, and then deleting it from field devices, helps limit risk of breach (e.g. a device being stolen).