Local storage of form content (GDPR issues)

217
2
01-22-2020 03:18 AM
DataOfficer
Regular Contributor

I am developing a Survey123 form for a wildlife survey to be used by a network of volunteers. Whilst testing the form on mobile devices, I have noticed that all of the content used to create the form (e.g. media folder) are available on the device (e.g. My Files > Device storage > ArcGIS > My Surveys > 'Survey name/code' > esriinfo). Is there any way to secure this content so it is unavailable to the user when they download the survey? In particular, I am wanting to use a pulldata function to pull in personal details from an external csv in the media folder based on the AGOL username from their sign in. This has GDPR implications and limits the capabilities of such functions. I will have to exclude any such usage if there is no way of securing the underlying data. The same issue applies to any sensitive information stored in choice lists which may only be visible to certain users (e.g. site names) based on a choice filter.

Many thanks,

Rob

#GDPR #storage #secure storage #data security

0 Kudos
2 Replies
JamesTedrick
Esri Esteemed Contributor

Hi Rob,

If you want to lookup personal details with the form via pulldata, they must be included with the form as a CSV file.  If this is a data concern, could the personal details be attached after the form is submitted based on the user info?  This sounds possible from the workflow described (looking up details can be done at any stage of the process; is there a particular reason it must be done as the form is being initially filled in?)

0 Kudos
DataOfficer
Regular Contributor

Hi James,
Yes they are currently included in a csv in the media folder, but testing has revealed that the My Survey Designs folder is completely open to the form user on their device. This includes access to the media subfolder. Attaching the details after the form is submitted is an option, but is not our preferred workflow for this particular project. Building it in to the Survey123 form would allow users to correct any changes in their contact details within the form. I was hoping there was a way the source data for the form could be made inaccessible on the user's device. Is there any reason that ESRI has not secured the survey folders when downloaded? This not only affects personal details, but information in the XLSForm and choices lists that we would prefer was not so easily accessible by anyone downloading the survey forms. 

0 Kudos