Abstract

When it comes to technology, victims of domestic violence have even greater security and safety concerns than the rest of the population. Any data collection initiative within a local domestic violence program or between several service providers must be carefully planned, implemented, and evaluated regularly because the lives of battered women depend on it. This effective practice shares a checklist, designed by the National Network to End Domestic Violence (NNEDV), which can be used as a starting point in discussing client safety and data security.

Back to top

Issue

Perpetrators of domestic abuse can easily misuse technology through monitoring the activities of their victims and subsequently preventing them from seeking the help or resources they might need to extricate themselves from the relationship.

Back to top

Action

According to The National Network to End Domestic Violence (NNEDV), local programs should use the following checklist as a starting point in discussing client safety and data security, but it is not intended to replace intensive training. Please work with your State Domestic Violence Coalition to increase your community's awareness of data security.

Before you begin your data collection initiative:

Minimize Data Collected

This practice lessons the safety risks to clients and your organization's liability. Review the goals of your organization/project and evaluate your data collection process. Ask yourself: Are there less invasive alternatives to measure outcomes and streamline intake? How could the data you plan to collect be misused if accessed through legitimate or illegitimate means?

Develop and Implement Clear Policies

Outline privacy practices for handling sensitive client data. Communicate these policies regularly at orientation and meetings. Data security policies should address:

• The content of the record, how long it will exist, and who may have access to it
• Processes for clients to opt out, inspect, withdraw or correct their data/records
• Collection, modification, use, and disclosure procedures for client identifiable data
• Procedures for the secure disposal of computers or other electronic media that contain client identified data
• Screening, training, and background check processes of individuals who have access to sensitive information
• Procedures to protect against unauthorized use and unauthorized access

Conduct Privacy Impact Assessments

Government agencies are beginning to conduct Privacy Impact Assessments (PIA) to address types of information being collected, purposes for collection, intended uses of information, information sharing, client notification, and information security. The Center for Democracy and Technology offers educational tools for additional information at their website at http://www.cdt.org/egov/handbook/privacy.shtml.

Keep Data Separate

Databases with case notes and other sensitive information must be carefully protected. It's important to keep a victim advocate's confidential electronic records separate from prosecution databases since defense attorneys may have the right to see prosecutor notes and may attempt to argue that various entities have access to each other's data if the databases are combined or even on the same server. Work with attorneys who specialize in confidentiality and privilege in addition to technology experts. If data is shared, it should be minimal and should not invade a victim's privacy.

Limit Access Levels

Limit the number of users who are authorized to view the most sensitive information. When determining access levels, your organization must consider safety risks if the data will be shared internally within one organization or across many organizations. It is critical to review the local, state, and federal laws that stipulate who can access victim data.

Critical Elements to Include when Designing Your Data System:

Test Your Security

Hire a trusted and skilled consultant or security firm to test the security of your network and data protection procedures. Banks and defense organizations are expected to go to great lengths to protect their data: victim service providers must protect the lives of their victims (and their data) to the same levels. An outside security audit can provide an in-depth analysis of what is weak or missing.

Keep Victim Data Away from the Internet

The safest way to protect sensitive client information is to have separate computers: one for Internet/e-mail and another for all sensitive data. These separate computers should not be networked together. Firewalls and anti-virus programs are helpful, but can be breached.

Utilize Anti-Virus Software and Firewalls

If you have an office network, consider the corporate addition of any anti-virus or firewall program because the server automatically updates itself and each desktop connected to the server. Anti-virus protection and software or hardware firewalls are important security steps for any organization with Internet access, however by themselves are not secure enough to adequately protect victim and client-identifiable data.

Use Alphanumeric Passwords and Change Them Frequently

Password management is a critical part of data security. Alphanumeric passwords are a combination of upper and lower case letters, numbers, and symbols. The use of pet names, birthdays, or words in a dictionary should be prohibited. Passwords should be changed frequently and kept safe; do not keep under the keyboard or taped to the monitor! A password activated screen saver for employees with access to sensitive information helps increase data security when they step away from their computers.

Use Encryption

Encryption is the conversion of data into a form that cannot be easily understood by unauthorized users. Encryption is not the solution to all security concerns; it is a small piece of a comprehensive security solution.

Ongoing Maintenance, Audits and Training:

Update Operating Systems

Regularly download all the latest patches and updates for your operating systems. Sometimes the automatic Windows Update feature is not set up correctly, so it is important to check for updates weekly at the Microsoft website. http://www.microsoft.com

Audit for Quality Assurance

This is a process of evaluating the data collected and removing any incorrect information. At minimum, staff responsible for the day-to-day data entry should not be in charge of the audit. Audits should include random samples of information collected about clients to help assess quality, accuracy, and to identify if inappropriate data is being collected or shared.

Use Skilled Technology Professionals

Most nonprofit organizations do not have a full-time Information Technology Specialist, however, it is imperative that organizations collecting potentially lethal electronic data have qualified professional technical support. To limit cost, ask organizations that have been used as national models about their databases, their overall design, and the possibility of contracting to use their database as a starting point.

Seek Ongoing Education

Attend issue specific trainings or bring a consultant to your organization to speak about data security and victim safety. With high turnover, it is especially important to offer ongoing training and education to maintain the security of data and the safety of clients.

Back to top

Context

The National Network to End Domestic Violence (NNEDV), a social change organization representing state domestic violence coalitions, is dedicated to creating a social, political, and economic environment in which violence against women no longer exists.

Safety Net: the National Safe and Strategic Technology Project at the NNEDV Fund, educates victims of stalking and domestic/sexual violence, their advocates, and the general public on all forms of technology and its relevance to survivors of domestic violence.

The Project's work has been possible due to support from the Wireless Foundation, The Mary Kay Ash Charitable Foundation, The AOL Time Warner Foundation, and the U.S. Department of Justice grants.

Data security includes a range of issues—from preventing unauthorized access, to minimizing information collected and shared.

Back to top

Evidence

Since August 2002, The Safety Net Project has:

• Trained over 9,547 advocates, police and prosecutors across the United States
• Developed critically needed educational materials for victims and advocates
• Lead and participated in national and regional advocacy and policy initiatives and conversations
• Responded to numerous media requests around issues of technology use and victim safety
• Developed important partnerships with allied organizations and government organizations

Back to top

Posted On

June 17, 2005

Back to top

Resources

NNEDV: Internet & Computer Safety
http://www.nnedvfund.org/

Source Documents

Related Practices

• Protecting the rights of victims of domestic violence
• Supporting female victims of crime and their families

Back to top

Related sites

National Coalition Against Domestic Violence

Topic Areas

• Crime prevention
• Public safety
• Violence prevention
• Supervision
• Nonprofit management
• Program evaluation
• Risk management
• Databases
• Technology
• Technology planning
• Community-Based Organizations
• Nonprofit Organizations
• Human needs

Back to top