HQ without Data Export privileges

We need HQ accounts to supervise several teams working on the field. The field work is managed from 340 local offices nation wide. We need to assign al least one HQ account for each local office to organize the work (do assigments, reassign, interviews, etc…). The problem is that we don’t want those HQ users can export de data. For security confidential data policies it is imposible to provide them an HQ account.

In the HQ profile screen is ti possible to add the check box “Allow Data Export” to control which HQ user can have access to the data ?

To my knowledge, all HQ users can export data (for the workspaces to which they have access).

Could you say more about your use cases–that is, why you would want HQ users not to be able to export data? I’ve heard this request before. I think it could be a nice new feature. But it would be very helpful to understand the use case(s).

We are dealing with a big project, a Census for 6,4 million households. The field team is composed of nearly 15,000 interviewers and 3,000 supervisors. The census will take place in 36 days. Because this is a nationwide project, the field work will be managed from 304 NSO regional offices. We need to provide a least one HQ user for each regional office to manage the collection process within its scope of responsibility. In this scenario there will be the need of interview re-assigmens, approval and rejection and in some cases there will be the need of creating assignments also.

The problem we are facing right now is that we cannot have 304 different persons with the right to export data. NSO has to protect the data collected during the census and exporting data action needs to be centralized from the headquarters. There are strict regulations regarding the protection of citizens’ data.

We think that our challenge will be resolved with a small but very convenient modification in SuSo. We are proposing the creation of a flag in the HQ user profile to authorize the exporting data function. For those HQ users that have not this privilege the menu option “Data Export” will be disable.

Thanks for the really clearly described use case!

In the absence of this new feature, I think it would make sense to give NSO regional office staff into another role within the system:

  • Supervisor. In effect, this is HQ but without export privileges. Of course, if NSO regional office staff are supervisors, then there field supervisors will not have a Survey Solutions Supervisor role. Instead, they would need to supervise in other ways.
  • Observer.

The right role for NSO regional office staff will depend on the type/level of involvement expected/required of them. If they need to be active players, consider a Supervisor account. If they need to observe but may not be able to act, consider Observer.

@akuffoamankwah , any other ideas?

Will this problem be closed by imposing a password on data export file? (Which is the current possibility and was introduced precisely to avoid people peeking into the full dataset.)

Could you please quote exactly what do these regulations stipulate? And how this translates/applies to the particular Survey Solutions operation being planned.

Important: Any of the 304 persons can still READ the information in any of the interviews in the workspace they have access to. Even if they can’t export it all. Thus disabling the download of the whole DB will not solve the problem if you want Quito HQ to only read information from Quito region and not from any other (so basically your suggestion will not solve the legal requirement).

To prevent them from seeing data from other regions you can place them into 304 different workspaces. But then, by design, you will have 304 databases to export.

INEC (Ecuador NSO) is aware of the possibility of encrypting the export file that SuSo produces. In fact, during the pilot all export files were encrypted using the password data export. The problem is that INEC is not 100% sure that it is impossible to decrypt these files by using any cryptographic tool available out there.

INEC is aware that staff of regional offices would read the interview data by using SuSo UI, however this requires to to open the interviews one by one and copy the content by taking pictures or taking screenshots. Having access to a single file with 400k data interviews is a total different situation.

INEC has extensively used SuSo API, during the pilot they developed a robot that exports the database from SuSo and integrates the data to its core systems. These robots also automatized assignments for census questionnaires , perform rejections/approvals over the interviews collected and prepare assignments with preloaded data for quality assurance questionnaires. Right now the robot deals with 4 different workspaces (one for each zone of the country). Because the logic is already in place, it won’t be difficult for INEC to modify the robot and collect 304 databases.

For these reasons and others it will be a great help for this project that you consider implement our suggestion of putting a flag in the HQ profile to control the export data.