How does Counting Us address security issues?
While HUD does not require the collection of any personal information, Counting Us includes optional fields to collect full names and dates of birth. There is no field to collect social security numbers. Still, we understand that even basic identifiers are data that need to be protected and we have strong safeguards in place to ensure that this information remains safe and secure.
There are two main technical components of the Point in Time data collection framework, and we have rigorous protections in place to ensure the data remains protected in both.
Within the Counting Us app, the survey data is not stored in the app and is removed immediately after a survey has been submitted. Users can only submit data and cannot look up or view data that has already been submitted.
The only time that data is stored on the device of the count volunteer either decided to save a survey to complete later or if he/she was in an area without an Internet coverage and had to save off the survey to submit it later when he/she does have coverage. To help protect any data that is saved off as a draft, we encourage all count volunteers to use the built-in security features within their mobile devices to require the entry of an access code after a set period of inactivity. This is a best practice for anyone who uses their mobile device for email, online banking, or other secure transactions. For the Counting Us app, even if a user was mid-survey and lost their phone, or had surveys saved as drafts, the person who finds their phone would only be able to reset the device to the factory defaults - in which case both the app and the surveys would be gone.
Within the Regional Command Center, data is hosted in a secure, professionally managed datacenter and sits behind a professional grade firewall. All data transmitted to and from it is protected using RSA 2048 bit encryption. By choosing to deploy and utilize our own hardware in a datacenter we ensure that only authorized members of our team have physical access to our servers.
Alternatively, paper surveys are subject to numerous opportunities for loss and exposure of personal information.