Data Privacy Day: The Gold Standard for Protecting Survivor Privacy

data privacy

When thinking about domestic violence victims, data privacy isn’t the first thing that comes to mind for most people. But here at Safety Net, it’s always a top priority for us, and we spend a lot of time helping local domestic violence programs and other victim service providers understand the impact that their use of technology can have on the privacy of the survivors they work with.

Understanding what real data privacy looks like can be complicated. As we move ever more rapidly into a technology-driven world, local domestic violence programs are under increasing pressure to join in and adopt new technologies. There are many benefits to this – it means that survivors have new ways to find help that are often easier (and in some ways safer) than making a phone call or showing up at the front door, and it means the administrative work programs have to do can become more streamlined, giving them more time to spend helping those they are there to assist. But as with everything related to domestic violence, there are major risks involved in the use of technology that must be considered and minimized before moving forward.

Let’s start with why data privacy is so important. When survivors seek help, they take huge personal risks. If their abusive partner finds out they’ve asked for help, the abuse often escalates. They also face the possibility of harmful social and economic repercussions, like housing discrimination, job loss, and exclusion from their family or community. The information victims share with the domestic violence programs is often incredibly sensitive, and if others gain access to it, it can be used to cause further harm to them. This is why the Violence Against Women Act (VAWA) requires such stringent confidentiality practices – well beyond what the more widely known HIPAA practices require. (Learn more about this in our HIPAA/VAWA/VOCA FVPSA Privacy Comparison resource.)

Domestic violence programs often ask us to help them learn and understand best practices related to data privacy and online services. A practice we are constantly encouraging programs to look at is the use of zero-knowledge encryption services. When we suggest that as the best option for confidentiality, many want to know “But what does that even mean?!” Well, zero-knowledge encryption is the best way to ensure that the information being sent between the survivor and the program, or the information that is being stored in the cloud by the program, is protected against all third-party access (a third-party is anyone who is not the victim or the program that is helping them out).

When a domestic violence program uses cloud-based services, they are essentially storing the information they are collecting at an outside location. And it is standard practice for most cloud-based companies to have access to the data that is being stored. This means that if they choose, they can go in and read all of the information the domestic violence program has stored about the victims they are working with. But when a software company uses zero-knowledge encryption, even THEY can’t see the data.

Here’s a helpful analogy for understanding how zero-knowledge encryption works: Imagine a physical storage company where you can rent a vault to store your organization's paper files. When you go there to rent a vault, they let you know that you will be the only one who has a key to your vault, and that there is no way to get into the vault without that key. The vault can't be broken into. And the storage company does not have an extra copy of the key. No one but you, or someone you give the key to, can get into the vault. This is what zero-knowledge encryption does for survivors' data. It ensures that only the domestic violence program has the key to unlock and access the data they have entered about survivors. This is why we consider this the gold standard of data protection, and the one that most clearly aligns with VAWA confidentiality obligations. Software companies are third parties. And they get approached by other third parties - like law enforcement and abusers' attorneys - to share the data stored on their servers. If the software company can't see the data, and they can't hand it over to others who might use it to harm the survivor, the privacy and safety of the survivor is much more secure. 

If you have questions about this, feel free to reach out to us. To learn more about privacy and confidentiality, check out our Technology & Confidentiality Toolkit.

 

Data Privacy Day: Honoring A Survivor’s Right To Safely Access Technology

person on computer

When a survivor reaches out to a domestic violence program for help, it’s often as a last resort and with much trepidation. Social connection, access to financial resources, and a safe home have often been systematically stripped away from them by their abuser. Smartphones, email, and social media accounts are often the last remnants of their connection to support, and can serve as an important lifeline when they’re in danger.

Yet we often hear from survivors that when they’ve reached out for help about the harassment, stalking, and abuse they’ve experienced through technology and social media, the only advice they get is to completely disconnect from technology and delete their accounts. But this places the blame in the wrong place. The technology isn’t the issue; the abuser’s behavior is. And worse yet, this response punishes the victim for the abuse they’ve suffered, forcing them to become more isolated because their only option is to disconnect. It also impacts their safety; if a survivor is in need of help but can no longer access their support systems, the risk of danger can increase dramatically.

This Data Privacy Day, we celebrate a survivor’s right to safely access technology, and encourage programs to proactively safety plan with survivors to help them feel empowered and safe with their technology use. We need to view safe access to technology, the internet and social media as a fundamental right of survivors. Technology is a necessity in our everyday lives, and removing it is not a feasible option. Instead, domestic violence programs can help survivors not only find temporary refuge, but also help them build a new skill that will empower them to stay connected, feel less isolated, and have communication tools that can help them in emergency situations.

The Safety Net Project develops tools and resources that help both survivors and victim service agencies become more informed about how to safely use technology, and about how abusers might misuse technology to stalk and harass. On Data Privacy Day, we encourage you to explore these tools listed below, and to reach out to us with any questions you may have about the safe use of technology.

  • The TechSafety App - This app was created for anyone who thinks they might be experiencing harassment or abuse through technology or who wants to learn more about how to increase their privacy and security while using technology.
  • Technology Safety & Privacy Toolkit For Survivors - Survivors of domestic violence, sexual assault, stalking, and trafficking often need information on how to be safe while using technology. This toolkit provides safety tips, information, and privacy strategies to help survivors respond to potential technology misues and to increase their safety and privacy.
  • The App Safety Center - There’s an app for everything, right? An increasing number of apps for smartphones and tablets are attempting to address the issues of domestic violence, sexual assault, and/or stalking. With so many apps, knowing which ones to use can be difficult. The App Safety Center will highlight some of these apps by providing information on what survivors and professionals need to know to use them safely.
  • Agency’s Use of Technology: Best Practices & Policies Toolkit - The way domestic violence, sexual assault, and other victim service agencies use technology can impact the security, privacy, and safety of the survivors who access their services. This toolkit contains recommended best practices, policy suggestions, and handouts on the use of common technologies. 

Protect Yourself In a Data-Driven World

geralt/pixabay.com

geralt/pixabay.com

We live in a world of share, share, share. What’s your phone number? What’s your social security number and birth date? Can I get your pic? Can I follow you on Insta, FB, Twitter? Then there’s an entire level of sharing that we don’t even know about. What does the FBI, NSA, or my county government have on me? Is my doctor, pharmacist, or WebMD sharing my health data with anyone? What is Google, Facebook, or Apple collecting about me?

Today is Data Privacy Day, a day aimed at helping consumers understand how to protect their online information and encourage businesses to be more transparent in how they collect and use data. For victims of stalking, domestic violence, and sexual assault, knowing how their personal information is collected and shared is imperative since disclosing their private information can be the difference between safety and danger.

Survivors take great strides in protecting their privacy from abusers who seek to harm them. They disengage from social media; they get new cell phones and laptops; they put additional security on their accounts. Yet, when information about them is shared: such as medical information between health insurance companies; state databases that are connected to allow additional access; or just the postal office sharing changes of addresses with data brokers – survivors’ privacy can be comprised.

Some of this sharing is beyond our control, which is why Data Privacy Day is so important. We need to protect our information by being careful over what and to whom we share our information and advocate for more control over our own personal information when others are sharing it.

What can you do? Here are some practical steps you can take: 

Other tips? Share them in the comments!