Privacy Model is one of the three components of the Privacy Infrastructure that the portal adheres to. The Privacy Infrastructure is, generally speaking, a collection of tools designed to enhance privacy by providing clear guidelines for publishing sensitive information. The other two components — Privacy Matrix and Anonymisation Matrix — are integrated into the system’s workflow.
A. User consent.
Before submitting the question form, the user is guided through the general information: what data is collected, for what purpose, and who will have access to it. The user should not be able to submit the form without confirming that they have read the provided information.
B. Privacy is the default.
The user’s privacy remains intact even if they do nothing. Non-submission of a filled-out form has no consequences; no information is saved continuously. When asked to specify their preference about the case publication, non-responsiveness keeps the case private.
C. The user determines what data is stored.
The only data collected from the user is what they choose to provide (i.e. their story, post comments). All of it is directly accessible to them once they log into the system. Their registration date is the only piece of metadata that is stored about the user.
- If the user decides to sign up through their Google account (Social Login secured by OneAll), their data will also be collected by a third party. Said third party might collect more data than the VSP but without a link to the user’s activity or data in the portal. The user can, at any time, ask that the third party remove all their data.
D. Opt-out option.
The user has full control over their data. If they object to the data being stored long-term, they can ask for it to be removed immediately after the case is resolved. The user can ask for the data to be removed at any point after its submission if they decide that they no longer want help.
E. Limited access to data.
After the user submits their story, the only people authorised to view it are the system administrator and the selected mentors. No one else has access to it until its anonymised version is potentially published.
F. Secured transfer.
The user’s data is securely transferred to the database from the submission form through HTTPS protocol. All input is validated and sanitised to minimise the risk of SQL injections and cross-site scripting attacks.
G. Anonymise before publishing.
If the user consents to their story being published, it will be anonymised according to their preference and only then published. The anonymisation will be performed either by the administrator or one of the selected mentors in compliance with the Privacy Matrix and Anonymisation Matrix. Before being definitively published, the anonymised story will need to be approved by the user.