Do you use SurveyMonkey? Be careful … if you are an Australian government organization

This article is from Craig thomler, the managing director of digital democracy company Delib Australia and New Zealand, which provides tools in competition with SurveyMonkey. Thomler is one of Australia’s foremost experts on eGovernment and Government 2.0 issues. It first appeared on Thomler’s popular blog, eGov AU, and is reproduced here with his permission.

opinion I had an interesting and solid conversation online on the last day about how Australian councils and governments are using overseas services like SurveyMonkey to collect information from citizens and residents.

It’s no secret that SurveyMonkey in particular is widely used, with other tools like SurveyGizmo and Wufoo also used by many Australian councils and governments to collect personal information from citizens during consultations. I think these are great tools – well made and cost effective. In the past, I have also encouraged and supported their use.

However, every board and agency that uses them should be very careful in doing so.

Many of these tools are owned by American companies, making them subject to the Patriot Act and the Foreign Intelligence Surveillance Act (FISA). The Patriot Act, passed in 2001, was designed to combat terrorism in the United States and strengthened FISA, originally passed in 1978, to allow certain US agencies to request data from US companies regarding non-US citizens. , while banning the company from revealing that the data was taken.

What this means in practice is that any data collected by an Australian government or board in a United States-owned service, such as SurveyMonkey, can be provided to the United States government, without notifying or requiring the authorization from the Australian jurisdiction or the persons whose personal data is collected. .

Whether or not the United States government exercises its rights under the Patriot Act and FISA, any Australian government using United States-owned online services (no matter where in the world they are hosted), cannot legally do so. warranties they are required to make under Australian law. Privacy Protection Act to control how the personal information they collect about citizens and residents is distributed or used and to only use the data for the purpose for which it was collected.

This poses a major challenge for Australian boards and agencies as they are likely to be found in violation of the revised Privacy Act, which now provides for multi-million dollar fines for governments that fail to comply. not.

I recommend reading the New Australian Privacy Principles (APPs), as provided by the Australian Information Commissioner’s Office, to get an overview of the impact of privacy changes, especially APP 1 (which requires actual entity confidentiality documentation), APP 2 and APP 8.

APP 2 describes the requirement to support anonymous and pseudonymous responses to lookups – meaning any service or approach (including RSVPs to a physical event) that requires a user’s real name may no longer be legally able to be the only channel for consultation responses.

APP 8 is particularly worth reading to find out how organizations that collect personal data are allowed to share it across jurisdictions. I’ll let people read it for themselves and find their own legal interpretation, as it poses a big legal question mark over the use of US owned services due to the Patriot Act and FISA.

Any board using US-owned online engagement tools must decide whether the convenience and saving a few dollars are worth the risk – knowing that they are breaking Australian law.

Of course, that shouldn’t stop boards or agencies from using online engagement services. As long as an online engagement service meets the requirements of privacy law, it is acceptable for an Australian government to use it. This covers data collection services from companies domiciled in countries that have no equivalent to the Patriot Act and FISA – like the UK, New Zealand and Canada, among others.

This also does not exclude the use of US-owned services such as Facebook, LinkedIn and Twitter where citizens have directly chosen to subscribe to the service based on its terms of use. The presumption is that citizens will do their due diligence and do their own risk assessment to determine if they are prepared to comply with US laws. When governments are present, they are not the direct intermediary for citizens using the service and therefore only need to be aware of the privacy ramifications of information posted on the board or agency account pages.

It may also be possible to mitigate legal risks associated with tools like SurveyMonkey by excluding all personal questions in surveys – although this may be more difficult to defend in some cases because the IP address and others metadata collected automatically by these services may be sufficient to create a connection and identify a respondent.

Or the agency or government council could require all respondents to explicitly agree before committing to understand that the Australian jurisdiction collecting their data cannot guarantee the security of this information due to US law – although this can seriously affect the level of real engagement and trust.

Fortunately, however, when agencies and boards delve into using online engagement tools, they don’t need to be limited to US or foreign vendors. There are local providers of online engagement tools, including the company I now run, Delib Australia.

Local providers are required to follow all Australian laws and, for the most part, host their services locally (as Delib does), eliminating jurisdictional risk and potentially making them faster to use (as the data does not have to traveling on congested international networks).

This can raise prices a bit – hosting in Australia is more expensive than hosting in the US, and local providers can’t access the same economies of scale or risky financing as US businesses. However, that doesn’t add much to the price, considering the benefits of local support (in Australian time zones) and greater responsiveness to the needs of local governments.

Speaking with my Delib hat, as I know the best prices from Delib, boards and nonprofits across Australia can access Delib’s combined Citizen Space and Dialogue App services for under $ 500 per month.

State and federal agencies, which need more flexibility and control, won’t pay much more for Delib’s robust and well-tested online survey and discussion tools, which were co-designed with governments for government use, and comply with Australian standards for privacy, security and accessibility requirements. Other local vendors offer a variety of other online engagement tools and should be considered as well.

So when an Australian government council or agency wants to engage online, their staff should think very carefully about whether they choose a US-based service or a local provider – asking themselves whether he’s willing to trade a small price for a lot of legal fees. risk, loss of control and less support. They are also wondering if they want to support Australian or American companies, Australian jobs or American venture capitalists.

The choice shouldn’t be too difficult, even with a small commitment budget.

Leave a Reply

Your email address will not be published.