For GDPR reasons I need to ensure contact details and survey responses cannot be linked so I've redirected respondents out of survey 1 to survey 2 so that they can input their contact details separately. However, I realised that the presence of date and time metadata will mean that technically it is possible to link the two survey responses. So I'd like to know if it's possible to stop Qualtrics from storing the date and time of data collection for one of the surveys. Thanks for your time.
How to stop Qualtrics from storing date and time metadata for one survey?
Userlevel 7
+22
In survey 1 itself you can anonymize the response by checking Anonymizing Responses in survey options.
I thought the Anonymising Responses function just removes IP address rather than date and time of survey completion?
Userlevel 7
+22
https://www.qualtrics.com/community/discussion/comment/27572#Comment_27572It also removes the data associated with contact, so we not be able to find the which respondent answered what.
I always use the Anonymising Responses function yet I am still able to view the date and time in the data view section so clicking this function does not remove the data and time metadata from the survey data. I'm sorry if I am missing something here.
Hello, I have got the very same problem. Did you go any further with this?
I'd be happy if just the second survey that collects contact information doesn't contain these timestamps.
I have tried Contact List Triggers. Entries in that list do not contain timestamps but the raw data sheet still contains everything including start date and end date. So not a viable solution.
Even if you could remove date/timestamps, wouldn't it also technically be possible to re-identify respondents by matching rows (since Qualtrics saves responses in temporal order)? Or, for that matter, re-downloading both files each time someone new participates?
I'm curious what type of situation requires you to both collect contact information and also completely prevent re-identification?
In my case, participants have the option to leave their email address in case they would like to be informed about the findings of my research. This is optional and many participants do not opt in.
Re your thoughts, I agree, there are various other attack vectors. The potentially easiest solution would be to redirect participants to an entirely different site for collecting their contact information. However, I am not contend with this approach as it introduces yet another attack vector that I need to think about how to defend - this includes internal errors / oversight as much as external attacks.
Hmm, and your ethics committee won't let you make that contingent on re-identificaiton? I have a (GDPR-compliant per our lawyers) study that is anonymous unless participants opt-in to be recontacted, in which case they separately consent to their data being re-identifiable.
Leave a Reply
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.