There are many things for agencies to consider when selecting a database that will contain survivors’ information. This page summarizes our advice for your database selection process.

Review Worksheet

This worksheet is a part of a set of resources intended to help agencies select a database, and summarizes most of the advice on this page. We encourage you to review with Client Information Databases and Confidentiality and the Database Vendor Negotiation Checklist before using this worksheet to review a specific database.

Safety Net can also help with your database selection process.

Data & Data Retention

Databases should be designed to help your program collect the least amount of information necessary to meet survivors’ needs, and to keep it for the least amount of time needed (this is opposite from how many are often designed).

Data Fields

  • Best: Your program can easily make changes to data fields without contacting the company. Fields can be hidden, deleted, or edited and can be made either optional or required. Support documentation or videos are available.

  • OK: Changes can be made, but the company must make them or they need to help your staff. The company is easy to contact and quickly respond with free technical support, or can quickly make changes for you.

  • Caution: The company must make the changes, or would need to help your staff, but there is a significant wait time and/or a cost.

  • Unacceptable: No changes can be made, all fields are preset.

Record Retention & Deletion

  • Best: Data can be purged according to a routine schedule set by your program. A specific record can also be manually deleted by a user with appropriate access level at any time.

  • OK: Records can be deleted, but your program must delete manually.

  • Caution: The company must manually delete data.

  • Unacceptable: Data can never by deleted.

Backups

  • Best: Data that is purged does not remain as part of a backup.

  • OK: There is a backup that the program is completely in control of and could delete at any time.

  • Unacceptable: The company retains data in backups for an indeterminate amount of time.

Ownership of Data

Information about survivors should belong to survivors, and program is obligated to protect any information that survivors share with you.

Control, Oversight, and Ownership of Survivor Data

  • Best: Your program owns the data in the database, and can edit or delete it in whole or part at any time.

  • Unacceptable: The company owns the data, and could share it at any time.

Exporting Data (moving the data elsewhere)

  • Best: There is a built-in, easy process for your program to export the data at any time.

  • OK: You can request that the company export the data.

  • Unacceptable: It’s not clear if, how or when you could export data.

Change of Ownership or Going Out of Business

  • Best: There are clear, written explanations of what will happen to the data and to your ability to use the product in the event the company sells their business or goes out of business.

  • Caution: It is not clear what would happen.

Access to Data

Access to personally identifying survivor data in the database must be limited to authorized people inside the victim services program.

Confidentiality Obligations and Protections Against Unauthorized Access

  • Best: It is not possible for anyone in the company to see personally identifying survivor information. The company doesn’t hold a copy of the encryption key, sometimes referred to as “zero-knowledge” or “no-knowledge” encryption.

  • Caution: The company has policies against unauthorized access, audit systems that track access, agrees to penalties if data is internally breached, and will share the names of specific employees who might access data.

  • Unacceptable: The company has routine access to data (applies even if they “promise” not to access it). The company shares or sells data. Company employees can access data, and no policies or penalties are in place.

User Access

  • Best: You have full control over access levels, can add or delete users, and change their access levels at any point without company assistance.

  • OK: You have to request that the company add and delete users and change their access levels. The company will immediately process the changes.

  • Caution: You have to request changes from the company, and the changes are not processed immediately.

  • Unacceptable: All users have the same access level, which includes access to personally identifying survivor data.

Device Access

  • Best: You have complete control over which devices (computers, tablets, phones, etc.) can access the database, and can easily add or revoke access.

  • OK: The company is available 24/7 to make changes to device access.

  • Caution: There might be a wait for the company to make changes.

  • Unacceptable: There is no way to remotely remove access.

Remote Access

  • Best: You can securely access the data and or use the database remotely in case of a long-term emergency or disaster.

  • Caution: There is no secure way to remotely access the database or data.

Subpoenas, Warrants, and Third-party Requests for Data

  • Best: All data is encrypted and the company doesn’t have access to the key, so they cannot release or share any unencrypted data anyhow. The company will not automatically comply with an outside party’s request. They will notify you, so that you can fight the request.

  • Unacceptable: The company holds the key to decrypt the data, and can or will comply with a legal request without giving your program an opportunity to fight the request.

Data Security

The company must take strong precautions against accidental or malicious breach of database security.

Data Encryption

  • Best: Data is encrypted in transit and at rest.

  • Unacceptable: Data is not encrypted.

Access to Encryption Keys

  • Best: Your program, not the company, holds the only encryption key(s).

  • Caution: The company keeps a copy of the keys securely with limited employee access, and has an audit system in place to track access.

  • Unacceptable: The company’s employees and/or subcontractors can read survivors’ personally identifying information.

Security Audits

  • Best: The company performs regular internal security audits.

  • Caution: It is unclear if the company performs security audits, or it is uncommon for the company to perform security audits.

Data Breaches

  • Best: The company will notify you immediately of both internal and external data breaches, the data affected by the breach, and assist with remedies for affected users.

  • OK: They will notify you immediately that a data breach occurred and offer general information about what data was accessed.

  • Caution: They will notify you, but the timeline is unclear.

  • Unacceptable: They will not notify you of a data breach.

Data Storage Location

  • Best: Your program owns or controls the physical location of the data for in-house databases. For cloud-based databases, the company states where the data is physically kept, outlines the security of that location, and the data is not intermingled with other victim services programs’ data.

  • Unacceptable: A cloud-based database is stored in an unknown location, without additional security or clear ownership.

Security Flaws or “Bugs”

  • Best: The company can clearly explain what happens when security flaws or bugs are discovered, including how they will be addressed and when your program would be notified.

  • Caution: The company doesn’t have a clear process.

Technical Specifications, Training & Support

The database should meet your program’s needs, be easy to use, and the company should provide training and support.

Reports

  • Best: The reports that come with the database fit your needs.

  • OK: There are template reports that meet your needs with minimal changes, and you can easily create custom reports.

  • Caution: The company will need to customize reports for you.

  • Unacceptable: Reports can’t be customized.

Equipment, Software, Internet Access

  • Best: All of your equipment, operating systems, etc. meet the specifications needed for the database to run smoothly.

  • OK: Some upgrades are needed, but you have the financial capacity to make them.

  • Caution: Upgrades are needed and you don’t have capacity to make them.

Data Migration

  • Best: The company includes data migration in the purchase.

  • OK: There is an added cost for data migration but you have the financial capacity to cover it, or you can move the data yourself and the company provides support documentation or videos to help guide the process.

  • Caution: You can’t migrate your old data into the new system.

Technical Support and Troubleshooting

  • Best: The company offers 24/7 technical support and customer service.

  • OK: The company does not have 24/7 technical support; however they respond to questions in a reasonable timeframe. The platform is easy to use, and your staff and volunteers can likely resolve common problems OR you have dedicated IT staff or consultants who can help.

  • Caution: The company doesn’t have dependable technical support or customer service. However, your agency has dedicated IT staff who are comfortable with the platform and have sufficient access to help.

  • Unacceptable: The company doesn’t have dependable technical support and your agency does not have access to IT staff.

Training

  • Best: Training is included and the system feels user-friendly to your staff and volunteers.

  • OK: Training is an additional cost, or your staff will have to help other staff and volunteers.

  • Caution: Only written documentation or training videos are available.

  • Unacceptable: No training or documentation is provided.

Number of Users (from your program)

  • Best: There are unlimited user accounts for your staff.

  • OK: Limits on users are well above your anticipated need, and cost for additional users is reasonable.

  • Caution: Limits on users are barely enough. Cost for additional users is significant.

Downtime and Maintenance

  • Best: The company has systems in place to avoid scheduled downtime, and has a plan in place (including prompt notification) for when unexpected downtime occurs.

  • OK: The company gives advance notice of scheduled downtime and works to ensure it will have minimal impact on users. They also have a plan for unexpected downtime.

  • Caution: The company has scheduled downtime that interferes with your services, and/or they have no plan for unexpected downtime.

Data Storage

  • Best: The storage space included is unlimited.

  • OK: The storage space is currently more than adequate.

  • Caution: You will likely need to pay more in the next year or so for additional storage space.