Tag Archives: tls

The Importance of Encrypting Online Survey Data

Yellow Padlock

I co-convene the Sociologists Outside Academia group of the British Sociological Association, and as part of that role I volunteered to help the BSA with their annual membership survey.

One of the recommendations I made to the BSA is that because they intended to collect personal and sensitive information from respondents, it is a good idea to encrypt the online survey to make sure you or your organisation complies with the Data Protection Act 1998 (other countries will invariably have similar legislation).

The encryption is carried out usually by a technology called transport layer security (TLS), and is similar to that used to encrypt your credit card data when you pay for goods online, complete forms requesting personal information, or log in to your online banking service. You know your connection in encrypted because your browser usually displays a padlock logo similar to that in the image below:

Secure browser connection


If you build your survey online, encrypting your survey is usually just a matter of ticking the relevant box in your survey software. In SurveyGizmo, for example, when you have launched your survey, edit your survey link under ‘My Links and Campaigns’ and under ‘Link Protocol’ change this to ‘Secure (https://)’. Simple!

Settings for Survey Gizmo



Other software, such as SurveyMonkey, will have a similar option. If you are using another tool, check the manual or online help.

Why You Should Encrypt

If you are not collecting personal or sensitive data, then you don’t need to encrypt the connection. However, most online survey packages offer encrypted connections with their most basic packages (except their free packages) which cost a minimal amount of money. I’m not a lawyer or solicitor so can’t advise you on whether you should encrypt your connection or not, but if you have the option to enable an encrypted connection anyway, I recommend you do it. It doesn’t cost any more, it doesn’t perceptibly slow down the user’s connection, and it demonstrates to the respondent that you value their data enough to secure it, earning you trust in the process. And it helps you comply with the Data Protection Act if you do decide to collect personal information later.