Questions to Consider

The type of technology that VAW shelters and transition houses use and how it’s implemented can have a profound impact on the safety and privacy of both survivors and organizations, whether the technology is used to communicate with others, store and manage information about survivors, or manage daily work. Through proper security and effective technology policies, shelters and transition houses can minimize safety and security risks.

The following is a list of considerations for some of the common technologies that shelters and transition houses may use in their work.

Phones

Caller ID

  • Does your organization block your caller ID so that when you call survivors, your organization's name doesn’t show up on their caller ID?
  • Does your organization have a policy to purge or not collect Caller ID information from callers to avoid collecting personally identifying information about survivors who call?
  • Does your organization have a policy to delete phone bills and other online documentation that might contain personally identifying information about survivors?

Voicemail

  • Does your voicemail message ask for the caller to state whether it is safe to leave a voicemail when their call is returned?
  • Do your staff know how to call a survivor back in a safe way?
  • Does your voicemail get forwarded to an email address or text message? If so, have you addressed security and privacy concerns regarding emails and text messaging?

For more information about best practices and policy recommendations on the use of phones, see Phone Communication with Survivors: Ensuring Privacy and Safety.

Cell Phones

Phone Security

  • Do staff have a passcode on their phone in case it is lost or stolen?
  • Are you able to remotely wipe or disable the phone in case it is lost or stolen?
  • For smartphones, are there security and anti‐virus/anti‐malware software on the phone?

Ownership & Privacy

  • Are staff cell phones owned by the organization?
  • If staff are using their personal devices, are they aware of the potential privacy and security risks? How does your organization enforce policies for survivor privacy on personal devices?
  • If calling survivors from personal devices, are staff turning off the “Show My Caller ID” feature in their settings or blocking their number by dialing *67 or #31# to increase their privacy?

Information Safety & Privacy

  • Does your organization have a policy that staff should not save survivor contacts on their cell phone?
  • Do you delete call logs, messages, and voicemails to ensure you aren’t keeping a record of callers on your cell phone?

For more information about best practices and policy recommendations on the use of cell phones, see Mobile Phone Use: A Guide for Anti-Violence Agencies.

Texting

  • Does your organization have a written policy for texting clients, outlining appropriate and safe use as well as protocols for increasing privacy?
  • Do you delete text message logs regularly?
  • Do you talk to the survivor about the risks of having an entire conversation history on their phone?
  • Are you aware that even if the phone’s caller ID is blocked, you cannot conceal your phone number when texting unless you use a virtual number?
  • Does your organization have an expectation that you don’t have to respond to text messages after hours? Are survivors clearly informed of your availability and alternative options?

For more information about best practices and policy recommendations for texting, see Texting: A Guide for Anti-Violence Agencies.

Computers & Tablets

  • Are your computers/tablets running anti‐virus and anti‐spyware software and, if so, is the software being scheduled to run frequently?
  • Is the computer/tablet password‐protected?
  • Do you have a computer set up for survivors to use? If so, is it set up to optimize safety and privacy?

For more information, best practices, and policy recommendations for computers and tablets, see:

Online Communication

Email

  • Do you delete survivors’ emails from your inbox and trash?
  • Do you avoid storing survivors’ email addresses in your contacts?
  • Do you delete the original email when replying so the entire history of the conversation isn’t included in your reply?
  • Do you talk to survivors about email safety when communicating with them?
  • Is your email service backing up to a third‐party cloud storage system? If so, are the emails being deleted from there as well?

For more information about best practices and policy recommendations on email, see our Using Email: A Guide for Anti-Violence Organizations

Social Media

  • Does your organization have a policy that prohibits posting private and sensitive information, including information about survivors without their permission, on social media?
  • Do you know how to respond safely when survivors choose to communicate through your organization’s social media platforms?
  • Does your organization have guidelines about what to post, how to respond to friends/followers who engage, and who to “friend” or “follow” on social media?

For more information about best practices on social media guidelines and policy recommendations, see our Social Media Policy Guidelines for Anti-Violence Organizations.

Video Chats

  • If you are using an online platform for video chatting, is your organization familiar with the privacy policies of the vendor?
  • If you are video chatting with a survivor, do you make sure not to save their contact information into your contacts or “friends” list?
  • Do you talk to survivors about the possibility of your contact information being in their contacts or “friends” list?
  • Do you talk to survivors about the possibility of computer monitoring?
  • Do you make sure that video chat conversations aren’t recorded?

Website Safety

  • Does your website include information about computer privacy and safety for survivors who visit your website and offer a method to quickly leave your site?
  • Does your contact page include a web form for survivors to reach someone (which is a safer method of emailing) rather than an email address?

For more information about best practices and policy recommendations on website safety, see Designing Websites to Increase Survivor Safety and Privacy.

Data Management

  • Do you only collect the minimum amount of information from survivors needed to provide services, to minimize the risk of that information being inadvertently revealed?
  • What physical security measures are in place to protect all electronic and paper victim records?
  • Do you have a written and enforced data retention policy?
  • Do you back up your data and does your retention policy include the backup data?

For more information about best practices and policy recommendations on databases, see our Frequently Asked Questions About Record Retention and Deletion.

Databases Managed Onsite by your Organization

  • Are your client and organization data stored on a server in your office?
  • Does your server have a firewall to protect your computers from breaches?
  • Do you have and use appropriate access levels to ensure that staff only sees information relevant to their role?

For more information about best practices and policy recommendations on databases, see Database Considerations for Anti-Violence Organization.

Databases Managed by a Third Party

  • Do you know what their security measures are?
  • Do you know who else has access to your files?
  • Do know if your files are co-mingled with files belonging to other clients?
  • Are you minimizing or removing all survivor data from the files being stored by a third party?

Cloud Computing

  • Do you have an agreement with the cloud computing company that allows you to retain ownership of your data and that prohibits them from using, sharing, or selling it?
  • Does the cloud computing service own their servers or do they lease them through another company? If a third company is involved, what are their policies? Do you have a contract with them for ownership of and access to your data?
  • How does the service respond to legal requests? Do they consult you first? Are you informed of any requests for information, data shared under a request, or any breaches?
  • Do you know where their servers are located and what jurisdictions they fall under?
  • Are you able to permanently delete files from their server?

For more information about best practices and policy recommendations on cloud computing, read NNEDV’s Cloud Computing Tipsheet.

Cameras

  • If using surveillance cameras or recording images/video at events, do you inform people that they might be recorded? 
  • Do you allow people to opt out of being recorded? 
  • Do you allow people to opt out of having their images stored by the organization or shared with others or online? 
  • Do you have a policy on deleting images or video footage after a certain period of time? 
  • Do you retain images of survivors? 

For more information about best practices and policy recommendations on cameras, see Video Camera Use in Anti-Violence Organizations

Technology Security

Wi-Fi Security

  • Is your wireless connection password protected?
  • Are you using WEP or WPA encryption on your wireless connection?
  • Do you limit who (staff, guests, survivors) can access your network?
  • Do you have guidelines on accessing insecure wireless networks?
  • Do staff need to use a secure link, such as a VPN, to upload or download files from your organization’s servers?

For more information on WiFi security, see our Wi-Fi Safety & Privacy: Tips for Anti-Violence Organizations.

To support your development of safe tech use policies, WSC has developed a Use of Technology Policy Template Guide for Women’s Shelters and Transition Houses (PDF, in English only) in addition to the documents listed above.

Technology-Facilitated Gender-Based Violence (TFGBV) is part of a continuum of violence that can be both online and in-person. If you or someone you know is experiencing TFGBV, you are not alone. You can use sheltersafe.ca to find a shelter/transition house near you to discuss options and create a safety plan. You don’t need to stay in a shelter to access free, confidential services and support.

Adapted for Canada with permission from NNEDV’s Safety Net Project, based on their resource Questions to Consider: Technology Safety for Programs.

Safety Check!

If you think someone is monitoring your devices, visit this website from a computer, tablet, or smartphone that isn’t being monitored.

EXIT NOW from this website and delete it from your browser history.

Exit Site