The Ontario Action Researcher
Backup and Security Issues for Qualitative Researchers
 

In qualitative research circles, it's not unusual for researchers to be concerned about and discuss the topics of backup and security, often in the same context. Protecting the confidentiality, integrity, and availability of data is of great concern (or at least should be) to any researcher. This article addresses the major points to consider when planning your backup and security strategy for your research project.

BACKING UP

It is helpful to look at the backup process as a two-phase task. The first phase is the steps you take to protect against unexpected instantaneous loss of data, so you can easily retrieve your work without significant loss. This would cover things like unexpected file corruption and accidental deletion of all or some of the data. The second phase is the steps you take to protect against more traumatic events such as theft, vandalism, fire, etc. The smart thing to do here, as many have already figured out, is to utilize some type of offsite storage medium, such as online storage, a bank vault, a trusted friend or relative (preferably in another town or state). This second phase is also sometimes referred to as "disaster recovery."

How often you should make the phase one and/or phase two backup is proportion to your degree of risk for losing the data and/or the frequency of changes and ability to recreate the data from scratch if all else fails. And naturally, as the deadline for the project looms closer, your backup protection should be adjusted accordingly.

INSTANT RECOVERY (PHASE ONE)

BACKING UP WHILE YOU WORK. Generally, my rule of thumb is to make an instant copy of a document (even if only on my hard drive) after every major revision session. This is not limited to just typical revisions and addition of new data. I will also back it up if I'm going to make major changes to the format or run a spellcheck. The reason for this is that I have had occasions in the past where I inadvertently made unwanted changes during a spellcheck that would have been too time-consuming or tedious to change. Once, in a 400-page document, I somehow managed to change every occurrence of "the" to "The" and it was much easier to go back to the previous version then to try and fix the problems that caused.

For those kinds of instant, temporary backups, I simply close out of the document, bring up Windows Explorer (which is a shortcut button on my mouse for convenience), and use the copy/paste features to generate an extra copy in the same directory. It's not unusual for me to have numerous documents called "copy of ..." in my documents folder during the life of a document. I make additional backup copies to a floppy or CD, usually at the end of the day. At periodic intervals, I make an extra copy of the external medium to send offsite. If the weather is especially bad, increasing the risk of power surges and fried hard drives, I might copy to the external medium more often.

EASILY BACKING UP MULTIPLE DOCUMENTS. To avoid having to make numerous copies of individual documents, I set up my system so that all of my modifiable data is in a single directory called "-data" (the hyphen assures it will be the first folder in my Explorer directory). In this folder I have subfolders for documents, macros, templates, database files, spreadsheets, etc. I also have special subfolders to keep client files separate and for special projects, but they're all under this one directory. Since I work on many different projects in a given day, this is an easy way to track things. Then, when I am ready to make my offline backup, I do a simple copy/paste of the -data directory to a CD. This directory is rather large, and it takes a few minutes to complete the process, so I make it a habit to do it while I'm eating dinner or watching a movie - anytime I know I'll be away from my computer for a while.

I have WinZip installed on my system, so if I want to copy a special project onto a floppy, I can easily right click on the folder for that project or client and zip the entire contents of the folder, which most often fits on a floppy with no problem after zipping, then I copy the zip file to the floppy. (Other zip utilities work in a similar fashion.)

AUTOMATED BACKUP. For folks who prefer a more automated form of backup, you can go to www.zdnet.com and put in the keywords "backup software" into the search window and you will be presented with a host of options for doing so. Automated backup programs can be set up to work in the background, mostly transparent to you, the user. They can also be easily configured to backup numerous files scattered all over your hard drive in an instant, such as your documents and email directories.

RECOGNIZE YOUR RISKS. You also should be mindful of your own personal level of risk when developing your backup plan. It's very easy to become complacent when your computer is behaving and everything is working fine, and it's easy to let your guard down and not realize that your risk is still higher than you think. Of course, you are always at risk of losing data when you leave your premises because you could be subjected to fire or theft or other such disasters. But even while home, you could be at risk for losing data and not realize it.

If *anyone* else has access (with or without your permission) to your computer, you are at risk for losing files that are precious to you. Usually this is accidental, but in the end, when you are faced with lost data, it really makes no difference whether the loss was accidental or intentional. So if you share your space with other folks, be sure you have a current backup (in a safe place) of all your mission critical work at all times.

THIS COULD HAPPEN TO YOU! A brief anecdote here to underscore this point. A few months ago, I loaded a children's drawing game on my computer for my four-year old grandson, who had never used a computer. I spent just a few minutes teaching him how to use the mouse and then brought up the program for him. It appeared that the program had full control of my computer so I thought I was "safe" as long as I was in the room with him.

But I forgot about a "backdoor" I had inadvertently created when I programmed the middle button on my mouse to bring up Windows Explorer when clicked. He accidentally did that and starting clicking and banging randomly on the keys trying to get back into his program and out of Explorer. I was engaged in an important phone call at the time and in the brief minute that it took me to get over to him and help him back to his program, he had managed to click the right combination of mouse clicks and keys to totally wipe out three of my directories! I do not have a recycle bin, but thank goodness I had backups of what he wiped out and did not lose anything. The irony in the computer world is that the more a person does *not* know how to use a computer, the more damage they can do to it. And it's much easier and safer to protect yourself with frequent backups than it is to elude yourself into thinking others will never do anything (intentionally or not) to harm your files. Stuff happens!

OFFSITE STORAGE (Phase Two)

WILL YOU BE ABLE TO ACCESS THE OFFSITE DATA IF YOU NEED TO? When setting up your procedure for offsite storage, give a lot of thought to the reality of having to actually access the data you are sending offsite. Suppose, for example, that you have an older model computer system with a very old tape cartridge backup system using 4mm tape cartridges and proprietary backup software. The tapes are tiny and convenient and backup a lot of data, so it would naturally be tempting to make an extra copy or two and send them offsite. But then suppose you have a fire or theft or other disaster which renders your computer with the original hardware and software unavailable to you. And because it's all so old, it is impossible to replace it. If all of your backups are on these tape cartridges, you have a daunting task ahead of you trying to find a source who can read and transfer them to a more conventional media. Not good.

So for offsite storage, choose a medium that is generally universally compatible, such as floppy diskettes or CDS. A zip drive is "okay" but still not as universally compatible as the first two choices. It's also helpful if your source (i.e., friend or relative) for the offsite backup has the ability to read this data and, in an emergency pinch, also the ability to email at least portions of it to you for instant recovery. With this in mind, you would want to choose someone who is generally available, rather than your cousin across town who is a flight attendant or your best friend who has an apartment but spends most of her nights at her boyfriend's house and is rarely home.

Choosing someone who lives out of town is not as convenient as a neighbor, but in the bigger picture of disaster recovery, you have a sense of increased protection because if a hurricane or tornado sweeps through your neighborhood, your data which is sitting in a drawer in another state is likely to be okay. The exception here is bank vaults and specialized storage facilities (a lot more affordable than you might think), who usually have buildings or special storage vaults which can withstand many disasters and are more conveniently located for easy access.

TAPE CARTRIDGE BACKUP. If you use a tape cartridge system for backup, keep in mind that tapes can only be written and rewritten so many times before they are no longer reliable. Keep a log (on the tape) of how many times they are used and discard them after their life cycle is over. Take great care to store them away from extreme heat or cold or moisture or dust. Use a tape head cleaner (available in cartridge form or you can do it by hand) to clean your tape drive after 12 or so hours of use. It is strongly recommended that you DO NOT leave them in your computer 24/7, especially if you are in the habit of turning your computer off and on frequently.

If you do that, every time you power up your computer, the tape head is rewound and reread, and that increases the wear and tear and weakens the reliability of the tape. Tapes are the most convenient but the least reliable of all backup methods because of the delicate nature of tapes and the manner in which tape backup data is written (usually in one contiguous file). Thus it is highly recommended that you also use the verify feature in your tape backup software to assure that the data is really there and accessible. And periodically, even if you don't need to, you should try to retrieve something off the tape just to be sure you can in an emergency.

MAKE MULTIPLE VERSIONS AS WELL AS MULTIPLE COPIES. For both phases of backups, it's also best if you do not rely on the process of overwriting existing files with new copies of the same data. It's much better and safer to have multiple versions of the data on hand then a single copy of it, even if it's stored on the same medium. Documents and data files can become corrupted and rendered useless, and if you are backing up to the same file over and over again, you will be copying the damage as well and could end up with nothing in the end. Better to have too many copies of a file than none at all.

RECOVERING LOST FILES. And for those times when everything that can go wrong does go wrong and you do end up losing those precious files at the most inopportune times, before you engage in the daunting task of recreating them by hand (if it's even possible), you might want to consider some recovery options. You can load such goodies as Norton System Works on your system beforehand, which includes an "unerase" feature and can recover previous versions of files. Quite often, it is able to recover files even if it has not been previously loaded on your system. And even better than Norton (but a little more difficult to use) is a product from PowerQuest Corp. (801-437-9906) called Lost & Found which can recover an amazing array of data from your system. It's approximately $60 to purchase and download it online (www.powerquest.com) and it can be a savior in a disastrous situation.

However, the chances of recovering lost data are directly proportionate to the amount of times you continue to write on the same media after the file is lost, since there is a risk that you will eventually overwrite the needed data. So if a file is lost or corrupted and you have no backup, it's best to resort to these measures immediately and refrain from writing new data to the drive or media until you can attempt to recover the lost file(s). The PowerQuest solution is not as instant as the Norton solution, since it does a sweep of your entire drive, and it will render your computer unavailable for 12 hours or more, so be forewarned. But if you're faced with massive volumes of data that can't be easily or quickly replaced otherwise, it's definitely worth the time, trouble and cost. I have used it and been very pleased with it.

DISASTER RECOVERY FOR YOUR SYSTEM

Most discussions among the community of computer users, including the qualitative research community, evolve around backing up the data that is specific to the research. Certainly, this data is of paramount importance and protecting it should be of great concern. But what good is it to you if you have bothered to make a dozen copies of each research data file but your system goes kaput and you didn't bother with a recovery plan so you can get back up and running quickly and get to your files?

Disaster recovery can be as simple or as extensive as you want it to be, and how far you take it will be relative to your own personal situation. If your data is all in commonly used file formats, such as Word or WordPerfect, you use no proprietary software, you have insurance or warranty protection and/or can afford to get a replacement computer within a day or two's time, then you are probably safe to take minimal precautions or steps to protect the rest of your system. But if your computer is past the warranty stage, you have no insurance coverage, you have limited funds and/or limited available for sophisticated technical support, and your project is time sensitive, plus you are using some proprietary or not-so-common software packages (such as some of the analysis software popular with researchers), then you would be wise to consider steps to minimize your downtime in the event of any ill-fated events to your system or data.

SO WHERE DO YOU START? The first place I would suggest is to create a catalog document of sorts that contains all of your important information about your system, especially the software and technical details. It can be as orderly or as casual as you want. I have a special accordion folder where I keep all of my software licenses and warranty and registration information. It's there if I need to get to it, but for the most part, I don't need to because all of my pertinent information is online. As a secondary convenience, I have also written the licensing, registration and product number information (including key codes) right on the original media (not just on the case) for each software product. This simplifies the process if you are updating software files and it suddenly asks you for the original media and then unexpectedly asks you for licensing information.

I have created a single document on my system which I call "system stuff." This contains all of my license and registration numbers for all of my software. Additionally, I have added all of the pertinent phone numbers for customer service and tech support. I keep a shortcut to this document on my desktop for easy reference. Whenever I contact tech support -- whether via phone or email -- I bring up this document and add in whatever information they gave me that might be useful at another date.

For example, when I had trouble getting my Earthlink connection going, they had me go into my Dial-Up Networking settings and make some changes to get it working. I've had to reload my MS Windows software a few times, and it was very helpful to have this information in my "system stuff" document so I didn't have to call tech support again to get my Earthlink up and running. When my modem kept kicking me offline, AOL had me make some changes to the modem settings, which solved the problem. I added that to my "system stuff" document too. I've also made some changes to my Windows registry to tweak things a bit, when I found some tips in a book, and those are in there as well. To the casual observer, this document may look like a mess, but because it's electronic, I can easily do keyword searches for things that I know are in there and I spend minimal time getting back into production mode after I've made any major system changes. Of course, this document is like a bible to me and is thus backed up multiple times to various external media!

REGISTER YOUR SOFTWARE. Registering all of your licensed software can also ease the pain of recovering from system mishaps or disasters. This not only entitles you to free support (at least for some specified period of time), but quite often it also makes it easy to get replacement copies of the software if your original is lost or damaged. And registering also gives you the option of being automatically alerted via email of new updates or patches to the software.

WHAT IF YOUR SOFTWARE IS LOST, DAMAGED OR STOLEN? It's a good idea to have a backup plan for what you will do in the event your original software is unavailable. Many computers today do not come with CD or diskette (installable) versions of the software. Everything is loaded on them at the factory and the consumers use them in a state of ignorant bliss, unaware that disaster could strike at any moment, and some are unfortunately traumatized when their system crashes and they have no means of reloading the original software.

MAKE SURE YOU HAVE INSTALLABLE MEDIA FOR YOUR MAIN SOFTWARE COMPONENTS. Many systems that do not come with installable media (i.e., original software CD for Microsoft Windows or MS Office) will have built-in utilities that allow you to create your own installable media. If they do, then DO IT. If they don't, then get on the phone with tech support and ask them to advise you how to recover in the event of a disaster, and take any steps they recommend to prepare for such an event.

Optionally, you can call the software companies who provide your licensed software and ask them if free (or minimal cost) replacement software is available in the even t of lost or damaged original media. If they say yes, and the wait time is reasonable, then you may want to leave it at that. But if there is no free or inexpensive replacement, then you will want to make your own. If you have a CD-writer, you can usually copy the original CD to a new CD and send that off with the rest of your offsite backup data, for protection. Making a copy for backup purposes only (and for your own personal use) does not usually violate the software license agreement.

I have copied all of my software that comes on floppy diskettes or in downloadable form to a special CD for safekeeping. I also have a special folder called "Drivers, Patches and Update Files" where I download (into separately, clearly named subfolders) all of my patches and updates, and those are backed up to CD as well and are easy to find in case I have to reload my software.

If you cannot copy the original media, then you will at least want to keep it in a safe place, such as a locked, fireproof cabinet. It is not 100% protection from fire or flood, but it's better than nothing, and if your computer is stolen (sadly, I can think of eight people I know personally this has happened to), at least your software will be safe.

For some of you, unfortunately, there will come a time when you absolutely have to reformat your hard drive. For many people, when this happens, they will not even have a bootable diskette that enables them to do so. But for others, who are harboring a false sense of security because they created a bootable diskette using the built-in MS Windows utility, they, too, will be in for a shock when they have reformatted their hard drive only to find out that now they cannot load their software because the system does not know about the CD-ROM drive. This is because the utility that creates the bootable diskette (at least in Windows 95) does not, unfortunately, create a driver for the CD-ROM drive.

While your system is behaving the way it is supposed to, you should create a bootable disk and TEST it to make sure that it is working properly. Boot up your system with it and make sure you can access all of your hard drives as well as, and especially, your CD-ROM drive and, if necessary, any other pertinent drives or hardware such as a tape backup unit. If you can't, then you will be greatly hampered if your hard drive crashes. If your system-generated bootup disk does not give you the results you want, and you are not a technical wizard who can make the necessary modifications, you can create exactly the disk you need by doing to www.bootdisk.com and downloading the appropriate files to create such a disk. I have done that and added it to my list of "Drivers, Patches and Update Files" in a "startup disk" subfolder.

If you are faced with the daunting task of reformatting your system and reloading all of your software, you will want to remember to load all of the appropriate update patches and drivers, including Y2K patches, after loading each piece of software. Additionally, you will want to load any customized configuration files to restore your customized settings, to the extent you have any, which brings us to the next subject.

For each piece of major software you use, you should make it a point to be aware of the names and locations of all important data and custom configuration files and make sure those get backed up. I have migrated MOST of my customization files to my -data directory described above, but it is not practical to get them all in there. Another way to easily back these up is to load some automated backup software onto your system (which I talked about above and can be found at www.zdnet.com if you search there on "backup software"). You can find numerous free or very inexpensive backup utilities that allow you to preconfigure a custom list of all the files you want to backup in a flash or on a specific schedule. This list should include all of your customized configuration and data files. Then, periodically, you will want to backup these files onto your external backup media.

VIRUS PREVENTION. In addition to the fact that viruses are getting more and more destructive and scarier in their lethal missions, even the most mundane and harmless of viruses can wreak havoc with our precious spare time by causing us to have to spend hours cleaning up our systems to get rid of it. Virus prevention is an important part of your disaster recovery and backup plan as well as an important way to minimize your downtime and headaches. I do not keep my anti-virus software running in the background because it is a system hog, but I am militant about checking every file that I access for viruses. I also am religious about regularly downloading the latest virus definition files and staying abreast of any new viruses that are lurking out there and taking steps to make sure I don't get infected. (So far I've been very lucky.) Don't fall for the typical novice user misinformation that if your system is new or you don't download files from the Internet, or only download files from "people you know and trust" that you will be protected. All of that is just so much hogwash and the ONLY way you are fully protected is to load the software and USE it -- no exceptions!

SECURITY - PROTECTING THE CONFIDENTIALITY OF YOUR FILES

Security is a relative thing. How much of it you need depends on your individual situation and there is no "one size fits all" approach. One of my favorite comments tha t I have seen in discussions of security of research data is that it is probably too boring to be of interest to most folks. I think that is probably true and should be factored into *reasonable* precautions to protect the data, along with the reality that there is no such thing as 100% protection, and probably never will be. It seems that for every technological means that comes along to afford protection, at least two or three hackers are sure to come along behind it to prove that it was just an illusion. The bottom line here is that (1) you should not allow yourself to indulge in any false illusions that your data is every truly safe from prying eyes, and (2) your security plan should be balanced with the degree of risk for what could go wrong if the information fell into the wrong hands.

By all means, you certainly have an obligation to take reasonable steps to protect the privacy of the data for the main reason that you have made such a commitment (in most cases) to the research study participants. But it doesn't have to be to the point where it hinders rather than helps your project. Of course, you don't want to leave everything in plain view of the whole world, but a few basic tips will help get the job done and keep it in the realm of reality.

MAKE EVERYONE AWARE OF THE NEED FOR CONFIDENTIALITY.

First of all, if you have signed a confidentiality agreement with your participants, you may want to consider having others who will have significant access to the raw data also sign similar agreements, or at least make a verbal statement to them about your concerns and confirming that they understand the need for confidentiality. This will minimize the risk of accidental leaks and exposures. This includes contract typists and anyone who has access to the raw tapes or transcripts. It also includes anyone you plan to entrust with backup copies of your files. Confidentiality contracts with typists should include a specific request and confirmation that the files be deleted within so many days after they are submitted to you, the client. This is not a given assumption since many transcriptionists and office support folks (including me), as a rule, will keep data files on record for months or even forever as a courtesy in case the client ever needs them again. So you will have to specifically request it if you want to make sure the files get deleted.

THERE IS NO SUCH THING AS PRIVACY IN THE WORKPLACE!

Second, some researchers have mentioned emailing files to their work computer as a means of additional storage. This is not a good idea, for several reasons. First, if you are using the corporate email network as the transfer medium, you should know that in the majority of situations today, most corporate email networks are NOT considered private and are subject to being read by any number of people who have an interest in protecting the corporation from legal issues. Most likely, these people are not going to be interested in your research project per se, but there is the risk of exposure, nonetheless.

If you are depending on your workplace as a storage medium - whether via your email system, your work computer's hard drive, or even keeping backup diskettes in your desk drawer, this backup resource is only as good as your job security, which these days is a volatile thing. When I was MIS Director at a major law firm a few years back, we had to fire someone in my department. In accordance with firm policy, he was escorted to the lobby shortly after he was terminated. He was allowed to pack up his personal belongings - pictures, obvious family memorabilia, etc., but he was *not* allowed to take home any electronic media until it was reviewed by firm management to determine it was truly his. It was over a year before the management got around to reviewing and returning his diskettes (and even then he said they were not all there). This means not only that others now had access to his very private information, but that there was a substantial delay in his having access to it again. This is not an isolated case, as others have shared with me similar stories about retrieving data from former employers, especially after being terminated. Moral of the story: Your workplace is the last place you should store important personal data.

And on a related subject regarding workplace and security issues, use common sense when communicating or transferring data files with participants in the projects. Many people mistakenly think their workplace email is private, and they don't realize how many others in the organization have authorized (or not) access to it. A few years back I worked on a project where one of the participants worked in an organization which was subjected to high-level government security. In her multiple, lengthy interviews, she was very candid about things that were going on in her workplace, providing descriptive detail (including names) about political and ethical improprieties that had taken place, and her negative feelings about the whole thing. She asked for reassurance several times in the interviews regarding the confidentiality issue because the information was so sensitive.

She had a very upper-echelon position in this organization and she had worked hard for many years to achieve such advancements in her career. I can only imagine how difficult it would have been for her if she would have been fired from that job. So I was shocked to learn that my research student client had emailed the very sensitive transcripts to this participant at her workplace email address (in addition to her home address) so she could retrieve them at her convenience. I was quite shocked to learn not only that this had happened, but that both the researcher and participant felt confident that the information was "secure" and would not be seen by anyone else but them. Neither of them were very technically literate and thus were ignorant about corporate email technologies and procedures. Fortunately, as far as I know, nothing bad ever came of this careless incident, but it was still very careless nonetheless and, in my opinion, it should never have happened.

Also keep in mind that just because you send something to your work computer and remove it in the next day or two, it does not necessarily mean that it is gone forever. Corporate backup tapes (which are usually generated daily) are sometimes kept for weeks, months, years, or even forever, and if your data happens to be on those tapes, well, there you go - so much for security.

Another thing to consider is if you are using recycled diskettes. Because of the unerase utilities on the market, it is possible to retrieve old data on a diskette if it has not been written over too many times. If security is of utmost importance, either use only brand new media, or reformat the diskette at least four times - a "complete" format (not a "quick format") to assure that the old data is gone. This procedure also goes for your computer hard drive if you plan to sell your computer and absolutely don't want the old data to be retrievable.

PASSWORDS CAN KEEP *YOU* FROM GETTING INTO YOUR OWN FILES!

Some people have mentioned using passwords to secure their data from prying eyes. I don't recommend the use of passwords because they can be forgotten, and when that happens, it can be very difficult if not impossible to get to the original data.

ENCRYPTION AND PRIVACY SOFTWARE

If you feel you absolutely must take additional precautions to ensure the privacy of the data, then encryption software is your best option, especially if you are planning on using online storage. For your hard drive, For Your Eyes Only is a good choice to keep the data away from others who might have access to the computer. If you use either of these methods, it's also a good idea to create and maintain an offsite backup copy of the software itself to make sure you have the means to retrieve the data if you have to resort to backup copies. It's not unusual to have problems with backward compatibility in any software program, and this problem could present itself if you buy something, say, today, and don't upgrade it for 3 or 4 years and then you lose the original software and have to retrieve the encrypted data.

USE TRUSTED OFFSITE SOURCES.

Additionally, making sure you only use trusted sources for offsite storage (close friends or family members who are trustworthy or a bank vault or secure storage facility), and keeping the data in a secure place in your home (including original interview tapes and all hard copies as well as electronic versions of the data) is all the reasonable precaution most people need.

EMAIL IS NOT NECESSARILY A "TRUSTED SOURCE"

And one last thing about electronic storage and transfer. Most of us are accustomed to - even dependent on - electronic transfer of data for the convenience of instantaneous and economical delivery of data, especially finished transcripts and now even the recorded interview data (when wav file technology is used). When you use an ISP or online service to transfer this data, it not only can make many stops along the way before it arrives at its final destination, but when it sits out there in cyberspace for days waiting to be downloaded by the recipient, this increases the risk of exposure to and retrieval by unauthorized parties. As with any electronic data, there is so much of it out there that most of it is protected by virtue of the sheer volume and "boringness" of it. Many folks send confidential files every day via email without adverse consequences. But if someone really wants to get to the data, they can and will find a way, so if confidentiality is a must, email is not a wise choice (unless you at least use encryption software with it).

A MORE PRIVATE ALTERNATIVE TO EMAIL

So the bottom line here is that if your data absolutely must have maximum protection from unauthorized access, then email is not the way to go. Instead, you should rely on direct file transfers such as Norton's pcANYWHERE or a direct FTP transfer from your machine (a built-in feature of Windows 98), or overnight mail or personal delivery. Keep in mind that if you use pcANYWHERE or FTP transfer, you will want to make sure your PC (and the other party's) does NOT remain in this open connectivity state after the transfer is over, because that then makes you vulnerable to hackers, who can not only wreak havoc with your hard drive, but also use your PC (unbeknownst to you) as a transfer medium to upload viruses into cyberspace.
If the information falls into the "probably too boring to be of interest to anyone" category, you can probably forego the need for encryption software and just take the other reasonable precautions. You should make this judgment call based on the sensitivity of your data and/or the degree of privacy protection you need to provide the participants.

The main thing to consider is that you should understand not only the degree of privacy and backup protection that is realistic for your project, but you should also make every effort to understand the limits and risks of any technology you might depend on for such protection.

Copyright 2000 Karen Schouest
Reprinted with Permission

(Karen Schouest owns and operates Work In Progress, a business support service currently located in Missouri (relocating to Hawaii in 2001). Her specialties include qualitative research transcription and typing and editing of theses and dissertations, as well as database design and a "Power User" training course (how to be faster at the keyboard) which she has been doing since 1974. She is also the first place winner of the 1999 Fastest Typist in the Nation contest, sponsored by OPAC and types 162 wpm, which goes well with the theme of her Power User training course: "You don't have to be the fastest typist to be the fastest word processor." She can be reached at wkprogress@aol.com or 660-438-7798 and is happy to answer questions relating to technology, transcription, work flow efficiency, or to assist with your transcription or dissertation project.