Data privacy is of paramount importance in the SEPA “Data to Action” project. We had an issue with the well water dataset on Tuva, which was discovered internally on September 28, 2019. Non-obfuscated latitude and longitude data from the SEPA “Data to Action” project was available on the arsenic platform on the Tuva data literacy website between April and September 2019. The Tuva platform used for the SEPA project is private and only students, teachers, scientist partners, and project leaders involved in the SEPA project would have knowledge of it or reason to access it. During the time that the actual latitude and longitude data were accessible, it would have been possible for a student or other project member to zoom into a map on the Tuva website and determine the water quality status at points on named streets. However, since there are no property lines on the map, it was unlikely that points could be correlated with individual households.
What did we do?
On October 10, 2019, we contacted all teachers involved in the project between April and September 2019 to inform them of this issue and ascertain whether any students had in fact used the mapping feature to access private well water information. All teachers confirmed that they and their students had no knowledge of this data disclosure. We have devised a more secure way to transfer data from the Anecdata portal into Tuva. With this new approach, we have eliminated the possibility of this error occurring again in the future.