Michigan State University has a Qualtrics licensing agreement to offer the survey tool to faculty, researchers, students, and staff through the MSU Qualtrics portal.
Qualtrics has developed a series of proprietary computer software programs that facilitate and automate the process of conducting surveys, polls, intercepts, and reports. End users access the software using a web browser and the Internet in which Qualtrics develops, maintains, secures, and makes available the software, systems, and support services in an applications service provider (ASP) model.
More detailed information is available in the Qualtrics Security White Paper (PDF 5.9MB).
All data will be stored and processed in a single geographical region as specified on a service order as part of the agreement. Qualtrics leases the services of third-party hosting facilities that are independently audited SSAE-16 SOC 1 Type II. Qualtrics shall be responsible for the backup of data for disaster recovery purposes only, and MSU shall be responsible for the routine backup and data deletion.
Qualtrics servers are protected by high-end firewall systems, and scans are performed regularly to ensure that vulnerabilities are quickly found and patched.
Michigan State University, as the Qualtrics license subscriber, owns all right, title, and interest in and to any survey responses, reports, and all other information input or generated by or on behalf of the subscriber in connection with the Qualtrics service and data. MSU has the sole responsibility for the accuracy, quality, integrity, legality, reliability, appropriateness, and intellectual property ownership or right to use the data. The data shall be deemed to be MSU’s confidential information and will not be utilized by Qualtrics for any purpose other than performing its obligations under its license agreement with MSU.
Qualtrics will implement and maintain industry standard data security measures designed to prevent unauthorized access, disclosure, alteration, and use of the data and shall periodically review and update such measures.
Qualtrics protects all data the same, without regard to type or classification. Therefore, signing any document that recognizes any specific data types places extra legal burdens on Qualtrics. All data are essentially invisible to the third-part vendor. Only in specific circumstances can Qualtrics sign a data privacy agreement. Under no circumstances will any customer data be disclosed except as lawfully required as described in this document.
Qualtrics acknowledges that MSU is subject to the Family Education Rights and Privacy Act (FERPA). Regarding the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health (HITECH) Act, and specific data types: Qualtrics provides general research software and other services where all data are processed equally without regard to how a customer may classify their data. Qualtrics safeguards all customer data and uses secure data centers to ensure the highest protection as per HITECH requirements.
Qualtrics Survey Tool
Qualtrics uses Transport Layer Security (TLS) encryption (also known as HTTPS) for all transmitted data. All of Qualtrics products are self service whereby the end users are solely responsible for what data to collect and from whom. Survey respondents may use mobile devices to complete a survey.
Customers must ensure they follow applicable laws when distributing surveys. This includes following applicable law when collecting personal and health information, preventing unsolicited emails from being sent, and deleting personal information when it is no longer needed.
Qualtrics does not knowingly collect personal information from children under 13 for marketing purposes.
Customers must abide by U.S. law that forbids collecting a child’s personal information. Since customer data are invisible to Qualtrics, it is not responsible for any survey data collected by customer users, including sensitive data, collected by those under 13. If a child under 13 submits personal information, and Qualtrics is notified, they will contact the MSU Brand Administrator and ask that their data be removed.
There are several data types that surveys collect, and generally fall into one of the following categories: Response Data, Panel Data, User Info (see the MSU Qualtrics Privacy Statement for more on this), Survey Design and Objects, and Qualtrics Service Users (see the MSU Qualtrics Privacy Statement for more on this).
Responsive Data are data that respondents provide by answering the questions in surveys or employee evaluations.
Panel Data includes the panel respondent list that Qualtrics can use for the distribution of surveys. This usually entails email addresses paired with a name, but can include additional information. Use of panels is optional.
Survey Design and Objects include any surveys created with graphics or other property hosted by Qualtrics for use in surveys. Graphics and other objects are stored within a library in the Qualtrics system. The “File Upload Question Type” feature allows files to be uploaded into a survey if allowable by the survey creator. This feature should only be used for non-confidential graphics and files.
The broad Michigan State University theme is the default for MSU users.