Our research team is hoping to make the switch from Beiwe to MindLAMP for several upcoming projects. We are in the process of obtaining IRB approval to use MindLAMP, and we need to provide a thorough description of the data security features of the platform. In particular, we need to describe the specific encryption protocols that will be used to safeguard data on participants’ phones, in transit, and at rest on the server. I’ve looked through the documentation, but the information I’ve been able to find doesn’t include a lot of detail (e.g., I see the platform uses AES-256 encryption, but is that the case for data on participants’ phones as well as on the server?). Is there somewhere I could find a more comprehensive technical description of the MindLAMP data security features?
Thanks for your response! I just filled out the form.
Sorry if my previous message was a little ambiguous – by “data stored on participants’ phones”, I wasn’t referring to long-term data storage on the phones, I meant the data cached on the phones before being uploaded to the server. If I understand correctly, those data could remain on the phones for awhile under certain circumstances (e.g., if the phone cannot access a data connection). Where could I find out about what security/encryption measures are in place for the phone data cache?
Also, I was hoping to find more information about how the AES encryption keys are generated and stored. Is that information available somewhere?