Forum Discussion
What's the best way of anonymising data collected in Microsoft Forms
What's the best way of anonymising data collected in Microsoft Forms in a way that lets me connect multiple forms completed by the same person (to track their progress in something, for example) but without having to collect and store their name and/or any other personally identifiable data directly within each form?
On the one hand, I need to track someone's progress in their wellbeing and other sensitive information (about their mental health & other personal issues). I need to be able to contact the people who have completed a form periodically after they complete a questionnaire. But, I also need to find a way of connecting the periodic forms with a unique ID number so that I can track how my service has helped someone's wellbeing and mental health as a result of using our services.
Any help that anyone can give me with this would be very much appreciated, as protecting our user's personal data is going to be of the highest priority. Yet, I need to be able to track their progress safely and effectively.
Thanks for your help and time.
- RobElliottSilver Contributor
DDHub At my company we regularly use a combination of Forms, Power Automate and SharePoint lists to collect sensitive information from our staff that only a very small number of people should see, and the data shouldn't be stored in Forms for longer than absolutely necessary. We do this as follows:
- the user submits the form in Microsoft Forms. Because the user is internal to our organisation the form already knows who they are from their Office 365 login.
- a flow in Power Automate saves that response into an "open" list in SharePoint. Everyone will need Contribute permissions for that list.
- the next action in the flow is to copy that list item to a "secure" list where the permissions are heavily locked down.
- the final action in the flow is to delete the item from the "open" list.
The flow actions run so quickly that no-one can ever see any items in the "open" list: SharePoint has created then deleted the item before the list has time to refresh. Additionally, because a user can only see items in the site recycle bin that they deleted they can't go into it and restore items as they were deleted as part of the flow and were therefore deleted by the flow owner.
The flow will record their email address but you need that so you know how to contact them and to track their progress. But as this is stored in the secure list it's not a problem. And the data is being held for the specific reason that the user submitted the form and is therefore compliant with (in my area of Europe anyway) GDPR.
A separate flow runs every 1 hour each day to delete all responses in the spreadsheet behind the form.
Rob
Los Gallardos
Microsoft Power Automate Community Super User- DDHubCopper ContributorHi
That's useful, but the people we're collecting info from are our organisation's service users, so as much as I appreciate and will use the workflow, I still ned a way of storing a unique ID for each person who submits a form and then to separate the email from the rest of the data but link it to an ID so that I can contact the user to find out how the course we offer went and if, and how much, it helped them.
Any suggestions will be appreciated, and thanks for the tips on the workflow as that's really helpful 🙂- RobElliottSilver Contributor
DDHub Forms cannot look up any information or allocate a unique ID to a user so you'll need to store a unique ID in a list together with the details of who the user is and then compare the responder's email with the list and get the details.
Rob
Los Gallardos
Microsoft Power Automate Community Super User