*UPDATE - The Qualtrics Team has resolved this issue and now files uploaded via Action Emails are secured, as they were with the Trigger emails.
Thank you for fixing it Qualtrics!
************************************************************************************
Just discovered that participant upload files are NOT SECURED in Action Emails, even when the Secure Participant Files box is checked on the Survey Options. Anyone who is sent or forwarded a Action email with a response report or has a upload file link piped in CAN OPEN THE FILE.
We used this feature with the Trigger Email function, and piped in links to participant files could only be opened by owners or collaborators on the project. This is no longer the case with Action Emails and I was able to confirm this feature is not in place per Qualtrics Support.
This is a serious security concern as we used it to share sensitive documents with tax ID, passport information, etc. and figured out they were no longer secure just by chance.
I'm sure other companies have no idea that their files are not secured as well.
Now we have to figure out how many of the 1,000 forms in play at our university this affects.