Digital Humanitarians and Data Protection

Digital Humanitarians and Data Protection

In the previous post “Aid Services in the age of Communication and Technology,we presented how ICT is used to advance the services delivery in aid and humanitarian work, and The new  Information and Communications Technologies (ICT) used by the aid agencies. In this post, we will talk more about the information collected by the different organizations, to what extent this information is secured?  what data sharing protocols are set in place to protect the information?

“No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks.”  Article 12, Universal Declaration of Human Rights.

 

What does data security mean?

Data security is the implementation of appropriate administrative, technical or physical means to guard against unauthorized intentional or accidental disclosure, modifications, or destruction of data.(Hibbard, 2015)  

Humanitarian work is very unique in different meanings, due to many reasons such as, the extraordinary working environments that encompasses unexpected number of risks and hazards, the type of clients “beneficiaries”, and the work rhythm that can be subjected to all kind of changes that impose  fast and unconditional adjustment, like in case of refugees influx from a neighboring country were thousands could arrive over few hours or days. this  context   ledto a need to work toward improved data security in the humanitarian field.

Humanitarian organizations collect different types of information, from basic personal data to biometric information such as fingerprints and iris recognition, as well as financial data such as bank accounts and credit cards numbers for cash aid services. In some other cases very sensitive information that could place the beneficiaries under direct threats such as testimonies against other individuals or groups.

One basic lesson we learned as humanitarian field workers, is that we can’t work alone, we need the other players, other organizations that provide different services than we do, and have other means than we have. This is one of the basic principles in my opinion in humanitarian and aid work, “Coordination and Partnerships”.

Can aid organizations cause any harm to their beneficiaries if they don't have proper data management systems?  Who has the right to access the information and/or share it?

Working together means sharing information about the beneficiaries, do we always make sure that we have prior informed consent of the beneficiaries? Do we explain it clearly to the beneficiaries that we might share this information? Do we disclose any information to the authorities if they asked for it? How do we treat sensitive health and legal information? Who controls the information? How do we control the frontline staff from misusing or share information with unauthorized people?  And Who do we define as the owner of a beneficiary’s data?

Many questions to answer!

As mentioned earlier the working environment is complicated and requires fast action and adaptation to the situation, for example, the offices might be small unsecured tents or caravans, the information is saved in local computers due to lack of resources, the programs used do not  have sufficient  security measures  such as MS office i.e. excel, word, access.  In many cases at the field level organizations don't have a database administrator, all staff is using same login information, or even use their personal emails to send and receive information. 

Many organizations have their ethical frameworks that include the values of preventing harm, protecting beneficiaries privacy, and ensuring that the risks are at the lowest possible level.  In addition to that, organizations started to adapt some appropriate safeguards.  But again, how effective are these measures? What systems are in place to enforce compliance with the standards?

UN Global Pulse facilitated a workshop titled “Improving Data Privacy & Security in ICT4D” At this workshop, the speakers  emphasized some of the main issues related to data privacy in humanitarian work and some of the action point to be considered for improving the current situation, such as, obtaining the beneficiaries consent, the lack of privacy risk assessments in the current  propjets, the lack of secured data share mechanisms, etc. 

The increase in using ICT solutions in the humanitarian sphere requires more in-depth contemplation to assure the best possible mechanisms to decrease the risks of both intentional and accidental security breach by creating a proper balanced system that does not overweight the beneficiary’s right to privacy and data protection over the need to respond to demands.

Some people might argue that the priority is to respond to needs and save lives, this is a very valid argument as well, however, as the basic value of humanitarian work is to cause no harm, aid organization should maintain minimum standards of data protection. This applies to donors as well, as they have a major responsibility to support their implementing partners in developing safe and secure data protection systems and internal security measures and consider this as a cross-cutting theme in all their funded projects.

For me personally, as someone who lived and worked in different countries and experienced different cultures, I can add that privacy is a value and what can be considered private in some cultures might not be in other cultures, and risk have different weight in western culture. Thus minimum standards should exist and applied at all times, with a margin of culturally accepted flexibility.