IASC Principles for Data Responsibility in Humanitarian Action

Accountability: “...[H]umanitarian organizations have an obligation to account and accept responsibility for their data management activities.”

Confidentiality: “Humanitarian organizations should implement appropriate organizational safeguards and procedures to keep sensitive data confidential at all times.” 

Coordination and Collaboration: “Coordinated and collaborative data management entails the meaningful inclusion of humanitarian partners, national and local authorities, people affected by crisis, and other stakeholders in data management activities…”

Data Security: “Humanitarian organizations should implement appropriate organizational and technical safeguards, procedures and systems to prevent, mitigate, report and respond to security breaches.”

Defined Purpose, Necessity and Proportionality: “Humanitarian data management and its related activities should have a clearly defined purpose…[T]he management of data in humanitarian response should be relevant, limited and proportionate – in terms of required investment as well as identified risk – to the specified purpose(s).”

Fairness and Legitimacy: “Humanitarian organizations should manage data in a fair and legitimate manner, in accordance with their mandates, the context of the response, governing instruments, and global norms and standards, including the Humanitarian Principles. Legitimate grounds for data management include, for example: the best interests of people affected by crisis, consistent with the organization’s mandate; public interest in furtherance of the organization’s mandate; the vital interests of communities and individuals not able to make a determination about data management themselves…”

Human Rights-Based Approach: “Data management should be designed and implemented in ways that respect, protect and promote the fulfilment of human rights, including the fundamental freedoms and principles of equality and non-discrimination as defined in human rights frameworks, as well as the more specific right to privacy and other data-related rights, and data-specific rights promulgated in applicable data protection legislation and other applicable regulation.”

People-Centered and Inclusive: “Affected populations should be afforded an opportunity to be included, represented, and empowered to exercise agency throughout data management whenever the operational context permits.”

Personal Data Protection: “Humanitarian organizations have an obligation to adhere to (i) applicable national and regional data protection laws, or (ii) if they enjoy privileges and immunities such that national and regional laws do not apply to them, to their own data protection policies.”

Quality: “Data quality should be maintained such that users and key stakeholders are able to trust operational data management and its resulting products. Data quality entails that data is relevant, accurate, timely, complete, up-to-date and interpretable…”

Retention and Destruction: “Sensitive data should only be retained for as long as it is necessary to the specified purpose for which it is being managed or as required by applicable law or donor audit regulations. When its retention is required, safe and secure storage should be ensured to safeguard sensitive data from being misused or irresponsibly exposed.”

Transparency: “Data management in humanitarian response should be carried out in ways that offer meaningful transparency toward stakeholders, notably affected populations.”

RD4C Principles

Related IASC Principle(s)

Implementation 

Purpose-Driven: Identifying and specifying why the data is needed and how the intended or potential benefits relate to improving children’s lives.

Defined Purpose, Necessity and Proportionality 

Both the RD4C and IASC Principles emphasize that responsible data practices begin by being purpose-driven. A clearly defined purpose can help practitioners avoid misuses of data and organize their efforts around achieving a well-established goal or objective. 

Practitioners will also be better positioned to align their downstream data practices with responsible data principles — such as Proportionality — if they are working toward a well-established purpose that can benefit children’s lives. 

Participatory: Engaging and informing individuals and groups affected by the use of data for and about children.

Coordination and Collaboration

Transparency

A Participatory approach involves collaboration and transparency, both of which are represented in the IASC Principles. 

First, practitioners should seek input from and collaboration with relevant stakeholders in the design and implementation of a data initiative. These stakeholders can include children, their caregivers, and the communities in which they live as well as partners, donors and other key actors. 

Second, a Participatory approach necessitates a level of transparency and effective communication to ensure that the intended beneficiaries of a data initiative and other relevant parties are kept abreast of new developments. 

Professionally Accountable: Operationalizing responsible data practices and principles by establishing institutional processes, roles, and responsibilities.

Accountability

Confidentiality

Fairness and Legitimacy

Data responsibility rests upon individual and organizational accountability. Professional Accountability entails establishing and adhering to policies and procedures that place personnel in the best position to handle data fairly and legitimately, guard against inappropriate or harmful activities, and ensure that children’s data under their charge remains secure. 

People-Centric: Ensuring the needs and expectations of children, their caregivers, and their communities are prioritized by actors handling data for and about them.

People-Centered and Inclusive 

Data can play an important role in driving effective decision-making, improving service delivery, and increasing efficiency, among other benefits. Given these facts, practitioners handling data for and about children should ensure that the needs, interests, and expectations of people—including children and their caregivers in particular—are prioritized. When making decisions regarding data handling activities, practitioners should center practices that demonstrably serve children’s interests — in an inclusive manner that takes into account vulnerable or marginalized communities — over more process-oriented benefits that could be created through data, such as efficiency gains.

Prevention of Harms Across the Data Life Cycle: Establishing end-to-end data responsibility by assessing risks during the collecting, storing, preparing, sharing, analyzing, and using stages of the data life cycle.

Data Security

Personal Data Protection

Quality

Risks of both misuse and missed use of data for and about children can emerge at different stages of the data life cycle. Issues related to data security, such as breaches, unauthorized access, and other intentional or incidental misuses of data can occur at each stage of the data life cycle and require targeted strategies for mitigation. At each stage, practitioners also face challenges in preventing harms that could arise from both personal data about children as well as group, aggregated, or statistical data about children.

Practitioners should also recognize data quality as a key element impacting end-to-end data responsibility. An adequate level of data quality can help practitioners to prevent harms and capitalize on opportunities to improve children’s lives with data. Poor data quality can create significant, compounding risks and negatively impact decision-making across the data lifecycle. 

Proportional: Aligning the breadth of data collection and duration of data retention with the intended purpose.

Retention and Destruction

The collection and retention of children’s data should be relevant, limited, and adequate to what is necessary for achieving intended purposes. As indicated by the IASC Principle of Defined Purpose, Necessity and Proportionality, the issue of proportionality is closely related to and defined by the core purpose of data activities involving children.

While important for all data subjects, proportional data handling and appropriate decision-making regarding the retention and destruction of data is paramount for children. Disproportionate initial data collection or longer-term retention can exacerbate children’s actual or potential vulnerabilities and pose risks to their future prospects. 

Protective of Children’s Rights: Recognizing the distinct rights and requirements for helping children develop to their full potential.

Human Rights-Based Approach

The Universal Declaration of Human Rights states that children are “entitled to special care and assistance,” and the Convention on the Rights of the Child outlines additional rights and entitlements that are unique to childhood. Data practices involving children must take into account these additional rights, as well the unique risks that irresponsible data practices can pose to children.