The RD4C Tools provide lightweight and user-friendly means for organizations and practitioners to operationalize the RD4C Principles.
Focus on Children’s Data & Responsibility (Cross-Sector)
Global Kids Online. Using Research Findings for Policy Making. 2016.
Internet-related policy is a topic of fierce global debate, with questions such as, should it be national or international, who should oversee it, what should it relate to, how should it be developed and who should be the main stakeholders? When it comes to children and the internet, things are particularly complex as policies related to child rights tend to be scattered across different domains (health, education, welfare and justice), and are not always linked to broad public policy objectives related to the digital economy, digital society or to internet governance. This Guide examines the relationship between research and policy in this area, and supports researchers to frame their objectives and findings in ways that (directly or indirectly) support policy development processes that affect children.
DevelopmentView ResourceNon-Governmental Organizations and Academia
World Vision International. Data Protection, Privacy and Security for Humanitarian & Development Programs. 2017.
This discussion paper identifies the opportunities and risks of the use of data for humanitarian and development programs, provides several policy frameworks on data protection, presents ethical considerations, and studies the experience of World Vision International in protecting data related to their humanitarian activities. The paper cites the European Union General Data Protection Regulation as an example of a framework that specifies policies for the protection of children’s rights to privacy by requiring that children must be able to understand the privacy notices, and that online services offered for children may only process data with a guardian’s consent unless they are preventative or counselling services. To conclude, the authors acknowledge that the complexities of the contexts where humanitarian and development agencies operate “make it difficult to implement a fail-safe approach to data protection, privacy and security in its digital work. At the same time, it is incumbent on this sector to strive toward the highest level of integrity, ethics and technical ability to ensure the strongest possible data protection of vulnerable populations, and particularly children.
Development Ethics Humanitarian Privacy & SecurityView ResourceData Responsibility Approaches and Models
UNOCHA and PIM. A Framework for Data Sharing in Practice: Part One. May 2017.
This document is the first of a two-part document and is divided into two sections. The first is a series of shared principles and a common trust statement, shared concepts and core competencies in this area. The second section defines a framework for data, information and analysis sharing for operationalizing the shared principles. The first step is a consideration of how to define the protection outcome (value proposition) of sharing data, based on a list of shared questions on motivations, risks and benefits, for partners and stakeholders. The shared questions focus on the original purpose for which the data was collected, the purpose for sharing and the purpose for which it’s used. This section also includes a set of guiding questions about how to make principles more actionable and practice-based.
Ethics Humanitarian Privacy & SecurityView ResourceNon-Governmental Organizations and Academia
PIM Working Group. Working Meeting Outcome Document. Second Protection Information Management. 2015.
The objective of protection information management (PIM) in humanitarian response is to provide quality data and information on individuals and groups of persons affected by natural or man-made disasters in a safe, reliable, and meaningful way. The goal of the first PIM Working Meeting was to begin the process of identifying the “discipline” and principles of the PIM and sharing these ideas with the humanitarian community. The results of the meeting included a PIM definition and systems matrix, agreement on principles and competencies, outlining next steps (and creating this outcome document). Definition: “Protection Information Management refers to principled, systematized, and collaborative processes to collect, process, analyze, store, share and use data and information to enable evidence-informed action for quality protections outcomes.” The systems matrix enables identification of the best tools, systems and approaches, strengthens a common understanding of protection information concepts to ensure accuracy, and adds to the overall quality of PIM work. PIM also utilizes categories for different systems: protection monitoring and assessment, case management, population data, protection response monitoring and evaluation, communicating with affected populations, security / access / safety, and sectoral systems / other.
Development Privacy & SecurityView ResourceFocus on Children’s Data & Responsibility (Cross-Sector)
Global Kids Online. Researching the Benefits and Opportunities forChildren Online. 2016.
This Method Guide situates current research on online benefits andopportunities in relation to key trends in global research on digital practice,and identifies the key issues that shape children’s capacity to maximize the positiveimpacts of their online engagement. The Guide aims to orient researchers indeveloping internationally comparable and culturally appropriate frameworks forunderstanding the scope and impact of the opportunities for children online.
Privacy & SecurityView ResourceFocus on Children’s Data & Responsibility (Cross-Sector)
UNICEF. The State of the World’s Children 2017: Children in a DigitalWorld. 2017.
In this report, UNICEF presents several key messages on the state of children in the digital world:“Digital technology has already changed the world – and as more and more children go online around the world, it is increasingly changing childhood.Connectivity can be a game changer for some of the world’s most marginalized children, helping them fulfil their potential and break intergenerational cycles of poverty.But digital access is becoming the new dividing line, as millions of the children who could most benefit from digital technology are missing out.Digital technology can also make children more susceptible to harm both online and off. Already vulnerable children may be at greater risk of harm, including loss of privacy.The potential impact of ICTs on children’s health and happiness is a matter of growing public concern - and an area that is ripe for further research and data.The private sector - especially in the technology and telecommunication industries – has a special responsibility and a unique ability to shape the impact of digital technology on children.”
Privacy & Security Human RightsView ResourceData Responsibility Approaches and Models
UNHCR. Model agreement on the sharing of personal data with Governmentsin the context of hand-over of the refugee status determination process.
UNHCR creates a template of agreement between national government andinternational organizations that guides data sharing activities, aiming to protectthe privacy and confidentiality of individual data while promoting service deliveryat the same time.
Humanitarian Privacy & SecurityView ResourceNon-Governmental Organizations and Academia
Center for Global Development. “Privacy and Biometric ID Systems:An Approach Using Fair Information Practices for Developing Countries.” 2013.
The paper suggests ways to use the elements of Fair Information Practicesin a biometric identification system to achieve a balanced outcome that protectsprivacy to an adequate degree. Using Privacy Impact Assessments to consider privacyconsequences before making decisions can also assist in achieving a result thatminimizes data processing activities that affect the privacy of individuals.
DevelopmentView ResourceFocus on Children’s Data & Responsibility (Cross-Sector)
UNICEF. Policy guide on children and digital connectivity. 2018.
The introduction to this policy guide includes the central statement:“children who are connected can benefit from numerous opportunities, but may alsobe exposed to a myriad of risks. Those who are not connected risk exclusion anddisadvantage as most of the modern world remains out of their reach.” The guideis organized around six actions (and subsequent principles, resources, etc.) includedin the State of the World’s Children 2017 Report, and is intended to be read alongwith that report. These actions are: All children have affordable access tohigh-quality online resources; Skills and literacies for all children, witha focus on the underserved; Protection from harm online; Safeguarding children sprivacy and identity online; Ethical business standards and practices; and Inclusive,evolving and evidence-informed government policies.
Privacy & SecurityView ResourceFocus on Children’s Data & Responsibility (Cross-Sector)
UNICEF. Module 1 - Child Rights in the ICT Sector.
In this powerpoint presentation, a section is dedicated to outliningkey guidelines, frameworks and stakeholders protecting the rights children. Morespecifically, it includes: A chronological roadmap tracking legislation aboutprotecting children’s rights leading up to and influencing the development ofthe COP guidelines;Business principles as they relate to children’s rights;Childrights’ stakeholders and their networked organizations’ work UNICEF’s rolein protecting children’s rights in this ecosystem with various multi-stakeholders.
Privacy & Security Human RightsView ResourceData Responsibility Approaches and Models
UN Office for Outer Space Affairs. International Charter for Space& Major Disasters. 2000.
The Charter on Cooperation to Achieve the Coordinated Use of SpaceFacilities in the Event of Natural or Technological Disasters is both a methodologyand international collaboration bringing together global actors to leverage satelliteimagery data responsibly in the public interest. The Charter utilizes satellitedata that shows natural and man-made disasters with the intention to help informmitigation and management strategies to these catastrophes. The Charter allowsresources and expertise to be coordinated for rapid response, and aids civil protectionauthorities at the local level, as well as the international humanitarian community.
Humanitarian DevelopmentView ResourceData Responsibility Approaches and Models
UNOCHA. Building data responsibility into humanitarian action. 2016.
The humanitarian data ecosystem is responsible for protecting vulnerablepopulations from possible harms caused by certain data usage practices, such asdisclosure of sensitive personal data and demographic data. The authors arguethat the concept of “data responsibility” is more than “data privacy” and “dataprotection” - it entails a set of principles, processes, and tools to create socialgood through responsible data management. This report also cites a few case studiesto show application of the below steps that are central to responsible data usage:Considering context and purpose for generated and shared data;Evaluating datastorage and inventory; andLocating risks and harms with possible data usagesbefore that practice is initiated, in addition to reducing the likelihood of suchrisks. Baseline standards for responsible data in action are: Identifyingthe need;Assessing core competencies;Managing risk to vulnerable populations;Adheringto legal and ethical standards;Responsibility as a process, not a policy and “Brightline” rules and “red button” responses.
Humanitarian Privacy & SecurityView ResourceFocus on Children’s Data & Responsibility (Cross-Sector)
Global Kids Online. Understanding Children’s Well-Being and Rightsin the Digital Age. 2016.
Global Kids Online is an international research project that aimsto contribute to gathering rigorous crossnational evidence on children’s onlinerisks, opportunities and rights by creating a global network of researchers andexperts and by developing a toolkit as a flexible new resource for researchersaround the world.The project was funded by UNICEF and WePROTECT Global Allianceand jointly coordinated by researchers at the London School of Economics and PoliticalScience (LSE), the UNICEF Office of ResearchInnocenti, and the EU Kids Onlinenetwork.This guide introduces the Global Kids Online research framework. Itidentifies the global research challenge of researching children’s internet andmobile use as more children go online around the world. It provides a review ofavailable statistics and research literature. The guide considers a mappingof evidence onto a childs-rights agenda and asks how internet use is reconfiguringchildren’s rights.
Privacy & Security EthicsView ResourceData Responsibility Approaches and Models
UNOCHA and PIM. Framework for Data Sharing in Practice. May 2018.
This document includes a trust statement to serve as an agreementto which two parties agree as an indication of their commitment to the Frameworkwhen sharing data. The document summarizes the minimum shared principles thatunderlie and characterize the responsible handling, sharing, and use of data andinformation:People-centered and inclusiveDo no harm Defined purposeInformedconsent and confidentiality Data responsibility, protection, and security Competencyand capacity Impartiality Coordination and collaboration It also includesguidelines for creating shared and commonly understood processes for data managementin a data sharing environment such as establishing core competencies and completinga joint benefit and risk assessment.
Development Privacy & SecurityView ResourceFocus on Children’s Data & Responsibility (Cross-Sector)
UNICEF. Children’s Online Privacy and Freedom of Expression. 2018.
This toolkit builds on the Guidelines for Industry on Child OnlineProtection (UNICEF, 2015) to further explore the corporate responsibility to respectchildren’s rights in a digital world and suggests that there is a shared responsibilityto protect, respect, and realize the rights of the child. UNICEF states thatpublic obligations and private responsibilities should be governed by a set ofgeneral principles that put children’s online privacy and expression rights incontext: Children have the right to privacy and the protection of their personaldata. Children have the right to freedom of expression and access to informationfrom a diversity of sources. Children have the right not to be subjected toattacks on their reputation. Children’s privacy and freedom of expression shouldbe protected and respected in accordance with their evolving capacities. Childrenhave the right to access remedies for violations and abuses of their rights toprivacy and free expression, and attacks on their reputation.The toolkit providesa checklist for use by any company that has an impact on children’s privacy andexpression rights in a digital world. The Checklist groups potential impacts onchildren’s privacy and freedom of expression into four categories: Obtainingchildren’s personal data Using and retaining children’s personal data Ensuringchildren’s access to information Educating and informing children online
Privacy & SecurityView ResourceData Responsibility Approaches and Models
DIAL, Gates Foundation, SIDA, UNICEF, UNDP, USAID, WHO and World Bank.Principles for Digital Development.
The Principles for Digital Development were developed by a consortiumof international organizations seeking to unify and build common practices aroundthe use of data and technology in international development. The Principlesfor the Digital Development include the following concepts: Design with theuserUnderstand the existing ecosystemDesign for scale Build for sustainabilityBe data drivenUse open standards, open data, open source, and open innovationReuseand improveAddress privacy and securityBe collaborative.
Development Privacy & SecurityView ResourceData Responsibility Approaches and Models
UNDG. Data Privacy, Ethics, and Protection. 2017.
This document sets out general guidance on data privacy, data protectionand data ethics for the United Nations Development Group (UNDG) concerning theuse of big data, collected in real time by private sector entities as part oftheir business offerings, and shared with UNDG members for the purposes of strengtheningoperational implementation of their programmes to support the achievement of the2030 Agenda.
Development Privacy & Security EthicsView ResourceFocus on Children’s Data & Responsibility (Cross-Sector)
Technical Working Group on Data Collection on Violence against Children. Ethical principles, dilemmas and risks in collecting data on violence againstchildren: A review of available literature. 2012.
This paper provides a review of the emerging ethical issues concerningdata science relating to children. Its review is based upon an Internet and professionalnetwork search, which found 83 documents meeting the project criteria.The authorsreviewed several major ethical frameworks that guide actions applicable to socialresearch involving children. These include:A Duty-Based Framework: This frameworktakes a deontological approach with the underlying view that “right actions arethose that treat people as ends, never as means to an end.” Duty-based principlesare evident in terms of voluntary consent, freedom to retract consent, and avoidanceof unnecessary harm.A Best Outcomes Framework: This approach is consequentialist,arguing that the rightness of an action depends on whether it does the greatestoverall good for the greatest number of people. However, this approach can beless beneficial to the individual child.Rights Framework: This approach aimsto promote and protect children’s rights as articulated in the United NationsConvention on the Rights of the Child, specifically the right for others to considerthe best interests of the child, the right to non-discrimination, and the rightto be heard.Virtue-Based Approach: This approach focuses on “being rather thandoing, on the qualities of moral agency rather than on choices or actions perse.” While it can allow researchers to consider ethical dilemmas, it can be limitedby a lack of universal agreement on virtues.It also identifies common ethicalissues that researchers should consider, including:Privacy and Confidentiality:Researchers should take steps to protect the personal information of those childrenwith which they engage;Child Protection: Researchers ought to have a contingencyplan for providing support or referral for children who are at risk of harm;Disseminationof Findings: Researchers should guarantee their work is communicated to thosewho can effectively promote positive action and take care to ensure their findingsdo not place children at risk;Training of Researchers: Researchers should ensurethey have the skills to appropriately collect information, particularly if collectioninvolves interviews and the possibility of re-traumatization; Welfare of Researchers:Researchers should guarantee they themselves are protected from harm;Local Context:The researchers should understand the environment in which they operate;CommunityConsultation: To demonstrate transparency, consent should be sought from the largercommunity whose children are being engaged.
Humanitarian Human Rights EthicsView ResourceData Responsibility Approaches and Models
IOM. “IOM Data Protection Manual.” 2009.
IOM’s data protection statement is: “IOM shall take all reasonableand necessary precautions to preserve the confidentiality of personal data andthe anonymity of data subjects. All personal data shall be collected, used, transferredand stored securely in accordance with the IOM data protection principles.” IOMhas 12 data protection principles that the manual details in subsequent chapters,including: lawful and fair collection, specified and legitimate purpose, dataquality, consent, transfer to third parties, confidentiality, access and transparency,data security, retention of personal data, application of the principles, ownershipof personal data, oversight, compliance and internal remedies, (and exceptions).The next section of the manual reviews the data protection guidelines, includinghow to use the guidelines, what kind of terminology is used, and asks criticalquestions related to personal data protection. The manual ends with sets oftemplates and checklists to be used as a guide and ensure application of the IOMdata protection principles and guidelines.
Humanitarian Privacy & SecurityView ResourceNon-Governmental Organizations and Academia
Center for Global Development. 2017. “Identification Revolution: CanDigital ID Be Harnessed for Development?”
Recent advances in the scope and sophistication of identificationsystems could have far-reaching consequences for development. ID systems can advancethe Sustainable Development Goals by helping to realize individual rights, buildstate capacity, improve accountability, and expand opportunity. ID systems canalso exclude vulnerable groups, support institutionalized discrimination, andfacilitate the exploitation of personal data. Principles that speak to inclusion,robust and responsive design, and accountable governance of ID systems, and good-practiceexamples from countries at the forefront of ID management should be consideredby all stakeholders as ID programs move forward. Infants and very young childrenrepresent a frontier for identity management systems. Biometric enrollment isextending to children as young as 5 and potentially even younger, increasing theimportance of integrating, or at least closely coordinating, civil registrationand identification.Risks of ID programs include exclusion, misuse, and wastefulinvestments.
Humanitarian DevelopmentView ResourceNon-Governmental Organizations and Academia
Center for Global Development. “Identification for Development: TheBiometrics Revolution.” 2013.
Individuals’ lack of official identity documents represents a widespreadproblem in the developing world and is a major hurdle for citizens to receivevarious kinds of services, such as education, employment, healthcare, and votingrights. This paper studies 160 cases where biometric identification has beenused for economic, political, and social purposes in developing countries. Somecases suggest large returns to its use, with potential gains in inclusion, efficiency,and governance. In others, costly technology has been ineffective or, combinedwith the formalization of identity, has increased the risk of exclusion. Itconcludes that identification should be considered as a component of developmentpolicy, rather than being seen as just a cost on a program-by-program basis. Withinsuch a strategic framework, countries and donors can work to close the identificationgap, and in the process improve both inclusion and the efficiency of many programs.
DevelopmentView ResourceNon-Governmental Organizations and Academia
Oxfam. Responsible Data at Oxfam: translating policy into practice.2017.
This report from The Engine Room evaluates the data responsibilitypractice at Oxfam. The report aims to help Oxfam understand two questions: 1)how is the concept of responsible data perceived within Oxfam?; 2) how is Oxfam’sResponsible Data Policy being implemented in practice, and what are the barriersto its further implementation?The authors interviewed key staff and reviewedresponsible data-related materials created by Oxfam. The research indicated thatstaff find the policy relevant and important. Further, it identifies several areasfor improvement that could increase uptake of the policy and further develop relatedresources to allow programme staff to apply responsible data principles more closelyin practice. Recommendations include new training mechanisms for senior management,prioritization of user-centred design, and creating an operational checklist toguide responsible implementation.
Development Privacy & SecurityView ResourceNon-Governmental Organizations and Academia
Security Dialogue. “Experimentation in Humanitarian Locations: UNHCRand Biometric Registration of Afghan Refugees.” 2015.
Jacobsen studies the biometric registration of Afghan refugees andfinds that this methodology comes with various risks for the refugee population.
HumanitarianView ResourceDonor Organizations
World Bank Group. “Identification in the Context of Forced Displacement.”2016.
In this paper, Bronwen describes the consequences of not having an identity in a situation of forced displacement. It prevents displaced populations from receiving various services and creates higher risks of exploitation. It also lowers the effectiveness of humanitarian actions, as the delivery of services can suffer when displaced populations do not have trusted identities.The lack of identity can be both the consequence and the cause of forced displacement. People who have no identity can be considered illegal and risk being deported. At the same time, conflicts that lead to displacement can also result in loss of ID during travel.This paper identifies the different stakeholders and their interest in the case of identity and forced displacement and finds that the biggest challenge for providing identity to refugees is the politics of identification and nationality.The World Bank concludes that in order to address this challenge, there needs to be a more solid coordination among governments, international organizations, and the private sector to come up with an alternative of providing identification and services to the displaced persons. In addition, it is also essential to ensure that national identification becomes a universal practice for states.
HumanitarianView ResourceNon-Governmental Organizations and Academia
Centre for Innovation, Leiden University, and GovLab. Mapping and ComparingResponsible Data Approaches. 2016.
Berens and Verhulst examine existing institutional data responsibilityapproaches in order to extract best practices in governing data for humanitarianneeds. The paper compares 17 data responsibility approaches from internationalorganizations of various sizes and missions.The authors find that there is acritical need for leadership to set data responsibility principles and to leadinter-agency coordination, and shares the following takeaways:In drafting adata responsibility policy, it is important to create clear, specific rules, whileat the same time providing room for improvisation in the face of dynamic socialneeds.Further, it emphasizes the need to assign clear roles and responsibilitiesto certain entities.Innovation is also regarded as a key element in creatinga relevant data responsibility framework.In addition, a good data responsibilitypolicy should have a clear and straightforward language.And finally, as thisfield is recent and developing, it is important to gather evidence on what works.
Humanitarian Privacy & SecurityView ResourceNon-Governmental Organizations and Academia
WEF. Principles on Public-Private Cooperation in Humanitarian Payments.2017.
The use of cash-based assistance in humanitarian emergencies has increasedas a result of its efficiency and effectiveness in delivering beneficiary-centeredassistance.Drawing on this result, six principles are created as a set of guidelinesfor public-private partnership in delivering and bettering humanitarian assistance:Buildstrategic partnerships pre-crisis to prepare for response; Design the transfermechanism;Collect data that is relevant, proportional and standardized/shareable;Protect,empower and serve the customer;Encourage coordinated approaches; andBuildinstitutional capacity for partnerships.
Humanitarian EthicsView ResourceFocus on Children’s Data & Responsibility (Cross-Sector)
UNICEF. Data for Children Strategic Framework. 2017.
UNICEF “believe(s) that smart demand, supply and use of data drivesbetter results for children.” The UN agency strives to understand both what itmeans to realize the full potential of data for children, as well as its own rolein that process. This strategic framework is a starting point for much more workto follow. This framework, which is intended to focus on making a more cohesivepicture of UNICEF’s disparate data investments, is widely applicable and was collaborativelydeveloped through phases involving research and interviews, consultations, andmanagement review. The framework outlines five basic principles of UNICEF’sdata work: 1) data demand, supply and use are equally important, 2) data investmentsmust support government data systems not supplant them, 3) effective data systemsmust function both within and across sectors, 4) different data are appropriatefor different uses and contexts, and 5) data for children is a team sport andworking with partners is essential to create value.
Humanitarian Development Human RightsView ResourceFocus on Children’s Data & Responsibility (Cross-Sector)
World Vision International. World Vision International Child ProtectionStandards. 2012.
The World Vision International Child Protection Standards delineate policies, definitions, protocols, and principles surrounding child protection which aim to prevent and respond to “exploitation, neglect, abuse, and other forms of violence affecting children.”These standards do not have express provisions on child data protection, but it provides a basis for it under its “Communications, Social Media, and Technology” "section", which stipulates that all forms of communication must treat and portray children with dignity and staff must provide informed consent to children whose image, voice, or story are gathered by World Vision staff.To prevent harm in communications, World Vision employs standards, such as:All materials published digitally will not include identifiable information such as names, sponsorship ID numbers, personal location/address.Personal child information that is stored or sent electronically is password protected.
Development Human RightsView ResourceData Responsibility Approaches and Models
UN Global Pulse, UNHCR Innovation Service. Social Media and ForcedDisplacement: Big Data Analytics & Machine Learning. 2017.
This white paper summarizes the initial findings and lessons learnedfrom a project conducted by UNHCR’s Innovation Service and UN Global Pulse toinform on the viability and value of social media analytics to complement understandingsof the Europe Refugee Emergency.The paper outlines the process, questions andmethodology used to develop the project and presents preliminary observationson how aspects of the Europe Refugee Emergency are related on Twitter. The paperdescribes ten quantitative social media mini-studies that were developed as partof the project.Social media monitoring can provide significant value to decisionmakers in dynamic contexts where humanitarian access is poor, the informationlandscape fragmented, and social media is widely used. The researchers foundthat there are limitations to analysis based on social media monitoring includingunderrepresentation, query inaccuracies, classification inaccuracies, and difficultiesclassifying users based on language and geolocation. More generally, the researchersdiscovered that working with social media requires a dynamic mindset since theproject had to adapt and iterate rapidly and required more resources and laborthan initially identified. Moving forward, UNHCR sees an opportunity to integratenew data sources into its work to bring more data-driven evidence into decision-makingprocesses and advocacy efforts.
Focus on Children’s Data & Responsibility (Cross-Sector)
UNICEF. Digital Contact Tracing and Surveillance during COVID-19:General and Child-Specific Ethical Issues
This UNICEF working paper “explores the implications for privacy asthe linking of datasets increases the likelihood that children will be identifiableand consequently, the opportunities for (sensitive) data profiling. It also frequentlyinvolves making data available to a broader set of users or data managers.”Thepaper, developed and released in the context of the COVID-19 pandemic, providesa set of key messages and recommendations organized according to the RD4C Principlesof Purpose-Driven, Proportional, Professionally Accountable, People-Centric, Participatory,Protective of Children’s Rights, and Prevention of Harms Across the Data Lifecycle.
Humanitarian Development Privacy & Security Human Rights EthicsView ResourceData Responsibility Approaches and Models
UNICEF. Information Disclosure Policy. 2011.
This webpage establishes UNICEF’s commitment to public transparencyand accountability. The organization promises to make its information accessibleexcept for raw data, information that could endanger safety or security of individualsor UN member states, and other data where an expectation or requirement for confidentialityexists.
Development Privacy & Security EthicsView ResourceNon-Governmental Organizations and Academia
OECD. The OECD Privacy Guidelines. 2013.
The OECD has played an important role in promoting adherence to privacyas a basic personal right, as well as a condition needed for the free flow ofpersonal data across borders. In 2013, the OECD revised its privacy guidelinesfor the first time since 1980 to account for the transformational change of scalethat sophisticated technologies brought to economies, societies, and people’sdaily lives. Among other guidelines, the document features eight “Basic Principlesof National Application:”Collection Limitation PrincipleData Quality PrinciplePurposeSpecification PrincipleUse Limitation PrincipleSecurity Safeguards PrincipleOpennessPrincipleIndividual Participation PrincipleAccountability Principle
Privacy & Security Human RightsView ResourceNon-Governmental Organizations and Academia
Oxfam. Responsible Program Data Policy. 2015.
In this document, Oxfam argues that “using data responsibly is not just an issue of technical security and encryption but also of safeguarding the rights of people to be counted and heard; ensure their dignity, respect and privacy; enable them to make informed decisions; and not be put at risk, when providing data.”This document sets out the policy for the treatment of program data by Oxfam throughout the data lifecycle from planning to collection through to disposal. This data may pose varying degrees of risk to different stakeholders, including but not limited to the people who provide data, those that collect it, and Oxfam; therefore, this policy includes definitions and requirements for managing high-, medium-, and low-risk data.
Development Privacy & Security EthicsView ResourceNon-Governmental Organizations and Academia
Interaction. Protection Working Group: Data Collection in HumanitarianResponse - A Guide for Incorporating Protection. 2003.
InterAction is the largest alliance of U.S.-based international development and humanitarian nongovernmental organizations. With 160 members operating in every developing country, InterAction works to overcome poverty, exclusion, and suffering by advancing social justice and basic dignity for all.This guide was produced by members of InterAction’s Protection Working Group, whose aim is to enhance the capacity of humanitarian actors in the protection of refugees, internally displaced persons and civilians affected by conflict.
Humanitarian Privacy & SecurityView ResourceData Responsibility Approaches and Models
UNOCHA. Humanitarian Data Exchange Terms of Service
The purpose of the Humanitarian Data Exchange (HDX) platform is toenable the sharing of data across the humanitarian community. Humanitarian datais defined as: data about the context in which a humanitarian crisis is occurring(e.g., baseline/development data, damage assessments, geospatial data);dataabout the people affected by the crisis and their needs; and data about theresponse by organisations and people seeking to help those who need assistance.
Humanitarian Privacy & SecurityView ResourceData Responsibility Approaches and Models
UNFPA. Information Disclosure Policy.
This webpage establishes the United Nations Population Fund’s commitmentto making its information available to the public whenever possible. It also outlinesexceptions to this principle, such as information covered by legal privilege,internal office documents, and information that could cause harm to individuals.
Development Privacy & Security EthicsView ResourceFocus on Children’s Data & Responsibility (Cross-Sector)
Conflict and Health. Ethical considerations for children’s participationin data collection activities during humanitarian emergencies: A Delphi review.2017.
The authors of this paper recognize the need for child data collectionin emergency settings and acknowledges that such activities may expose childrento risks.The objective of the study is to identify expert consensus on whetheror not children should participate in data collection activities in humanitarianemergency situations.The study utilizes a three-round Delphi technique and theresults are:- “respondents strongly supported children’s right to participatein data collection in humanitarian settings, while also recognizing that protectingchildren from harm may ‘override’ the participation principle in some contexts.-“Respondents identified capacity and contextual considerations as important factorsinfluencing participation decisions, though they sometimes disagreed about howthese factors should determine participation.- Respondents also considered therole of individual child factors and the presence of caregivers in selecting childparticipants, and proposed best practice approaches for securing children’s safeand meaningful participation” – such as the use of contextual risk analyses todetermine whether children should participate in a given initiative.
Humanitarian EthicsView ResourceData Responsibility Approaches and Models
ILO. Is biometric technology in social protection programmes illegalor arbitrary? An analysis of privacy and data protection.
Social protection programmes process large amounts of data includingsensitive biometric information and this data can be shared with differentpublic and private actors domestically and abroad. Such data exchanges can createbenefits, such as increasing efficiencies, but they can also create risks. Thistext aims to guide social protection practitioners as they answer questions aboutprogramme design and implementation that are often overlooked -- even though dataprotection and privacy laws are fairly widespread in most countries today. Thereport references the OECD Data Protection Principles and argues that the mostrelevant ones for social protection systems are: 1) collection limitation, 2)fair and lawful processing, 3) purpose specification and use limitation, 4) securitysafeguarding, 5) individual participation, and 6) accountability.
DevelopmentView ResourceFocus on Children’s Data & Responsibility (Cross-Sector)
UNICEF. Children and the Data Cycle: Rights and Ethics in a Big DataWorld. 2017.
In this report, the authors outline their rationale for a greaterfocus on child rights and ethics in data science and suggest steps to move forward,focusing on the various actors within the data chain including data generators,collectors, analysts and end-users.It identifies typical players in the ChildData Cycle including Data Providers, Data Collectors, Data Analysts, and DataUsers. It identifies possible approaches to addressing ethical issues relatingto the child data cycle such as:Education Consultation Regulatory frameworksPrivacyby Design Accountability Transparency
Humanitarian Privacy & SecurityView ResourceNon-Governmental Organizations and Academia
ICRC. Handbook on Data Protection in Humanitarian Action. Geneva. 2012.
This Handbook provides further discussion on the resolution on Privacy and International Humanitarian Action, launched by the International Conference of Data Protection and Privacy Commissioners’ in 2015. It seeks to assist humanitarian organizations in following the personal data protection standards in humanitarian setting, by providing a set of recommended minimum standards for the processing of personal data.In protecting individual privacy, the handbook suggests three principles of data processing which are aggregation, pseudonymization, and anonymization of data subjects.The handbook specifies that children “are a particularly vulnerable category of Data Subjects, and the best interests of the child are paramount in all decisions affecting them. While the views and opinions of children should be respected at all times, particular care should be taken to establish whether the child fully understands the risks and benefits involved in a Processing operation and to exercise his/her right to object and to provide valid Consent where applicable. Assessment of the vulnerability of children will depend on the child’s age and maturity.”
Humanitarian Development EthicsView ResourceNon-Governmental Organizations and Academia
Privacy International. The Keys to Data Protection: A Guide for PolicyEngagement on Data Protection. 2018.
The document states that protecting privacy in the digital age isessential to effective and good democratic governance. However, there is stilla lack of legal and institutional frameworks, processes, and infrastructure tosupport the protection of data privacy and rights despite the increasing volumeand use of personal data together with the emergence of technologies enablingnew ways of processing and using it. The document explains data protection,outlines general provisions, definitions, and scope, data protection principles,rights of data subjects, grounds for processing of personal data, and obligationsof data controller and processors. The guide references examples from aroundthe world. There is a strong focus on examples from the European Union data protectionframework, as one of the most recent and comprehensive frameworks, as well asregional and international guidelines and treaties. This guide is for CSOs aroundthe world and can be adapted to suit different national frameworks and local contexts.Dataprotection principles are: Fair, lawful, and transparent MinimizationAccuracyStorage limitation Integrity and confidentiality Accountability principleRightsof data subjects are: Right to informationRight to accessRights to rectify,block, and erasureRight to objectRight to data portabilityRights to profilingand automated decision makingRight to an effective remedy Right to compensationand liability Grounds for processing of personal data are: ConsentPublicinterestLegitimate interestProcessing of personal data for scientific, historical,or statistical purposes
Privacy & SecurityView ResourceNon-Governmental Organizations and Academia
ICRC. Rules on Personal Data Protection. Geneva. 2017.
These rules are intended to ensure that the ICRC can carry out its mandate under international humanitarian law (IHL) and the Statutes of the International Red Cross and Red Crescent Movement (Statutes of the Movement) while abiding by internationally recognized standards for protecting Personal Data.It consists of twenty-seven basic principles of data responsibility, including, legitimate and fair processing, transparent processing, retention, destruction and archiving of data that are no longer needed, assertion of data protection rights by individual, and limitations of data transfers.
Humanitarian Privacy & SecurityView ResourceNon-Governmental Organizations and Academia
LIRNEasia. Draft Guidelines for Third-Party Use of Big Data Generatedby Mobile Network Operators. 2014.
Telecommunications - LIRNEasia, a think tank working to promote the use of knowledge, information, and technology in the Asia Pacific region, drafted a set of guidelines intended for third parties seeking to use data generated by Mobile Network Operators (MNOs).The set of guidelines seek to minimize the risks of data utilization by third parties by creating standard procedures of data sharing for social good. The potential risks delineated in the document include unauthorized surveillance, identification of individuals and groups, use of data beyond initial purpose without agreement, among others.Consequently, LIRNEasia outlines the mechanism that can mitigate the identified risks. For example, to address de-anonymization, LIRNEasia proposes that a working group be formed to monitor the knowledge and techniques used in anonymization and de-anonymization.
Privacy & SecurityView ResourceNon-Governmental Organizations and Academia
The Engine Room. Shooting our drive into space and other ways to practiseresponsible development data. 2014.
This text focuses on the concept of responsible data as it relatesto the field of international development. While the report contextualizes severalmethods and practices developed in academia, human rights and advocacy, etc.,it is specifically targeted at people engaged in international development work.The authors review the opportunities and risks introduced through the use ofdata for development, challenges many common data misconceptions, and outlineshow to handle data in a responsibly in a development context. The text also considerslegal implications of this work, notions of consent, privacy, and human-centricdata practice, how to verify the integrity of data, as well as understanding howand when to share data responsibly. The authors also provide several explanatorycase studies and ends with a section on further resources for responsible datapractice in international development. The Engine Room (2016) The Hand-Bookof the Modern Development Specialist: this interactive website is an updated versionof this text: http://responsibledata.io/resources/handbook/
DevelopmentView ResourceNon-Governmental Organizations and Academia
Oxfam. Responsible Data Management (RDM) Training Pack. 2017.
This training pack is intended for humanitarian organizations. Itwas developed to help introduce the principles of responsible data management,the planning processes that can be used, and to examine how to handle unexpectedissues that arise in different contexts.
Development Privacy & Security EthicsView ResourceFocus on Children’s Data & Responsibility (Cross-Sector)
Responsible group data for children
This UNICEF issue brief, part of the Children’s Data Governance series,aims to support understanding of how and why group data is collected and whatcan be done to protect children s rights. While the data protection fieldlargely focuses on individual data harms, it is a focus that obfuscates and exacerbatesthe risks of data that could put groups of people at risk, such as the residentsof a particular village, rather than individuals.Though not well-representedin the current responsible data literature and policy domains writ large, thechallenges group data poses are immense. Moreover, the unique and amplified groupdata risks facing children are even less scrutinized and understood.To achieveResponsible Data for Children (RD4C) and ensure effective and legitimate governanceof children’s data, government policymakers, data practitioners, and institutionaldecision makers need to ensure children’s group data are a core considerationin all relevant policies, procedures, and practices.
Humanitarian Development Privacy & Security Human Rights EthicsView ResourceFocus on Children’s Data & Responsibility (Cross-Sector)
UNICEF, UNHCR, and ICRC. Information and Communication Technologyfor Child Protection Case Management in Emergencies: A Framework for Design, Implementation,and Evaluation. Prepared by the mHELP/HealthEnabled Research Team for UNICEF,UNHCR, and ICRC.
Institutions like ICRC, UNICEF, and UNHCR are moving away from paper-basedsystems and starting to use digital solutions for child protection case managementin emergencies (CPCME). In order to assess the impact of ICT on CPCME, this documentdetails a three-phase research project: 1) desk research, 2) field research, and3) analysis and synthesis.The main findings of this project (conducted in bothKenya and Sudan) include:Limited evidence in literature on reducing vulnerabilityand improving child protection in relation to this subject; Investments inICT for CPCME have targeted data management solutions and improving administrativeprocesses;The systems of focus looked mostly at family tracing and reunification,and especially registration;Data sharing enhances coordination and collaborationacross agencies;Data was used for action, only on an ad-hoc basis; andSeriousbarriers remain (lack of interoperability, confidentiality concerns, staff turn-over,etc.) but the possible successes appear promising (more collaboration across agencies,use ICT to engage children, re-imagine work flows that need updating, etc.)
Humanitarian Privacy & SecurityView ResourcePrivate Sector Organizations
GSMA. Guidelines on the protection of privacy in the use of mobilephone data for responding to the Ebola outbreak. 2014.
GSMA is an association of mobile operators worldwide, comprising nearly 800 operators and over 300 companies in the mobile ecosystem, such as handset and device makers, internet companies, and many others.This document, released in the midst of the 2014 Ebola crisis in East Africa, outlines the privacy standards that mobile operators should apply when subscriber’s mobile phone data was used as part of the responses to the outbreak. The standards are:The mobile phone numbers of subscribers making and receiving calls or text messages will be anonymised by mobile operators.Anonymised CDR data will not be transferred outside of the operator’s system/premises.All analysis will take place on mobile operator’s systems, in their premises and under operator supervision.No analysis will be undertaken that singles out identifiable individuals.Only the output of the analysis (i.e. the resulting non-sensitive data on population mobility estimates, aggregate statistics, indicators, etc.) will be made available to relevant and approved aid agencies, government or research agencies that can use these inputs in their modelling and planning efforts.
Humanitarian Privacy & SecurityView ResourceData Responsibility Approaches and Models
UNHCR. Privacy Impact Assessment of UNHCR Cash Based Interventions.2015.
Cash transfers can address a critical need for people in emergency situations and have increasingly been used by humanitarian organizations because of their time efficiency and cost effectiveness. However, in this document UNHCR acknowledges that the way in which the organizations determine eligibility for cash assistance involves data “aggregation, profiling, and social sorting techniques”, which raises privacy issues.UNHCR conducts a Privacy Impact Assessment (PIA) to identify the privacy risks posed by their program and to enhance safeguards that can mitigate those risks.One of the key findings found in this assessment is related to legitimizing purpose of data collection, where the challenge lies in ensuring that individuals’ data will not be used for purpose other than initially specified.
Humanitarian Development Privacy & SecurityView ResourceNon-Governmental Organizations and Academia
Center for Global Development. “Birth Registration, Legal Identity,and the Post-2015 Agenda. 2014.
This paper attempts to clarify the extent to which universal legal identity through birth identification can serve as a development goal. The authors argue the discussion often conflates legal identify and birth identity, two distinct topics, and offers language that could be used to measure each.The authors continue by arguing that, by 2030, all countries should attempt to halve the rate at which births for children under 5 are unregistered as well as reduce the average age of birth registration. As a second metric, they call for all individuals by 2030 to have a well-defined legal identity by the time they reach adulthood.
DevelopmentView ResourceNon-Governmental Organizations and Academia
ICRC. Professional Standards for Protection Work. Geneva. 2013.
These standards from the Red Cross constitute what are considered by the community of practitioners as minimum requirements for all humanitarian and human rights actors planning or carrying out protection activities in armed conflict and other situations of violence. These standards define the minimum baseline that all humanitarian and human rights actors doing protection work should maintain.One chapter of the document is focused specifically on “Managing Data and Information for Protection Outcomes.” The guidelines outlined in that section are organized within the following areas:General Standards for the Management of Data and Information:Competencies and capacitiesInclusive people-centred approachClearly defined, specific purposeCooperation and exchangeAvoiding bias and discriminationSpecific Standards for the Management of Personal Data and Sensitive Protection Data and Information:Compliance with relevant legal frameworksLegitimate and fair processingData minimizationData qualityData retentionData securityConfidentialitySharing, transferring and publishingAccountabilityAssessing the Risks
Humanitarian DevelopmentView ResourceNon-Governmental Organizations and Academia
World Vision International. Open Information Policy. 2010.
In its Open Information Policy, World Vision emphasize its commitment to being a transparent and accountable organization by sharing their annual reports and other documents pertaining to various accountability and compliance reporting.At the same time, it also recognizes the importance of protecting sensitive data that includes information that is private, confidential, relating to safety and security, legal advice, and internal communications, processes, and administrative details.
Humanitarian Privacy & SecurityView ResourceNon-Governmental Organizations and Academia
Responsible Data. Responsible Development Data Book. 2014.
This book explores what responsible data means in the context of internationaldevelopment programming by building on resources and strategies developed in academia,human rights, and advocacy. The focus is on international development practitioners.The book is divided into thematic, independently readable sections. The sixmain sections cover the spectrum of considerations, practical methods, and responsibledata challenges in different phases of a project. The phases of a project as definedhere are: Designing a project Managing dataGetting data Understandingdata Sharing dataClosing a project The book dives into relevant case studiesand provides resources relevant to each section.
Development Privacy & Security EthicsView ResourceData Responsibility Approaches and Models
UNOCHA. Humanitarian Principles. 1991, 2004.
All OCHA activities are guided by four humanitarian principles: humanity,neutrality, impartiality and independence. “Humanity: Human suffering must beaddressed wherever it is found. The purpose of humanitarian action is to protectlife and health and ensure respect for human beings.Neutrality: Humanitarianactors must not take sides in hostilities or engage in controversies of a political,racial, religious or ideological nature.Impartiality: Humanitarian action mustbe carried out on the basis of need alone, giving priority to the most urgentcases of distress and making no distinctions on the basis of nationality, race,gender, religious belief, class or political opinions.Independence: Humanitarianaction must be autonomous from the political, economic, military or other objectivesthat any actor may hold with regard to areas where humanitarian action is beingimplemented.”These principles are intended to provide the foundations for humanitarianaction. They are central to establishing and maintaining access to affected people,whether in a natural disaster or a complex emergency, such as armed conflict.Promoting and ensuring compliance with the principles are essential elements ofeffective humanitarian coordination. The humanitarian principles are derivedfrom the core principles, which have long guided the work of the InternationalCommittee of the Red Cross and the national Red Cross/Red Crescent Societies.
Humanitarian Privacy & Security EthicsView ResourceFocus on Children’s Data & Responsibility (Cross-Sector)
Terres des hommes and CartONG. Data Protection Starter Kit. 2017.
This starter kit offers first-level support on data protection forfield staff who work with data from Tdh-supported groups and communities. Thestarter kit comes in the form of two components (with a third tool for encryptionof mobile data collection to be added): Introduction pack: provides an overviewdocument about data protection, as well as a self-assessment tool to increaseawareness about protections, risks, and how to mitigate any harmful issues relatedto data. Tutorials pack: recommends several lessons / trainings about responsiblyhandling data, which include (but aren’t limited to): how to choose, store andorganize passwords, how to encrypt files that contain sensitive data, how to protectmobile devices, etc.
Privacy & SecurityView ResourceNon-Governmental Organizations and Academia
Netherlands Red Cross. 510 Data Responsibility Policy
The 510 Data Responsibility Policy was drafted by the Data ResponsibilityProject Team at 510 in the Netherlands and seeks to “incorporate principles forthe responsible use of data in our daily work in a concise and workable manner.”The policy provides seven key principles for humanitarian actors seeking toleverage and handle potentially sensitive information in a responsible manner:Purpose specificationRespect for the rights of the data subjectDo no harmNecessityand proportionalityLegitimate, lawful and fair useData securityData quality
Humanitarian Privacy & SecurityView ResourceFocus on Children’s Data & Responsibility (Cross-Sector)
UNICEF. A Global Agenda for Children’s Rights in the Digital Age. 2014.
Policy frameworks and guidelines are currently being developed atthe national and internationally level, largely in the Global North, and thisreport asks whether or not sufficient research exists to support evidence-basedpolicy about children’s online privacy. Four areas have been found to be lacking: Little knowledge about how to support children’s online opportunitiesChildren’svulnerabilities aren’t widely understood, which prevents protective strategiesfrom being implementedGlobal North solutions aren’t necessarily applicable inthe Global South Lack of comparable baseline data, policy and programme evaluationsexist in order to create and share best practices The authors argue that UNICEFneeds to develop an agenda for Children’s Rights in the Digital Age, referencingthe UNCRC guiding principles for a framework that includes provision, protectionand participation rights for children both on and offline. This agenda can potentiallyinclude internal policy and programme guidance and a comprehensive research strategy.
Privacy & Security Human RightsView ResourceNon-Governmental Organizations and Academia
UKAN. The Anonymisation Decision-Making Framework. 2016.
This book provides a practical guide for understanding and implementinganonymisation techniques to help advance business and organizational goals. Thethree central features of the text are anonymization, risk and sensitivity. Thebook’s Anonymisation Decision-Making Framework (ADF) consists of ten components:1) describe your data situation, 2) understand your legal responsibilities, 3)know your data, 4) understand the use case, 5) meet your ethical obligations,6) identify the processes you will need to assess disclosure risk, 7) identifythe disclosure control processes that are relevant to your data situation, 8)identify stakeholders and plan how you will communicate, 9) plan what happensnext once you shared or released the data, 10) plan what you will do if thingsgo wrong. These ten needs make up three key anonymization activities: Datasituation audit;Risk analysis and control; andManagement control.
Privacy & Security EthicsView ResourceData Responsibility Approaches and Models
UNHCR. Policy on the Protection of Personal Data of Persons of Concernto UNHCR. 2015.
This policy outlines the rules and principles regarding processing of personal data of persons of concern to UNHCR with the purpose of ensuring that the practice is consistent with UNGA’s regulation of computerized personal data files that was established to protect individuals’ data and privacy.UNHCR requires its personnel to apply the following principles when processing personal data: (i) Legitimate and fair processing (ii) Purpose specification (iii) Necessity and proportionality (iv) Accuracy (v) Respect for the rights of the data subject (vi) Confidentiality (vii) Security (viii) Accountability and supervision.
Humanitarian Privacy & SecurityView ResourceNon-Governmental Organizations and Academia
ICRC and Red Crescent Movement Family Links Network. Code of Conducton Data Protection. 2015.
The Code of Conduct (CoC) was accepted by a working group made ofseveral members of various national Red Cross representatives. The CoC is understoodas critical because 1) there are many actors of the International Red Cross andRed Crescent Movement working within the Restoring Family Links Network (RFL),which seeks to reunite disconnected families, and there is a need to effectivelyand safely transfer data between those actors; and 2) there is a changing regulatoryenvironment in Europe and across the globe with different data protection lawsand standards. The CoC offers the minimum principles, commitments and proceduresin order to comply with some of the strictest data protection regulations fordata controllers who work on RFL activities. A CoC application group will supportthe implementation at a global level of the CoC through acceleration of learningand development.
Humanitarian Privacy & SecurityView ResourceDonor Organizations
USAID. ADS Chapter 508: Privacy Program. 2014.
This ADS chapter provides the organization, functions, policies, andprocedures of the USAID Privacy Program. Safeguarding personally identifiableinformation (PII) in the possession of USAID and preventing its misuse are essentialto ensure that USAID retains the trust of the American public. The Privacy Programsupports USAID missions and business functions by assisting the Agency in balancingits need to maintain information about individuals, with the rights of individualsto be protected against unwarranted invasions of their privacy resulting fromthe collection, maintenance, use, and dissemination of their personal information.USAID must protect PII against anticipated threats or hazards that could resultin substantial harm, embarrassment, inconvenience, or unfairness either to anindividual or to USAID. To accomplish that requirement, USAID must incorporateprivacy analyses into each stage of the information life cycle.
Humanitarian Development Privacy & SecurityView ResourceFocus on Children’s Data & Responsibility (Cross-Sector)
UNICEF. Child Protection Working Group (CPWG). Minimum standards forchild protection in humanitarian action. 2012.
These minimum standards provide a starting point from which humanitarian workers can seek more information on child protection in humanitarian action.On the matter of privacy, the document states that “when dealing with sensitive issues, guarantee confidentiality and informed consent for children, and ensure that interventions are carefully planned to respect privacy.”Further, the piece outlines a number of responses necessary to address child protection through information management, which includes training data collectors on how to engage with children and maintain their confidentiality, providing informed consent, protecting personal information of a child, and securing storage of child data both manually and digitally, among others.
Humanitarian Human RightsView ResourceData Responsibility Approaches and Models
ICDPPC. Resolution on Privacy and International Humanitarian Action.2015.
This resolution commits the International Conference to inspect privacyand data protection requirements for humanitarian action, and to: Help developguidance for international humanitarian actors that considers their specific actionsand needs;Create a Working Group on Privacy and Humanitarian Action for dataprotection networks to contribute to; andThe resolution also includes an explanatorynote explaining the data needs in humanitarian settings and UN actions to clarifyroles, responsibilities, and standards.
Humanitarian Privacy & SecurityView ResourceFocus on Children’s Data & Responsibility (Cross-Sector)
UNICEF. Ethical Considerations when Using Geospatial Technologiesfor Evidence Generation. 2018.
This paper provides an overview of some of the benefits of using geospatial technologies and resulting data for development and humanitarian based organizations, reflect on potential risks inherent in the use of these technologies, the data collected, and the analysis applied, and explores ethical considerations that need to be reflected on in the implementation of programs involving geospatial technologies to ensure ethical evidence generation.The paper also includes a Checklist for Ethical Use of Geospatial Technologies for Evidence Generation which provides questions that need to be considered to ensure the benefits of these technologies are realized while also ensuring that children and communities are protected:Identifying the benefits of using geospatial technologies for evidence generation;Ensuring privacy and security;Understanding the data risks and limitations;Assessing other potential harms;Engaging communities;Assessing risks and mitigation strategies for geospatial data capture from unmanned aerial vehicles
Humanitarian Development Privacy & SecurityView ResourceNon-Governmental Organizations and Academia
Harvard Humanitarian Initiative. The Signal Code. 2016.
The purpose of The Signal Code is to identify, define, articulate,and translate existing international human rights standards into the context ofhumanitarian information activities (HIAs) and the use of information, data, andICTs in humanitarian contexts.Further, it seeks to enable the creation of obligationsand minimum ethical and technical standards for HIAs, grounded in an acceptedfoundation of human rights standards and international law. It delineates fivehuman rights that are tied to information and HIAs, which are:the right to information;theright to protection;the right to privacy and security;the right to data agency;andthe right to rectification and redress.
Humanitarian Privacy & Security EthicsView ResourceNon-Governmental Organizations and Academia
Privacy International. Aiding Surveillance. 2013.
Hosein and Nyst argue that the adoption of new technologies in humanitarian response is posing serious threats to human rights, particularly the right to privacy.The study delineates the promise, potential, and problems of management information systems and electronic transfers, digital identity registrations and biometrics, mobile phones and data, border surveillance and security.The authors urge humanitarian actors to consider incorporating technology due to the risks and further posit that the “benefits of development and humanitarian assistance can be delivered without surveillance.”
Humanitarian Development Privacy & SecurityView ResourceData Responsibility Approaches and Models
UN PPG Members. Principles on Personal Data Protection and Privacy.United Nations System: Chief Executives Board of Coordination.
The UN PPG is an inter-agency group convened in September 2016 thatis co-chaired by UN Global Pulse and the UN Office of Information and CommunicationsTechnology (OICT).The Principles on Personal Data Protection and Privacy isa framework for processing personal data by or on behalf of the UN System Organizationswhile performing mandated activities and functions. These principles apply topersonal data, contained in any form, and processed in any manner; they also aimto do the following: harmonize standards for the protection of personal dataacross the UN System; facilitate the accountable processing of personal data;and ensure respect for the human rights and fundamental freedoms of individuals,in particular the right to privacy.The High Level Committee on Management (HLCM)adopted the principles at its 36th Meeting on October 11, 2018.
Humanitarian Development Privacy & Security EthicsView ResourceNon-Governmental Organizations and Academia
ICRC and Privacy International. The Humanitarian Metadata Problem:“Doing No Harm” in the Digital Era. 2018.
This paper aims to provide people who work in the humanitarian spherewith the knowledge they need to understand the risks involved in the use of certainnew technologies including smartphones, drones, and other connected objects. Thepaper also discusses the “do no harm” principle and how it applies in a digitalenvironment. The paper defines metadata, distinguishes between types of metadata,and identifies uses of metadata such as in messaging apps, cash transfer programs,mobile money, banking, smartcards, and social media. The paper also identifiesrisks, recommendations, and mitigation strategies for each category of metadataThepaper highlights two main elements: Humanitarian organizations relying on anythird parties in their programs, be they telecommunications or other digital serviceproviders, have little control over the use of the data and metadata producedData and metadata generated by humanitarian programs are more often than not accessibleto non-humanitarian third parties with non-humanitarian objectivesThe reportcan be used as a quick reference to figure out some of the immediate risks associatedwith the use of SMS, messaging apps, mobile money, and social media platformsand to make more informed decisions when determining whether to use them as partof humanitarian programs
Humanitarian Privacy & SecurityView ResourceData Responsibility Approaches and Models
European Union. General Data Protection Regulation. 2016.
The intention of the Regulation, in effect as of May 25th, 2018, isto harmonize all data privacy laws of all member states across Europe. GDPRis organized into 99 articles situated within eleven chapters, and deals mainlywith consent, data protection officers, email marketing, encryption, fines/penalties,personal data, privacy by design, privacy impact assessment, processing, recordsof processing activities, right of access, right to be forgotten, right to beinformed, and third countries. The subject matter and overall objectives ofGDPR are threefold: Lays down the rules relating to the protection of peoplein processing personal data and rules involving the free movement of personaldata; Protects fundamental rights and freedoms of natural persons in particularto their right to personal data protection; and Allows free movement of personaldata within the Union shall be neither restricted nor prohibited for reasons relatingto the protection of people with regard to processing personal data. Chaptertwo outlines a number of organizing principles related to data collection anduse: Lawfulness, fairness and transparencyPurpose limitationData minimizationAccuracyStoragelimitationIntegrity and confidentialityAccountability
Privacy & SecurityView ResourceData Responsibility Approaches and Models
UN Global Pulse. UN Global Pulse Privacy and Data Protection Principles.
UN Global Pulse draws from General Assembly resolution 45/95 and other global practices in data protection, and outlines its principles with the goal of protecting the individuals, whose data are used by for the organization’s research.The data privacy and data protection principles are:Purpose of useRight to usePurpose compatibilityIndividual privacyData securityRisk and harm assessment and mitigationData sensitivityData minimizationData retentionData quality and accountabilityOur collaborators – “We require that our collaborators are acting in compliance with relevant law, data privacy and data protection standards and the United Nations global mandate.”
Humanitarian Development Human RightsView ResourceFocus on Children’s Data & Responsibility (Cross-Sector)
UNICEF. Ethical Considerations When Using Social Media for EvidenceGeneration. 2018.
Although there are several potential benefits of using social mediato engage children in the pursuit of evidence generation, there are also manyrisks that raise ethical concerns. In section one of two, benefits are separatedinto children’s use of social media platforms and adults’ use of social mediain organizational platforms for evidence generation. Risks for both areas includeage-based concerns, privacy, confidentiality and security, risk aversion causinglost opportunities, and risks concerning data quality and use of data. Determiningthe value of the data and obligations to those providing the data, as well asensuring the confidentiality of data and protecting participants, are the twocentral ethical considerations to be met before obtaining evidence generationusing social media. In the second and last "section", the benefits, risks andethical considerations about collected third party data by social media servicesare reviewed. Benefits include situational awareness and real-time monitoring,crowdsourcing, etc., risks include many that are listed above, and ethical notionsinclude value and timeliness of data, national and organizational privacy frameworks,consent and transparency, among others.
Privacy & Security EthicsView ResourceFocus on Children’s Data & Responsibility (Cross-Sector)
UNICEF. Discussion Paper Series: Children’s Rights and Business ina Digital World. Privacy, Protection of Personal Information and Reputation Rights.Managed by Patrick Geary and Amaya Gorostiaga of the UNICEF Child Rights & BusinessUnit.
This report reviews children’s rights to privacy, exploring the threats to it, the role of the information and communications technology sector in mitigating that threat, and potential policies to ensure that mitigation takes place. These measures include:Developing guidelines for business entities to shape corporate behavior;Conducting privacy impact assessments to ensure both the public and private sector consider how operations might impact child privacy; andReviewing measures to protect children from attempts to interfere with their privacy, such as regulating how companies collect and retain personal information.
Privacy & Security Human RightsView ResourceNon-Governmental Organizations and Academia
Medecins Sans Frontieres. MSF Data Sharing Policy. 2013.
This policy guides the data-sharing practices of Medecins Sans Frontieres (MSF), which generates and holds data on, for example, health information systems, patient records, surveillance activities, quality control activities, surveys, research, and research participants’ human biological material, among others.The policy governs organizations’ eligibility of access, how to request access to data, how to process and handle the shared data, the conditions of data access, and more.
Humanitarian Privacy & SecurityView ResourceFocus on Children’s Data & Responsibility (Cross-Sector)
Global Kids Online. Ethical Considerations for Research with Children.2016.
The paper provides (1) an overview of potential ethical issues thatneed to be considered when undertaking the GKO research program, (2) a step-by-stepguide, illustrated by relevant case studies, to questions and approaches to considerbefore or when ethical dilemmas arise throughout the research process, (3) usefulreferences to support ethical practice in GKO, (4) a protection protocol templateto assist reflection on and documentation of actions that can be taken to ensurethat children and communities are protected throughout the research process, andfinally (5) templates and guidance on how to handle participant disclosure ofabuse revealed during the research process.
Privacy & Security EthicsView ResourceFocus on Children’s Data & Responsibility (Cross-Sector)
Global Kids Online. Researching Online Child Sexual Exploitation andAbuse: Are there Links between Online and Offline Vulnerabilities? 2016.
This Guide is concerned with the methods used in research into onlinechild exploitation and abuse. It explores methodological issues and how researchershave responded to them. It also considers the central assumption that online sexualabuse and exploitation causes harm. The Guide concludes with identifying goodpractice and providing some easily accessible resources to facilitate the developmentof robust research.
Humanitarian Human RightsView ResourceFocus on Children’s Data & Responsibility (Cross-Sector)
UNESCO and UNICEF. Framework for Monitoring Children and Adolescentswho are Out of School or at Risk of Dropping Out. 2016.
This framework is premised on the believe that data related to school enrollment and attendance can help mitigate the risks of school drop outs. As it stands, there are data and policy gaps across development and humanitarian contexts related to out of school children (OOSC).This UNICEF framework is the first volume in a series about education participation and dropout prevention; it is intended to inform decision-makers and field workers working on educational exclusion and dropout with ideas to improve data and provide response interventions. The framework is a step-by-step guide that aids in the following efforts:Reliably identify OOSC and at-risk childrenObtain better data in regards to breadth and qualityUnderstands causes of exclusionDevelop and establish evidence-informed policies and interventions
Privacy & SecurityView ResourceDonor Organizations
USAID. Considerations for Using Data Responsibly at USAID. 2019.
This document includes a framework for USAID staff and local partnersto identify and understand risks associated with development data. The documentprovides a responsible data overview, responsible data considerations and resourcesto address considerations, a data ownership and data sovereignty assessment tool,a key events planning table, a benefit risk assessment tool, a tracking and protectingsensitive information tool, an IT security highlights checklist, and a tool forusing responsible data practices to meet data quality standards.
Humanitarian Development Privacy & SecurityView ResourceFocus on Children’s Data & Responsibility (Cross-Sector)
UNICEF. What We Know about Ethical Research Involving Children in HumanitarianSettings. 2016.
The authors of this paper posit that there is a need for and valuein engaging children for conducting research in humanitarian settings. This paperoutlines responses for seven ethical issues often faced in such situations andincludes case studies that showcase how ethical issues regarding children in humanitariancontext have been identified and addressed. The seven ethical issues outlinedare: Institutional capacity to ethically involve children in researchUnderstandingpower relationsHarms and benefitsInformed consent and capacities of participantsPrivacyand confidentiality (including ICT)Payment, compensation, ancillary servicesand reciprocityCommunication of resultsPrivacy and confidentiality are twoof the seven issues included in the piece. The authors suggest that, privacy andconfidentiality have always been a consideration for researchers, especially inhumanitarian settings. However, when it comes to the privacy and confidentialityof a child, “the imperative is stronger given the volatility, instability, andincreased danger of the circumstances.” Therefore, higher standards and increasedsecurity measures are required in acquiring, storing, and transferring child data.This is based not only on the natural vulnerabilities experienced by children,but also the compounding issues resulting from “the breakdown of systems and structuresnecessary for children’s support and development” in humanitarian settings.
Humanitarian EthicsView ResourceFocus on Children’s Data & Responsibility (Cross-Sector)
TransMonEE. Data on Children: Ethnicity, Nationality and Migration.2017.
The purpose of this meeting was to enhance the capacity of nationalstatistical systems to create high quality data on child wellness data. This pursuitwas strategically in line with the SDGs agenda and also particularly focused onrefugee, migrant and ethnic minority children. Other aims of the meeting included:Updatekey trends in data Review data systems on ethnicityShare good practices tohelp guarantee data quality, ethical standards, stronger cooperation, and useof data on ethnicity and migrationDecide on future directions for improvement
Human Rights EthicsView ResourceNon-Governmental Organizations and Academia
Social Research. The Dark Side of Numbers: The Role of PopulationData Systems in Human Rights Abuses. 2001.
This study discusses the risks facing citizens posed by identity data collection by the state. Population data allows the government to identity certain, or all, groups in a population as threats and possibly deny them services or specifically target them.It specifically discusses how population data can contribute to human rights abuses of forced migration, interment, genocide, and crimes against humanity.Therefore, the authors argue, multiple safeguards must be put in place to ensure that such human rights abuses are be prevented.
Privacy & Security Human RightsView ResourceData Responsibility Approaches and Models
UNOCHA. Data Responsibility Guidelines Working Draft. 2019.
The OCHA Data Responsibility Guidelines offer a set of principles, processes and tools that support the safe, ethical and effective management of data in humanitarian response.The Guidelines are informed by a series of gap analysis studies and research conducted by OCHA including a partnership with the NYU Governance Lab and Leiden University, a survey conducted by the Centre for Humanitarian Data, and field research conducted by the Centre for Humanitarian Data.The Guidelines explain foundations for data responsibility at OCHA including existing guidance and limitations, data responsibility considerations across the data management process, mechanisms for accountability, and services to support implementation of the guidelines.
Humanitarian DevelopmentView ResourceNon-Governmental Organizations and Academia
The Engine Room and Oxfam. Biometrics in the Humanitarian Sector.2018.
Produced by The Engine Room, this report is intended to provide Oxfamwith evidence-based information to make decisions about how to engage with biometricsin its programs. The report is organized into sections that consist of backgroundknowledge, understanding biometrics, especially in the humanitarian context, andpotential benefits and harms. Biometrics is assumed to be qualitatively differentthan other kinds of personal data. In the humanitarian field, biometrics are usedthrough two main systems: foundational systems, which supply general identificationfor official uses and functional systems, which are used for demands for particularservices. In these ways, biometrics can be used for verification through one-to-oneauthentication or identification, via one-to-many authentication.Benefits ofbiometrics include identifying people who need assistance (identifiability andtraceability), reducing fraud and duplication (accuracy and integrity) and simplifyingregistration and identification (simplicity and efficacy). Risks of biometricsinclude false matches (reliability), reusability for unknown reasons, theft, lossor misuse (security), and potential for exclusion (societal impacts).
HumanitarianView ResourceFocus on Childrens Data & Responsibility (Cross-Sector)
Global Protection Cluster, European Commission and USAID. “InteragencyGuidelines for Case Management & Child Protection”. 2014.
This report provides guidance to case workers and program managersworking with children in humanitarian settings. The document provides variousprinciples and guidelines to help individuals “put the child at the centre ofthe intervention, focusing on child-friendly procedures and language.” The documentsets out several key principles relevant for data protection, including:“DoNo Harm: Case workers should ensure their collection, storing, or sharing of informationsupport the child (and their family) do not expose them to further harm. Prioritizethe Best Interests of the Child: In line with Article 3 of the United NationsConvention on the Rights of the Child (UNCRC), the best interests of the childshould be “the basis of all decisions and actions taken” and “for the way in whichservice providers interact with children and their families.” Often there is noideal solution, but a series of more or less acceptable choices.Adhere to EthicalStandards: Workers ought to abide by professional codes of conduct, ethical standardsand practices, and child protection policies in addition to national laws andpolicies that might exist.Seek Informed Consent and/or Informed Assent: Consentought to be sought from children and their caregivers prior to providing services.For informed consent, caseworkers should ensure the children and their familiesunderstand fully the services and options available as well as their risks, usage,confidentiality, and limits. These ideas should be communicated in a child-friendlymanner.Respect Confidentiality: Sensitive information should be shared withas few people as possible on a “need-to-know” basis to protect the child. Serviceproviders should take steps to protect information collected, kept, shared, orstored about the data subject and ensure it is accessible only with their permission.EnsureAccountability: Each of the actors involved in case management are accountableto the child, the family, and the community. They must abide by professional codesof conduct and provide routine opportunities for feedback.”
Human RightsView ResourceNon-Governmental Organizations and Academia
“Refugees and the Biometric Future: The Impact of Biometrics on Refugeesand Asylum Seekers.” Colum. Hum. Rts. L. Rev. 42 (2010): 891. 2010.
In this note published in the Columbia University Human Rights Law Review, Farraj argues that biometrics help refugees and asylum seekers establish their identity, which is very important for ensuring the protection of their rights and service delivery.However, he argues, the use of biometrics also poses several risks, such as privacy violations, misidentification, and misuse, which call for proper measures to regulate the collection, storage, and utilization of the biometric information by government, international organizations, or other parties.
HumanitarianView ResourcePrivate Sector Organizations
GSMA. Refugees and Identity: Considerations for mobile-enabled registrationand aid delivery. 2017.
This paper emphasizes the importance of registration in the context of humanitarian emergencies. For beneficiaries, being registered and having a document that proves this registration is key in acquiring services and assistance.Informed by case studies of activities in Kenya and Iraq, the piece provides three central recommendations: 1) establish more flexible know-your-customer (KYC) processes for mobile money because where refugees are not able to meet existing requirements; 2) encourage interoperability and data sharing to avoid fragmented and duplicative registration management; and 3) build partnership and collaboration among governments, humanitarian organizations, and multinational corporations.
Focus on Children’s Data & Responsibility (Cross-Sector)
Global Kids Online. Survey Sampling and Administration. 2016.
This Methodological Guide provides a framework for the production ofhigh-quality, reliable statistics to measure access to and use of the internetand digital devices by children.
Privacy & SecurityView ResourceFocus on Children’s Data & Responsibility (Cross-Sector)
Global Kids Online. Global Research on Children’s Online Experiences:Addressing Diversities and Inequalities. 2016.
This Method Guide examines the connections between knowledge production,power, inequality and exclusion in the production of international research aboutchildren and new or emerging media.Drawing on feminist and postcolonial debatesabout knowledge, it points to the existing inequalities between research and theoryfrom the global North and the global South. The Guide points to evidence thatpersistent social inequalities and vulnerabilities are transposed to mediatedenvironments, and discusses the challenges of thinking about ‘children online’when children are never an homogeneous group. Finally, it considers the bestways of ensuring that knowledge produced about the media use of children fromdiscriminated and excluded groups across the world represents them fairly, andis useful to children in those groups.
Human Rights EthicsView ResourceData Responsibility Approaches and Models
Global Food Security Cluster / UNOCHA. Field Guide to Data Sharing.2015.
This document posits that interagency data sharing and collaboration could make humanitarian activities more effective. At the same time, it also acknowledges the sensitivity of the collected data and further recommends well-defined and responsible data protection practices.The guide provides a framework for the establishment and regulation of working practices between participating and Partner Organizations, facilitates cross-sectoral data sharing, improves stakeholders’ efficiency and accountability, considers the processes and controls needed for information sharing.The principles are established in the guide:Practical coordination;Technical standards protecting privacy and minimizing risk;Legal issues; andGeneric security.
Humanitarian DevelopmentView ResourceFocus on Children’s Data & Responsibility (Cross-Sector)
Global Kids Online. Conducting Qualitative and Quantitative Researchwith Children of Different Ages. 2016.
This Guide outlines specific issues to consider when carrying outresearch with children in order to obtain the most accurate and meaningful informationabout their lives, attitudes and perspectives. It maps how they evolve withthe age of the child and the implications for the design of research instruments.It also reflects on specific issues that may arise when researching children’slives in the global South and in relation to digital technologies.It providessome examples of good practice in researching children, as well as specific guidanceand a short summary checklist.
Privacy & Security EthicsView ResourceNon-Governmental Organizations and Academia
Journal of Intervention and Statebuilding. “On Humanitarian RefugeeBiometrics and New Forms of Intervention.” 2017.
This article traces the development of UNHCR’s use of biometrics, startinginitially with a few pilot projects (in the early-to-mid-2000s) to the emergenceof a policy in which biometric registration is considered a “strategic decision.”
HumanitarianView ResourceNon-Governmental Organizations and Academia
ICRC. Handbook on Data Protection in Humanitarian Action. Geneva.2017.
The Handbook, updating the 2012 edition above, seeks to raise awarenessand assist humanitarian organizations in ensuring that they comply with personaldata protection standards in carrying out humanitarian activities, by providingspecific guidance on the interpretation of data protection principles in the contextof humanitarian action, particularly when new technologies are employed. PartI of this Handbook applies generally to all types of Personal Data Processing.It contains general information such as basic data protection concepts, data processingprinciples, data retention principles, and data sharing principles.Part II dealswith specific types of technologies and data Processing situations, and containsa more specific discussion of the relevant data protection issues. This part containsprinciples for methods such as drones/UAVS and remote sensing, biometrics, cashtransfer programs, cloud services, and many others.
Humanitarian Privacy & SecurityView ResourceFocus on Children’s Data & Responsibility (Cross-Sector)
UNICEF. Child Privacy in the Age of Web 2.0 and 3.0: Challenges andOpportunities for Policy. 2017.
The author argues that the greater flow of information in the digital environment has enhanced people’s lives everywhere and at the same time exposed the society, both adult and children, to new challenges, such as those related to privacy.The piece aims to “address the challenges posed to child privacy online and the impact that these challenges might have on other rights such as freedom of expression, access to information and public participation.”It analyzes the current and foreseen threats to child privacy online and approaches that have been adopted to tackle this issue. It also examines whether “children’s perspectives and needs are considered in international debates on technology regulation, including in regard to the so-called ‘right to be forgotten’.” Further, it contextualizes the protection of data privacy protection to other fundamental rights, meaning that “the enforcement of the right to privacy serving to protect other rights.”The paper concludes by proposing some policy recommendations on how to better address the protection of children’s online privacy, such as:“Business models pursued by OSPs, and regulatory frameworks applicable to them, should include “transparency in methods of data collection and clear explanations of how the resulting data will be used” (Brown and Pecora, 2014). They should also be adapted to meet children’s information needs and understanding.“Rules on consent for the processing of children’s personal data should consider their age and should take into account developmental differences and special vulnerabilities (OECD, 2012). For instance, parental consent may be required to process the personal data of children below a certain age (e.g. 13 years); above this age threshold, parental intervention may be replaced by specific safeguards that reflect children’s age of capacity (EDPS, 2012; Article 29 Working Party, 2008).”
Privacy & SecurityView ResourceData Responsibility Approaches and Models
WFP, in collaboration with IDRG and Leiden University Centre for Innovation.Conducting Mobile Surveys Responsibly: A Field Book for WFP Staff. May 2017.
The field book outlines the main risks for staff engaged in mobiledata collection and helps promote responsible data collection/storage/sharingin the complex environments in which the WFP operates. WFP and other humanitarianagencies can gather more information than ever before due to mobile technology.However, these new capabilities also involve privacy and security risks for peopleand the communities where mobile surveys are conducted. WFP circulated a corporatepolicy on data privacy and issued this guide for field staff in collaborationwith IDRG in order to activate this policy through practical guidance at the fieldlevel.
Humanitarian Privacy & SecurityView ResourceComparative Review of Domestic Data Responsibility Frameworks
Center for Democracy & Technology. Responsible Data Frameworks: InTheir Own Words. 2018.
This paper reviews 18 frameworks to map the work that academics, civilsociety, and government agencies have done to develop principles for responsibledata use in the nonprofit sector. The paper organizes principles from the 18data use frameworks into six common themes that exist across the frameworks: Respectfor individual rights and autonomy, which includes concepts such as consent andaccess to one’s personal information;Fairness or justice, as in distributionof resources;Beneficence and the necessity of assessing the risks and benefitsof collecting or using data;FIPs-based privacy and data protection principles,including data minimization;Transparency and accountability for informationpractices; andInformation security.
Privacy & SecurityView ResourceDonor Organizations
USAID. Identity in a Digital Age: Infrastructure for Inclusive Development.2017.
This document introduces two conceptual frameworks that distinguishthe different approaches in developing identity (ID) document for development.The first describes the instrumental approach of ID “as a tool with which to accomplishthe goals of a specific development project.” The second describes the infrastructuralapproach, where ID is an important enabler of a modern economy. This paper recommendsthat donors make investments in a more sustainable, interoperable ID systems;prioritize privacy and security of ID data; and establish a future-oriented partnershipwith digital ID experts as to ensure that this innovation provides benefit evento the most underserved communities.
Development Privacy & SecurityView ResourceNon-Governmental Organizations and Academia
Just Peace Labs. Ethical Guidelines for Peace Tech. 2017.
This report details a set of guidelines for peace-tech practitioners who are engaged in conflict or post-conflict markets. The offered guidelines areintended to be practical, and offers questions and topics to consider, and resources for a more focused look at certain issues. The text primarily focuses on ethicaland security considerations related to the use of ICT in recently post-conflict countries in order to demonstrate the magnitude of these challenges, given thehighly sensitive nature of such locations. The guide is organized into twomain parts: the first one outlines ethical, privacy and security challenges andthe second one reviews the ways to put ethical obligations in practice.
Humanitarian Development EthicsView ResourceFocus on Children’s Data & Responsibility (Cross-Sector)
UNICEF. Good Practice Principles on Information Handling and Managementin Child Protection Information Management Systems. 2016.
In addition to creating manual and technology-based Child ProtectionInformation Management Systems (CPIMS), UNICEF has also recognized that adequateguidance for using these tools is also needed. This guidance is provided innine “Good Practice Principles,” which are meant to be interpreted with the “bestinterests of the child” in mind. This guidance does the following: Reflectscurrent priority issues;Applies only to a CPIMS related to specific child protectionproject and only during the lifetime of that CPIMS;Is applicable to UNICEF andthe governments it works with;Is directed toward child protection actors andIT actors; Targets “good practice”; and Requires development of standardsand tools in order to be fully operationalized. The principles are organizedaccording to each aspect of CPIMS design: planning / collection / storage andtransmission / sharing phases; see page 5 for the full list of principles, andpage 4 for the principle relationship diagram.
Development Privacy & SecurityView ResourceComparative Review of Domestic Data Responsibility Frameworks
DLA Piper. Data Protection Laws of the World. 2017.
Data protection legislation is becoming more and more common aroundthe world, and it is important that organizations safeguard personal data andassess their risks and legal responsibilities. The handbook insists that a comprehensivecompliance program can act as a tool to help mitigate these risks. This handbookprovides an overview of the privacy and data protection policies, laws, and regulationsin 77 countries, as well as a primer for businesses regarding the related complexmeasures of compliance.
Privacy & SecurityView ResourceComparative Review of Domestic Data Responsibility Frameworks
Bloomberg Law. Privacy Laws Around the World 2016.
This selection of reports provides a comparative analysis of privacylaws spanning 61 countries across the world. Elements of the analysis include:Comparative charts outlining the key compliance areas, including registrationrequirements, cross-border data transfer limitations, data breach notificationrequirements and data protection officer requirements; Country-by-country overviewof unique characteristics of framework privacy laws; and Study of privacy legislationin international development.
Privacy & SecurityView ResourceNon-Governmental Organizations and Academia
The GovLab. Fair Information Practice Principles 101 (and their relevanceto Humanitarian Data) (Not published)
The Fair Information Practice Principles (FIPPs) are meant to showhow organizations can responsibly handle personally identifiable digital data.The FIPPS are organized according to eight core questions about the followingtopics: 1) openness and transparency, 2) purpose specification and minimization,3) collection limitation, 4) use limitation, 5) individual participation and control,6) data integrity and quality, 7) security safeguards and controls, and 8) accountabilityand oversight. Then, a set of policies and procedures, as well as use of technologyfor privacy protection are offered for each principle.
Humanitarian Privacy & Security EthicsView Resource