Humanitarian aid workers are increasingly challenged in their use of data collection in order to accomplish their development and crisis response objectives. The unending growth of mobile devices, the ubiquity of connectivity in even the most remote corners of the world, and the trend towards ‘digitization’ means that aid agencies are dealing with an increasingly large number of datasets in order to provide effective program delivery to beneficiaries and accountability to donors. Considering the fact that in many cases we are collecting data on inherently vulnerable populations (refugees, disaster victims and so on), we must address the balance between data collection and privacy.
Security Isn’t Privacy
I’ve previously written about cybersecurity in humanitarian response and disaster relief, so what’s new here? Well, for starters – privacy is not the same as information security. Infosec, with its traditional emphasis on confidentiality, integrity and availability, is mostly focused on preventing and responding to unauthorized access to ICT assets and datasets. Privacy, on the other hand, deals with how an organization appropriately collects, protects and uses data specific to individual natural persons.
The two are interrelated (you cannot have good privacy without having good security) but differ in that the domain of privacy is focused around the concept of “personal information,” and since we are dealing with information about and pertaining to other human beings, there are special ethical, legal and policy concerns above and beyond just good information security practices.
Humanitarian actors must always be aware of the special responsibilities they have around privacy and data protection. They are often entrusted with sensitive data from especially vulnerable populations in crisis who may not have sufficient agency to make informed decisions about the use of their personal data. Further, since the collection of this data often happens in the context of conflict, crisis or disaster, the disclosure of this data to unauthorized parties can have catastrophic consequences for beneficiary populations or aid workers themselves … which may include the compromise of their physical safety and security.
A Rights Based Approach
In the business world, concerns around privacy are largely driven from a compliance standpoint. Laws such as HIPAA, FCRA, and others (hey, the EU GDPR is right around the corner, don’t you know!) require organizations collecting personal information to handle and protect it in certain ways. But in many circumstances, privacy laws and regulations may not directly apply to humanitarian work. One of the main reasons for this is that in many parts of the world where humanitarian aid organizations are doing program delivery, privacy laws are either nonexistent or weak. What is needed, rather, is a view of privacy that is grounded in existing humanitarian laws, principles, and doctrine.
The Harvard Humanitarian Initiative’s Signal Code takes a rights based approach towards humanitarian security and privacy, stating that “all people have the right to agency over the collection, use and disclosure of their personally identifying information (PII).” In fact, GovLab conducted a survey in 2016 on 17 different data protection regimes in the humanitarian space. While there’s some difference across the various codes of conduct and sets of recommendations, there are some basic principles that should be followed by all humanitarian actors:
- Privacy by Design – All data collection systems, whether they’re sophisticated, cloud-based systems, or pen-and-paper based systems, should be designed with privacy in mind from the ground-up. The Privacy Engineer’s Manifesto is a good introduction to Privacy by Design principles.
- Informed Consent – To the extent possible, data subjects (such as disaster victims or refugees fleeing conflict, etc.) should be given the opportunity to freely express informed consent about any data collection activities. It should be presented to them in their native language, and avoid the use of jargon or technical terminology. The issue of consent in the humanitarian space requires careful thought, as it could be argued that a person in the midst of humanitarian crisis may not be able to give full consent. The fact that they’re in need of humanitarian aid or protection may itself act as a coercive effect on the data subject. Simply put, many people in crisis, if they’re looking for food, shelter or safety, may very well acquiesce to any requested data collection uncritically.
- Data collection minimization – Humanitarian organizations should minimize the data they collect to only that which is absolutely necessary. Traditionally, many aid organizations have taken the opposite tack, collecting every possible data point about a person regardless of whether there’s a rationale behind that data collection. The underlying assumption is that data is an asset, so of course more data is more better!
- Data Quality – Personal data collected should be relevant to the purpose for which it was collected, kept up-to-date and accurate. Data subjects should have the ability to review, and if necessary, correct inaccurate data.
- Use Limitation – Personal data collected for one purpose should not be repurposed for other uses that the data subject didn’t consent to. If necessary, updated consent should be obtained.
- Security – the personal data collected should be reasonably protected from unauthorized disclosure, modification, or destruction. The data collected should not be used to harm the interests of the data subject.
We’ve seen examples of “irresponsible” data – where PII for vulnerable Syrian refugees was stolen, and more recently the very real potential that PII of Rohingya refugees being used as a way to further oppress and exploit a vulnerable population at risk of genocide. There are others, most of which are poorly documented and only whispered about in the hallways of conferences held in New York or Geneva.
Systems architects of humanitarian ICT systems need to consider the very real downsides of data collection, preferably before any data collection is undertaken. Can data be bucketed, masked, encrypted, or simply not be collected in the first place? The key concept here is “intentionality” – any personal information collected and processed must have a reasonable justification, and not simply captured because it was easy to do so. Any desired collection of personal information should be subject to a Privacy Impact Assessment and any risks surfaced should be addressed.
Privacy Protects the Vulnerable – And Donors Can Help!
I am heartened to hear that more humanitarian aid organizations are focusing on privacy. In many cases, these conversations are being driven by the imminent arrival of the GDPR in Europe, but even in places where GDPR doesn’t apply, the conversations are finally happening. At the recent NetHope Global Summit in Vancouver, BC, privacy was brought to the forefront in ways rarely seen in the humanitarian sector.
It will take sustained advocacy to focus the sector on the very real risks that poor data management practices present to privacy. But the donor community can help. Donors should consider explicitly earmarking a portion of their grants to “risk reduction” activities around privacy and information security. Since so much of the sector is grant funded, privacy won’t truly be a priority until the grant making process prioritizes this.
With humanitarians educated about the risks of privacy, technologists invested in privacy by design, and donors committed to funding privacy risk-reduction activities, the global humanitarian community can extend the value of “protection” from the physical sphere into the electronic one to millions of people who depend on the humanitarian community.
Our goal should always be to keep people who were already at risk and often victimized from becoming victims all over again from fraud, electronic crime, or other threats to identity and agency.