This guidance tackles the common misconception that DATA RESPONSIBILITY is either the responsibility of an organization’s legal team, or information management officers (IMO). This operational guidance, on the other hand, is intended for everyone collecting, using, storing, sharing and thinking about data within humanitarian contexts, including on human mobility.
The operational guidance demonstrates that a collective effort by humanitarian organizations in any given response context is necessary for data responsibility to be fully understood, and for appropriate safeguards to be put in place.
What is DATA RESPONSIBILITY?
Data responsibility in humanitarian action is defined in the IASC guidance, as the Safe, Ethical and Effective management of personal and non-personal data for operational response.
In January 2020, under the Results Group 1 on Operational Response, a key IASC mechanism which delivers on enhancing operational response, particularly with regards to any gaps from the normative/policy perspective, the IASC established the sub-group on Data Responsibility. The group was co-led by the United Nations Office for the Coordination of Humanitarian Affairs (OCHA)’s Centre for Humanitarian Data, the United Nations High Commissioner for Refugees (UNHCR) and the International Organization for Migration (IOM). Other members include: Danish Refugee Council (DRC), Care, Catholic Relief Services, International Committee of the Red Cross (ICRC), International Federation of Red Cross and Red Crescent (IFRC), International Rescue Committee (IRC), Joint IDP Profiling Service (JIPS), Mercy Corps, Medecins Sans Frontieres (MSF), Norwegian Refugee Council (NRC), Oxfam, Save the Children, Office of the United Nations High Commissioner for Human Rights (OHCHR), United Nations International Children’s Emergency Fund (UNICEF), United Nations Populations Fund (UNFPA), World Food Programme (WFP) and the World Health Organization (WHO).
Over the course of 2020, the sub-group took a series of steps to identify gaps, and subsequent priority areas of focus for operational guidance. This led to the development of the Principles for Data Responsibility for Humanitarian Action, these being:
- Accountability
- Confidentiality
- Coordination and Collaboration
- Data Security
- Defined Purpose, Necessity and Proportionality
- Fairness and Legitimacy
- Human Rights-Based Approach
- People-Centered and Inclusive
- Personal Data Protection
- Quality
- Retention and Destruction
- Transparency
These principles are designed to inform the safe, ethical and effective operational data management for any given response contexts. They are also designed to reinforce humanitarians' overarching commitment to Do No Harm while maximizing the benefits of data in humanitarian action and to ensure the centrality of affected people, their rights and well-being in humanitarian action. The operational guidance is so much more than a Data Protection document. This is for everyone, not just ‘the data people'.
Recommended Actions for the various hierarchies of a humanitarian response
The development of the principles led to the identification of ‘Areas of Action’. These are tangible entry and leverage points that can improve the way the humanitarian community operates and can help represent some of the minimum standards for ensuring data responsibility in practice. However, all humanitarian contexts can be complex, hierarchical and mandate-driven, these areas of actions are tailored to the different levels of a humanitarian context, and are organized as:
- System-wide level
- Cluster/sector level
- Organizational level
The Areas of Actions are identified as:
- Data responsibility diagnostic establishes an overview of existing data responsibility measures in an organization collecting information and the benefits and risks associated with data management
- Data ecosystem map and data asset registry can support visualizing data flows between different stakeholders involved in data collection and lists data assets available within organizations
- Data impact assessments can help to determine the potential benefits and risks associated with a data management activity in a given context/organization
- Designing for data responsibility ensures inclusion of data responsibility in the design and implementation of data management activities
- Information sharing protocol, and data and information sensitivity classification provides a common framework for information and data exchange, informed by a shared definition of sensitivity and conditions for disclosure to external partners
- Data sharing agreements formalize standard agreements for bilateral transfers of personal data or sensitive data in a protected manner when absolutely essential for ensuring aid delivery
- Data incident management establishes internal and cross-organizational protocols for reporting and addressing data incidents to avoid them occurring again in the future
- Coordination and decision-making on collective action for data responsibility fosters collaboration and enables the allocation of responsibilities and accountabilities around data management in a team/organization
For each area of action, the recommend action and definition of roles and responsibilities has been tailored to the specific level of focus. The tools can be found in the annex to the guidance, and will be further developed throughout 2021.
Why it is important?
This Operational Guidance is important for actors working on human mobility in several ways. For example, for IOM’s Displacement Tracking Matrix (DTM) or Global Migration Data Analysis Centre (GMDAC), it is important for ensuring the quality and standards of information products. The Guidance can also ensure affected populations and other actors that their data are collected, processed, stored and used in a responsible manner, thus building trust. As the global cluster lead for the Camp Coordination and Camp Management (CCCM) cluster in the UN humanitarian system, international organizations have an important role in promoting and supporting responsible data practices amongst its field partners within the cluster. Lastly, within humanitarian contexts, organizations working on migrationplay a critical role in providing life-saving operations, when for example developing beneficiary lists or supporting with case management practices, which require clear and concise data responsibility practices to avoid misuse and putting beneficiaries at risk if data are leaked or not protected adequately.
What’s next?
The next step for the group is to implement the guidance at the response-level on the ground and to monitor its impact on data responsibility practices. The delivery of the guidance concludes the group in its formal IASC role. However, it plans to continue, where it aims to work with country missions to identify which areas of actions need attention, deploy the tools for the action, and monitor the impact. This work can then help the tools evolve, make them more ‘response friendly’ and slowly, but surely work collectively to ensure that we as humanitarians are data responsible.