|With new technologies enabling faster data collection and information management, there are opportunities for these technologies to be harnessed for continuous context-specific analysis in support of protection outcomes; however, if not handled responsibly, they can also expose individuals to additional risk. On April 5th, InterAction hosted a roundtable to dive into data protection standards and responsible practice of data collection, management, and use. The roundtable discussion sought to bring together a range of individuals from different backgrounds and workstreams to explore the frontier of responsible data and compliance with data regulations, bridge conversations that often happen in parallel and, ideally, give participants some tools or guidance on advancing the conversation internally within their organization.
Throughout the course of group discussion, this roundtable aimed to address the following questions:
· What are the challenges (political, cultural, technical) we face in getting our organizations to collect, manage, use, and dispose of data responsibly?
· How do we address those challenges in ways that are sustainable and not merely compliance-oriented?
· What role can InterAction play in supporting individual and collective efforts to improve our practice of responsible data?
Key Discussion Points:
Discussion points emphasized several relevant aspects of results-based protection, including:
· Going beyond “compliance” to ethical and rights-based approaches to responsible data collection and management. Group participants iterated that responsible data collection and management extends further than the rights of EU citizens (with respect to the new EU General Data Protection Regulation). As our community is grappling with the implications of new technologies and data practices facilitating faster data collection and information management, we must balance tensions between security, transparency, and use of data for decision-making and adaptive management for improved programming.
· Incorporating safe data needs from the outset: Planning is fundamental for practicing safe data. It is imperative to fully think through data collection, management, and use needs throughout the lifecycle of the intervention (as well as data storage and custody beyond the program cycle) from the design stage, including assessing the implications for organizational processes, resourcing and funding, and policies and processes needed to facilitate responsible data practice.
· Collaboration between multiple sectors and organizational units (e.g. Senior management, M&E, ICT, innovation, program, legal, HR, security and risk, etc.) is essential throughout design and implementation. In fostering this intentional collaboration, there is a need to ensure diverse stakeholders are speaking the same language (clarify definitions) and have a common understanding of a principled approach. For Protection Information Management, the PIM Process and Matrix can be useful tools to clarify definitions and underpinning principles. In ensuring that field colleagues and in-country partners are a part of the conversation, there may be a need for capacity development for information management which should be additionally considered from the design stage. Moreover, there is work to be done on inculturation and emphasizing that responsible data practices are everyone’s responsibility – not just a Data Protection Officer, ICT specialist, or M&E colleague.
· Data “horror stories” are often useful to convey the gravity of the issue and articulate how improper data management may expose end users and those who participate in development or humanitarian programs to additional risk; however, these stories need to be coupled with resources, best practice, and next steps to avoid paralysis and enable collective problem-solving.
Several participants shared resources and initiatives that their organizations are pursuing to strengthen their ability to collect and manage data:
Other resources mentioned during the discussion include:
The Way Forward:
As there seems to be an appetite for peer exchange and learning, InterAction is exploring opportunities for coordination and facilitated discussion and support around responsible data. To ensure organizations can invest as required for responsible data, there is a need to continue the conversation with donors about how to build resources into program design, and establish supportive funding requirements, for responsible data management in program implementation.
To promote institutionalization and inculturation (and to combat the “that’s not my job” syndrome) InterAction will explore options for an online certification process that members could make use of.
For more information on the event, please contact Katie Grant.