During the event, participants posed many interesting questions, and the panelists responded in writing to many of the ones we did not have time to discuss during the event. You will find their responses below.
How can we have a central data for internally displaced peoples when we do not have a system like proGres that track and collects data with nio duplication? We tried to convince the government partner but this seems to fall on deaf ears. Could this be part of the TOR if the government seeks for international humanitarian assistance? With refugees, it is nor an issue since this was accepted already. but with IDPs, this is a challenge on data accuracy, confidentiality.
- Mitch Levine: A big question and an important one, but I don't think there is going to be a clear answer. Having some kind of information system would be a good part of the ToR, but the nature, ownership, and driver of that system is always going to be highly context dependent as governments have the right to lead there.
I agree that data sharing and integration is needed to get a full insight into patterns of data and lived experiences. I wonder if there is a proposed actionable solution to promote better, yet safe data sharing and open data? [Alex Ross]
- Mitch Levine: Interagency platforms that are secure are critical. HDX Connect is the gold standard, but there are others run by UNHCR for example
- Stuart Campo: You can learn more about HDX Connect here.
What is the standard for UN agencies to share/protect data and how do they support their NGO partners in this regard? [Fiona Gall]
- Christie Bacal-Mayencourt: This varies from one organization to another. Data protection is often an internal compliance policy. Data sharing agreements are often unique based on contractual provisions agreed to between agencies.
What are some suggestions to avoid survey fatigue? [Nagham]
- Christie Bacal-Mayencourt: Inter-agency / joint consultations for organizations in the same sector, public forum where safe to do so, map existing data and sources of data, avoid incessant surveys without a clear objective.
- Simone Holladay: Agreed, with Christie on mapping expsiting data and coverage to ensure that there is limited duplication. In terms of questionnaire design/ indicator selection, one way is to really consider what data will be used before collecting it, and unfortunately means saying no to additional questions. I think testing interview length during pretests, and testing analysis before starting data collection to ensure the data produces what you need. Less is more.
Do you have tools and documents to help us in this area [Etobe]
- Christie Bacal-Mayencourt: Hi Etobe! There are tools available in the accountability and inclusion portal and the data responsibility operational guidance is available online. More tools will be developed specific to AAP and data responsibility. Stay tuned.
My question is to know how, as humanitarian worker, I could manage confidentiality and transparency of data from beneficiaries. For example, in the case where the government asks me to share a list of beneficiaries of a project, what could be the best way to respond? [Patrick Ngomdjom Kountchou]
- Fanny Weicherding: Hi Patrick, thank you for your question. Managing personal data is always subject to a number of regulatory frameworks that we as humanitarian organizations need to uphold. In addition and in line with such obligations, personal data may only be shared for a specified purpose and must be proportionate to that purpose. When asked to share beneficiary lists, it can be important and productive to ask for this purpose. Often, the questions that a government may have could be answered by less detailed data, for example anonymized data. So this could be the response to such a request (share aggregated / visualized data that contains no personal data). In this case, this discourse can help foster understanding of data security and data protection of the party that requests the data. In addition, finding a compromise can help continue to keep a good collaboration with the government authorities, while respecting and upholding data responsibility.
How do we balance data collection with dwindling resources for humanitarian work? My question relates to Christie's submission around fatigue and frustrations among beneficiaries because of data collection with no assistance/change in their lives associated with the data collection. [Karen Kotut]
- Simone Holladay: This trade-off is not a small one to consider, since we want to responsibly identify and reporesent, and provide assistance to the most vulnerable, so some level of rigour in data collection is required indeed, but at some point, the cost of the burden has to be considered as Mitch mentioned.
Regarding the anecdote of multiple humanitarian organizations asking the same question, how can we break that process while balancing the specific special interests of organizations and their respective mandates?
Open data is such a compelling case, but are we getting close to achieving that because even on an inter-agency level UN, and NGOs compete with each other (and somehow data is treated as an advantage in that competition)?
- Christie Bacal-Mayencourt: Good point. We do have standards but we live in the reality in competing for funding, and an organization having quality data (not necessarily quantity of data) is an advantage. I don't have sufficient information to assess how close we are in achieving efficient and responsible data sharing, but we hope today's discussion can help for everyone to think about this.
Hi, what are the best practices for ensuring data protection and privacy while still providing meaningful information through maps (ie ArcGIS field maps, QGIS, Kobo, etc)?
- Simone Holladay: One would be to not collect/ digitize/ manage PII (names, date of birth) of respondents, without some very tight consent protocols. Usually maps don't have sensitive, if it is a thematic map produced at Admin 0, 1 level, when the maps become more location focused, the risk becomes about disclosure of locations such as hospitals, schools, etc, which may be at risk. Overall suggestion is to conduct a risk-assessment on the information you are collecting, and the analysis, reports/ products you are releasing.
What is the minimum standard of care guidelines in humanitarian crises? [Isatou Sarr]
- Christie Bacal-Mayencourt: Multi-disciplinary approach: AAP, data responsibility, 'do no harm', centrality of protection, prevention of and response to SEA, diversity inclusion, inclusion of people with different capacities, gender equality, principled humanitarian action. They are not contained in one document but they are integrated in each policies/guidance.
In your experience in the field, are you always obliged to share data or your data-based findings with the government of the places you work in? If yes, are there measures you can take at your level to ensure that the government will not use these data for malicious purposes e.g. targeting political opposition groups or minorities? [Rogers Alunge]
- Fanny Weicherding: Sharing data with host governments can enable humanitarians to maintain access, provide information about their activities and promote collaboration with the authorities where possible. For these different purposes, humanitarian organizations should think about the level of detail that is needed to fulfil these purposes. This means that, for example, there might not be a need to share personal data to fulfil the above purposes of the data sharing. Similarly, when aggregating data, humanitarians should consider whether sensitive information (such as group identity) is safe to share, and strive not to share such data where it would put communities at risk. In this way, they can be able to share data that responds to the government's questions without putting affected people at risk of harm.
How do you handle data privacy in a war zone lawless country?
- Fanny Weicherding: The absence of law does not mean there will be an absence of principled action. Ensuring data is handled in a safe, ethical and effective way must be a commitment humanitarians make in all of their data management activities.
With regard to safety in client communication, what happens when quantum tech breaks encryption? [Alève Mine]
- Mitch Levine: No answer for you, apart from the aforementioned flexibility of data collection systems, but excellent question and point.
For the Afghanistan case, did you consider using a free toll line in collecting the information? How do you log the calls, complaints and give the required feedback. What is the follow up method? In addition, do you have self-help recorders?
- Husni: We're using both face to face and hotline modalities via KOBO and analysed through Power BI. We have SOP for data management by info management and technical advisors only to minimise the exposure of deatiled info. On response, we're advocating data to leaders and monitorign team go back to communities to communicate back.
One of the principles mentioned was data quality. In the humanitarian response some of the software to improve the data quality. What are the key indicators that needs to fellow to ensure the quality data are collected from the project stage until the project life cycle? [NCA]
- Fanny Weicherding: Data quality should be maintained such that the owners, users and other key stakeholders are able to trust data management activities and their resulting products. Data quality means that data is relevant, accurate, timely, complete, standardized, interoperable, well-documented, up-to-date and interpretable, in line how we intended to use it and keeping in mind the operational context. Organizations should where possible strive to collect and analyze data by age, sex and disability disaggregation, as well as by other diversity characteristics as relevant in order to ensure no one is left behind.
How do the Accountability processes allow to detect, for instance, human trafficking? [José Alberto Henao]
Is the information sharing protocol by OCHA mentioned by Mitch, available for other actors outside Ukraine? (Could it be used in other settings?) [Milou]
- Mitch Levine: Here is Ukraine's: https://reliefweb.int/node/3823141
To answer your second question - no, I don't think these can be used across contexts because sensitivity is so varied across those contexts, there are applicable legal frameworks, etc... That said, the guidance Fanny linked to has some good principles (e.g. personal info = highly sensitive).
How does this play out in a regime that has a rigorous data protection policies and legislation? [Jobisa]
- Fanny Weicherding: National data protection legislation will inform how different humanitarian organizations are collecting and managing data. National organizations will be subject to these legislations, while International Organizations might have some privileges and immunities that play a part in the applicable framework. However, data responsibility should always be aligned with applicable personal data protection policies as these policies aim to protect the data subjects.
Please should we consider data ownership in humanitarian context different from property law? I ask because in case of the right to be forgotten, is the organisation obliged to obey a data deletion request from an affected person where that organisation has a competent legal basis to withhold and continue processing that data? e.g. in order to be able to protect the vital interests or provide vital aid to that person in accordance with the organization's mandate. [Rogers]
- Mitch Levine: A great question, but one I'm not sure I'm fully qualified to answer! As an individual, though, if I gave my data to a corporation or organization, I believe under the right to be forgotten I would be able to demand deletion of that data. There are almost certainly exceptions to that - for example governments I assume can keep data in relation to public safety - but I would defer to those with more extensive knowledge and understanding of this legal principle.
Does IOM have a specific guidance on how to implement "the right to be forgotten" as mentioned by Mitch, to improve our data collection practices and ensure we make this possible? [Laura Mosberg]
- Christie Bacal-Mayencourt: IOM has a data protection policy which include data deletion and data retention assessments. When no longer necessary, all records and backups should be destroyed or rendered anonymous. Data controllers assess sensitivity of data and other considerations.
With the deepening of humanitarian development nexus and taking consideration that development programming relies more on quality data and complete data sets, what are the foreseeable issues that issues that might compromise the principles for data responsibility in humanitarian action.
- Fanny Weicherding: The Principles for Data Responsibility are based on a review of existing principles for data management across the humanitarian and development sectors. As such, they are well recognized principles across both these sectors and would not necessarily be compromised by this intersection.
It was apparently shown that anonymized data can be re-identified. How is non-PII produced? [Alève Mine]
- Simone Holladay: It is not collected, and identifiers removed/ masked if there is risk for disclosure.