I was asked for some simple do’s and don’ts around responsible data practices. ‘Something I put up on the wall by my desk so others can see. More Do’s than Don’ts please. And NO geeking out, normal people need understand it. Oh, and don’t worry about colours and design stuff, simple bullets to start with please.’ That was the more detailed brief, which, yes, made me smile. So here’s what I put together:
1. Don’t exchange any sensitive and/or personal data (yours or the people you seek to serve) on Facebook or any of its own platforms (messenger, whatsapp, instagram, etc.)
2. Don’t use solutions or software before your organisation’s IT’s Information and Security team has conducted a Privacy Impact Assessment (PIA) and a Data Protection Impact Assessment (DPIA) on them
3. Don’t share or exchange any sensitive and/or personal data with other organisations, governments, or donors with a clearly articulated MOU outlining why they need the data, how they will use the data, with whom they will share it, and when they will delete it.
1. Do collect the minimum amount of data needed to perform whatever function you are doing. Less is better.
2. Do create awareness with the people about whom you are collecting data – they should understand why we need the data, how we will use it, who will have access to it, with whom we will share it, and when we will delete it
3. Do consider carefully the long term – how could this data be used negatively in the future?
4. Do share safety tips about how to live wisely in a digital world with the people we seek to serve
5. Do consider the literacy (linguistic and digital) rates of the people you seek to serve (there will always be pockets of illiteracy)
6. Do consider device access (often women and girls have the least access)
7. Do consider who does ‘going digital’ leave out and how can we include them
8. Do always provide alternatives and multiple channels of engagement
By no means is the list above exhaustive, but hopefully it fit the brief. How would you answer the brief?