As the Taliban march on Kabul, there is a flurry of activity in NGOs and donor communities. People are being told to delete any personally identifiable information (PII) they have on Afghan staff, community members, or anyone they have worked with. This includes biometrics. The fear is that the Taliban will use this data to target those who have worked with the ‘enemy’.
This is no doubt scary for everyone involved. However, it also raises a number of questions. Why was this data collected in the first place? What were or are the deletion policies of these organisations? Why is PII held in multiple places? Why now? Has there not been preparedness planning done prior?
This event along side of the recent Rohingya debacle should highlight issues with the data we collection and the data governance around it. Perhaps people will now wake up to reality that data is people. And people will die because of the data we collect.