As some of wrestle with the events in Afghanistan and with the Rohingya refugees highlighting the challenges and risks of digitalisation, we are left wondering what we can do. Many humanitarian agencies work in many fragile contexts globally. Therefore, the recent events in Afghanistan are not just about Afghanistan, but rather about how we work and the ecosystem in which we work. And yet, we what can we do as individual organisations today. Here are 10 things to consider:
- Conduct a responsible data maturity assessment in each of your offices. (Here’s another option)
- Data Mapping – in fragile contexts, in particular, find out where the data is kept. Don’t assume, track it. You’ll likely find some of it is on USB sticks, laptops, phones, and other random places. Change this.
- Data Minimisation – after doing your data mapping (point 2), talk to your project teams and ask ‘can we achieve our project purpose with less data’? You almost always can. So make the change. Leave speculation to the fleet street boys.
- Data protection – Find out if you have a data protection policy and check if it needs updating. But most importantly is the policy owned by someone and is it known and applied? Whatever you find, you can improve, so go for it.
- Data retention – find out how long your audit policy stipulates you keep sensitive data. Reduce this time period.
- Data Storage – Consider where you store sensitive data – is it in-country? in another country? Determine what is best for the community member and your organisation. Don’t assume what is good for your organisation is good for the community member.
- Data sharing – have official guidance from your organisation that’s practical and known by your frontline staff. Don’t assume what is good for your organisation is good for the community member.
- Awareness & Consent – Most organisations ask for consent before collecting personal data. However, the power differential is too great between the organisation and the vulnerable persons to be meaningful. It is not consent between two equals. Too much focus is on consent and not on awareness. Change your focus to ensuring people understanding what data you are collecting, why, with whom you’ll share it (and why), and what their rights are. Then check for understanding through your MEAL processes and in your audits.
- Have an Official Organisational position (or policy) on Biometrics & Artificial Intelligence – most organisations have just ‘fallen into’ using biometrics and AI because it is the latest technology promising to solve our problems. Don’t leave it to your frontline staff or your IT staff. These decisions are far too important to leave to one person or one team.
- Rapid Office Closure procedures – it is easy to delete a file from my laptop, but to permanently delete it takes many hours. Have a plan that is easily actionable, known, and practiced.
And lastly, don’t do the above alone. You don’t need to. At bare minimum, do this with a diverse group of people in your office or organisation. But ideally, do it with other organisations too. And if you are feeling courageous, invite the academics, the critics, the naysayers in to review what you’ve done, point out areas to improve, and learn from them.
While the above won’t solve everything, you will learn by doing it.
The choice is up to us.