Short, concise, and simple is not easy. Sometimes long, detailed documents are necessary and extremely helpful. They allow us to dive deep into a subject, exploring it from different angles. Sometimes they are a hinderance. However, as a professor of mine once said, it is often easier to write 20,000 words than 1,000.
Writing about digital and data risks and harms is complex. And those implementing projects keep asking for flowcharts and activities to do. Here’s one attempt of things to ensure, consider, and do.
Does your project Collect Data?
- Ensure you have (and what) legal basis for collecting the data
- Ensure project participants are aware of why we collect data, what we do with it, and what their rights are and regularly check for understanding
- Ensure there are simple and effective ways for project participants to flag and report offensive interactions, fake accounts and impersonators, spam/fraud or inappropriate behaviour by staff members
- Ensure there are simple ways for project participants to access, correct or remove information they have previously uploaded or provided on your organisation’s platforms, or to contact platform administrators to request removal
- Ensure your office has a data breach plan
- Consider conducting a Data protection impact assessment (talk to your IT department and determine if your project needs to do one)
- Create (and maintain) a data inventory
Does your project Share Data with partners or third parties?
- Ensure there is a data sharing agreement in place
- Ensure there are options for project participants to decide not to have their data shared with 3rd parties