10 things feels too much, but often 3 feels more manageable. There is likely various reasons for this, some spanning all of history. So then what are 3 things project teams should focus on to reduce digital risk and harm for the project participants?
Answers will vary, but here’s where I’d start:
- Confirm project participants are aware of why we collect data, what we do with it, and what their rights area, how to update/correct their information and regularly check for understanding. This is not a one-off activity, but rather an ongoing one. (Here’s a resource that might help your project team with it)
- Conduct a data protection impact assessment of your project. Go beyond looking at the digital systems being used, but ask questions about purpose, process, and culture.
- Connect project team members with a community of other practitioners who are discussing, implementing, and learning how to reduce digital risk and harms in their projects. This could be responsibledata.io, ToIP, or internal or interagency groups. Ensuring project team members that they are not alone in trying to figure out how to do this might just be the most important of the three.
Beyond this, I’d encourage you to do everything you can to enable the project participants to have control over their data. We are humanitarians, not commercial companies. There is a legal difference and should also be a difference in our view of data.
What would your top three be?