In a crisis, people have a high degree of anxiety and their bodies are on ‘high alert’. Many of those fleeing the crisis in Ukraine also have good levels of digital literacy and understand their data can be used against them by bad actors. Therefore, when we collect personal data about them, we will likely raise their anxiety.
Therefore it is critical we communicate clearly and often with them about what data we are collecting, why, with whom it will be shared, and what their rights are. Below are a few more activities to consider in your work.
- Discuss with refugees if they have any concerns about the data being collected, how it is used, or with whom it will be shared and then take appropriate action to reduce concerns.
- Use the Awareness and consent cheat sheet planning template to help you in your planning and actions
- Over communicate – use pamphlets, complaints mechanisms, FGDs, as appropriate and ensure it is clear how they can talk with us
- If sensitive personal data is being collected digitally, it must be encrypted and/or pseudonymised and be stored separately from other personal data. Contact your IT team for assistance
- If sensitive personal data is being collected on paper, it should be stored in a locked drawer or filing cabinet.
Here are a few things to do together with your IT team:
- Request data protection impact assessments (DPIAs) to be conducted by the Information and Security team on all systems being used for data collection, analysis, storage, etc. Don’t assume they have been done – ask.
- Ask IT to ensure personal data is always being stored in encrypted files and devices and held separately from other project data.
- Limit access of project staff to only the parts of the datasets they require to fulfil their tasks
- Ensure the office has a data breach plan that is up to date and known by project staff (Data breach plan should be created by IT but known by staff)