OCHA’s role as data aggregator offers us a unique perspective into the multiple dataflows that exist within a crisis response and the many ways data is collected and processed. The Centre’s data policy work is focused on developing processes and practices for how OCHA handles data as the coordinator of humanitarian response. The Centre also provides advice to different stakeholders on data responsibility and data security.

Humanitarian organizations collect, process, and use increasingly large volumes of data. This data can include personal, community or demographic information about affected people which enables the identification and tracking of individuals or groups. The disclosure of sensitive data in humanitarian response can lead to already vulnerable people and communities being further harmed or exploited.

“In order to ‘do no harm,’ we must be able to properly navigate the technical and ethical issues involved with data about crisis-affected people – from names and locations to fingerprints and iris scans. When not handled responsibly, data can place already vulnerable people at greater risk of harm or exploitation.”
-OCHA Assistant-Secretary General, Ursula Mueller

 

Data Responsibility

A working draft of the OCHA Data Responsibility Guidelines was circulated in March 2019 to help staff navigate the technical and ethical aspects of working with humanitarian  data. The Guidelines offer key actions, outputs, and tools across the steps in the data management process, including secure transfer methods, appropriate data storage and proper destruction of data. The Centre will be supporting OCHA offices to pilot the Guidelines in 2019. We are also open to receiving feedback on the current version — please contact us at centrehumdata[at]un.org with comments.

The Centre will convene a number of conversations on data responsibility in the first half of 2019. We invite partners to join these conversations by signing up to the Centre’s Data Policy mailing list. In May 2019, we are holding an event at Wilton Park in the UK on ‘Data responsibility in humanitarian action: from principle to practice’.

Over the longer term, we plan to engage members of the IASC to develop operational guidance on responsible data use within the humanitarian sector. We hope this process will lead to the adoption of a joint statement on data responsibility by the IASC Principals.

Data Security

As part of its role in managing HDX, the Centre is aware of the various types of sensitive data that are collected and used by our partners. Partners are not allowed to share data with personal attributes such as names and phone numbers on HDX. All publicly-shared data must be sufficiently aggregated or anonymized in order to prevent the identification of people.

We also do not allow data to be shared on HDX that includes sensitive community or demographically identifiable information that, if disclosed or accessed without proper authorization, are likely to cause serious harm or negative impacts to affected people, humanitarian actors and/or damage to a response. However, this data is more challenging to identify without deeper analysis. For these cases, the Centre uses a ‘statistical disclosure control’ process to determine the re-identification risk of survey data and to help contributors prepare datasets for appropriate public or private sharing.

With support from ECHO (the Directorate-General for European Civil Protection and Humanitarian Aid Operations), research is underway to inform the development and prototyping of secure technical infrastructure for key partners to process sensitive data after it has been collected or as it is shared via HDX.

Resources