OCHA’s role as data aggregator offers us a unique perspective into the multiple dataflows that exist within a crisis response and the many ways data is collected and processed. The Centre’s data policy work is focused on developing guidance, processes and practices for how OCHA handles data as the coordinator of humanitarian response. The Centre also provides advice to different stakeholders on data responsibility and data security. 

Humanitarian organizations collect, process, and use increasingly large volumes of data. This data can include personal, community or demographic information about affected people that enables the identification and tracking of individuals or groups. The disclosure of sensitive data in humanitarian response can lead to already vulnerable people and communities being further harmed or exploited.

“In order to ‘do no harm,’ we must be able to properly navigate the technical and ethical issues involved with data about crisis-affected people – from names and locations to fingerprints and iris scans. When not handled responsibly, data can place already vulnerable people at greater risk of harm or exploitation.”
-OCHA Assistant-Secretary General, Ursula Mueller

 

Data Responsibility

The Centre released a working draft of the OCHA Data Responsibility Guidelines in March 2019 to help staff navigate the technical and ethical aspects of working with humanitarian data. The Guidelines offer key actions, outputs, and tools across the steps in the data management process, including secure transfer methods, appropriate data storage and proper destruction of data. In 2019, the Centre supported a number of OCHA country offices to pilot the Guidelines. The Centre is now revising the Guidelines based on lessons learned through the field testing. As part of this revision process, the Centre welcomes additional feedback on the current version — please contact us at centrehumdata[at]un.org with comments.

To complement the Guidelines, the Centre is working with a range of partners to publish a series of eight guidance notes on Data Responsibility in Humanitarian Action. Through the series, the Centre aims to provide additional guidance on specific issues related to data responsibility in practice. This series is part of a two-year project that runs from January 2019 – December 2020 and is supported by the Directorate-General for European Civil Protection and Humanitarian Aid Operations (DG ECHO). 

In addition to developing practical guidance on topics of common interest, the Centre works to build trust through dialogue by convening conversations about data responsibility and related issues within its global network. In May 2019, the Centre held an event at Wilton Park in the UK on ‘Data responsibility in humanitarian action: from principle to practice’. The event yielded three areas for collective action and a number of steps that the Centre and our partners can take to make progress on data responsibility. 

Moving forward, the Centre will lead an open process to develop operational guidance on responsible data management in humanitarian response. The resulting document will be submitted for endorsement by the IASC in late 2020.

Data Security

As part of its role in managing HDX, the Centre is aware of the various types of sensitive data that are collected and used by our partners. Partners are not allowed to share personal data (including unique identifiers such as names and phone numbers) on HDX. All publicly-shared data must be sufficiently aggregated or anonymized in order to prevent the re-identification of people. 

This includes sensitive ‘group data’, which may contain aggregate information that, if disclosed or accessed without proper authorization, could cause negative impacts to affected people, humanitarian actors and/or a response. However, this data is more challenging to identify without deeper analysis. To detect sensitive survey and needs assessment datasets, the Centre applies ‘statistical disclosure control’ to determine the risk of re-identification of individuals and groups. For other potentially sensitive group data, the Centre works with context experts to determine the level of sensitivity and appropriate mechanisms for sharing.

With support from ECHO, the Centre is also developing a secure technical infrastructure and service model to improve how it supports partners in processing sensitive data more responsibly before sharing the data via HDX. 

Resources