Data responsibility in humanitarian action is the safe, ethical and effective management of personal and non-personal data for operational response. It is a critical issue for the humanitarian system to address and the stakes are high.
OCHA’s role as data aggregator offers us a unique perspective into the multiple dataflows that exist within a crisis response and the many ways data is managed. The Centre’s data responsibility work is focused on developing guidance, processes and practices for how OCHA handles data as the coordinator of humanitarian response. The Centre also provides advice to stakeholders on data security.
Humanitarian organizations collect, process and use increasingly large volumes of data. This data can include sensitive personal and non-personal data about affected people that enables the identification and tracking of individuals or groups. The disclosure of sensitive data in humanitarian response can lead to already vulnerable people and communities being further harmed or exploited.
In addition to avoiding harm, the safe, ethical and effective management of data has a number of benefits: it can lead to more informed and transparent decision-making, more efficient humanitarian response, and increased trust among humanitarian actors and with the people they seek to serve.
Data Responsibility Guidance
After two years of field testing and feedback, the Centre finalized the OCHA Data Responsibility Guidelines (‘the Guidelines’) in October 2021. The Guidelines offer principles, processes and tools to support OCHA’s data work. They apply to all operational data managed directly by OCHA (such as who-is-doing-what-where), or data managed by humanitarian actors within activities coordinated by OCHA (such as needs assessments).
The Guidelines also address how OCHA should implement the IASC Operational Guidance on Data Responsibility in Humanitarian Action, which was endorsed in February 2021 after a year-long consultation process jointly led by the Centre, the International Organization for Migration (IOM) and the UN High Commissioner for Refugees (UNHCR) and involving over 20 organizations. The IASC Operational Guidance recommends a set of actions for data responsibility at different levels of a response and includes templates to support organisations, clusters/sectors, and inter-agency working groups and coordination mechanisms in adopting data responsibility.
Together with the Danish Refugee Council (DRC), IOM, and UNHCR, the Centre co-chairs the Data Responsibility Working Group (DRWG) to help monitor progress on the implementation of the IASC Operational Guidance and provide advice to our community.
The Centre has also worked with a range of partners since 2019 to publish a series of guidance notes on data responsibility. These notes offer advice on specific issues related to data responsibility in practice. This series was supported in 2019 and 2020 by the Directorate-General for European Civil Protection and Humanitarian Aid Operations (DG ECHO) and continues in 2021 and 2022 with support from the Government of Switzerland. French and Spanish translations of the guidance notes are available here.
The guidance comes amid growing recognition of the importance of data responsibility in humanitarian operations.
Data Security
As part of its role in managing HDX, the Centre is aware of the various types of sensitive data that are collected and used by our partners to meet needs in humanitarian operations. While organizations are not allowed to share personal data on HDX, they can share survey or needs assessment data which may (or may not) be sensitive due to the risk of re-identifying people and their locations. This data is often challenging to identify without deeper analysis.
The Centre applies statistical disclosure control (SDC) to all microdata shared on HDX to determine the risk of re-identification of individuals and groups. We have also integrated a detection tool from Google called Cloud Data Loss Prevention (DLP) into the HDX dataset screening and Quality Assurance (QA) process. For other potentially sensitive data, the Centre works with context experts to determine the level of sensitivity and appropriate mechanisms for sharing.
Learn more about how to conduct a disclosure risk assessment here.
Partnerships
In addition to developing practical guidance, the Centre works to build trust through dialogue by convening conversations about data responsibility and related issues within its global network.
In May 2019, the Centre held an event at Wilton Park in the UK on ‘Data responsibility in humanitarian action: from principle to practice’. The event yielded three areas for collective action and a number of steps that the Centre and our partners can take to make progress on data responsibility.
In September 2020, the Centre, the International Committee of the Red Cross (ICRC) and the Government of Switzerland launched the Humanitarian Data and Trust Initiative (HDTI) to advance the protection and responsible use of humanitarian data. Through its three pillars of Policy & Dialogue, Research & Development and Education & Outreach, the HDTI aims to connect technological expertise with policy research and catalyze collective action on data responsibility. Learn more about the HDTI here.
Resources
- An Introduction to Disclosure Risk Assessment
- “Bridging the Gap of Humanitarian Data” (Digital Impact Podcast about the Working Draft OCHA Data Responsibility Guidelines)
- “Data to the rescue: how humanitarian organisations use information” (Babbage Podcast recorded live at Wilton Park)
- “Data Incidents: Design with Responsibility in Mind” (Digital Impact Podcast about Data Incident Management)
- UN Personal Data Protection and Privacy Principles
- Handbook on Data Protection in Humanitarian Action, ICRC and Brussels Privacy Hub
- UN General Assembly Resolution A/RES/45/95 on the Regulation of Computerized Personal Data Files