Data incidents are events involving the management of data that have caused harm or have the potential to cause harm. As more data and a greater variety of information systems are used in humanitarian response, there is an increased risk of data incidents occurring in humanitarian contexts.

Humanitarians have not had a common understanding of what comprises a data incident, nor is there a minimum technical standard for how these incidents should be prevented and managed. Without a shared language and clear approach to data incident management, humanitarian organisations risk exacerbating existing vulnerabilities as well as creating new ones, which can lead to adverse effects for affected people and aid workers.

In collaboration with the Jackson Institute for Global Affairs at Yale University, the Centre has developed a Guidance Note on Data Incident Management to help address these gaps in understanding and practice.


The note outlines the four aspects of a data incident, and presents a generic risk model with key risk factors that organizations can use to better understand their own potential vulnerabilities. It also provides examples of data incidents, such as physical breaches of infrastructure, unauthorised disclosure of data, and the use of ‘anonymised’ beneficiary data for non-humanitarian purposes, among others. Drawing on global best practice in information security, the note offers a five step approach to data incident management that humanitarian organisations can adapt to their operations. Finally, it proposes three areas for investment to help humanitarian organisations introduce or improve data incident management. Download the Guidance Note: Data Incident Management for more information.

This is the second in a series of eight guidance notes on Data Responsibility in Humanitarian Action, which will be published over the course of 2019 and 2020. Through the series, the Centre aims to provide additional guidance on specific issues, processes and tools for data responsibility in practice to complement the OCHA Data Responsibility Guidelines.  This series is made possible with the generous support of the Directorate-General for European Civil Protection and Humanitarian Aid Operations (DG ECHO). 

Read the first guidance note on Statistical Disclosure Control here

For more on managing sensitive humanitarian data, visit the Data Responsibility page on the Centre’s website or contact our team at