Sensitive Data

| January 9, 2021

HDX endeavors not to allow publicly shared data that includes community identifiable information (CII) or demographically identifiable information (DII) that may put affected people at risk. However, this type of data is more challenging to identify within datasets during our quality assurance process without deeper analysis. In cases where we suspect that survey data may have a high risk of re-identification of affected people, we run an internal statistical disclosure control process using sdcMicro. Data is made private while we run this process. If the risk level is found to be too high for public sharing on HDX given the particular context to which the data relates, HDX will notify the data contributor to determine a course of action.

| January 9, 2021

The OCHA Data Responsibility Guidelines ('the Guidelines') helps staff better assess and manage the sensitivity of the data they handle in different crisis contexts. We recommend that HDX users familiarize themselves with the Guidelines.

Different data can have different levels of sensitivity depending on the context. For example, locations of medical facilities in conflict settings can expose patients and staff to risk of attacks, whereas the same facility location data would likely not be considered sensitive in a natural disaster setting.

Recognizing this complexity, the Guidelines include an Information and Data Sensitivity Classification model to help colleagues assess and manage sensitivity in a standardized way.

For microdata (survey and needs-assessment data), you can manage the sensitivity level by applying a Statistical Disclosure Control (SDC) process. There are several tools available online to do SDC - we use sdcMicro.

The Centre has developed a Guidance Note on Statistical Disclosure Control that outlines the steps involved in the SDC process, potential applications for its use, case studies and key actions for humanitarian data practitioners to take when managing sensitive microdata.

| January 9, 2021

HDX does not allow personal data or personally identifiable information (PII) to be shared in public or private datasets. All data shared through the platform must be sufficiently aggregated or anonymized so as to prevent identification of people or harm to affected people and the humanitarian community. We do allow private datasets to include contact information of aid workers if they have provided consentto the sharing of their data within the organisation. Read more in our Terms of Service.

| January 9, 2021

For the purpose of sharing data through HDX, we have developed the following categories to communicate data sensitivity:

  1. Non-Sensitive - This includes datasets containing country statistics, roadmaps, weather data and other data with no foreseeable risk associated with sharing.
  2. Uncertain Sensitivity - For this data, sensitivity depends on a number of factors, including other datasets collected in the same context, what technology is or could be used to extract insights, and the local context from which the data is collected or which will be impacted by use of the data.
  3. Sensitive - This includes any dataset containing personal data of affected populations or aid workers. Datasets containing demographically identifiable information (DII) or community identifiable information (CII) that can put affected populations or aid workers at risk, are also considered sensitive data. Depending on context, satellite imagery can also fall into this third category of sensitivity.