What are the key measures I should take to ensure privacy and data protection in data management?

Data management in the COVID-19 response should be principled and follow existing best practice in humanitarian data management. Some key measures for upholding privacy and data protection include:

  1. Purpose limitation: clearly specify the purpose for which data is needed, explain this to the populations from whom data will be collected, and establish safeguards to ensure that data is used only for the intended purpose.
  2. Privacy by design: anticipate and build-in technical and procedural measures to prevent privacy invasive events at the outset of a data management exercise.
  3. Transparency: provide accurate and complete information to people about what data is being collected about them, for what purpose, how it will be used, how long it will be kept and who it will be shared with
  4. Necessity and proportionality: only collect data that is relevant and necessary to achieve the purpose specified, thereby abiding by the principle of data minimisation.
  5. Time limitations: ensure that any data processing is strictly limited in time and that data collected for COVID-19 response efforts is not retained beyond the time for which they are strictly needed to combat the pandemic.

For additional resources and examples of best practice on data protection and privacy in the COVID-19 response, see this repository from UN Global Pulse: https://www.unglobalpulse.org/policy/covid-19-data-protection-and-privacy-resources/

For detailed recommendations on data privacy, data protection, and responsible data management in digital contact tracing, see this recent working paper from UNICEF: https://www.unicef-irc.org/publications/1096-digital-contact-tracing-surveillance-covid-19-response-child-specific-issues-iwp.html