Many individual organizations have policies and guidelines specific to the safe, ethical, and effective management of different types of data. Institutional policies on personal data protection are particularly relevant to the responsible management of health data and should serve as a primary reference for staff in the COVID-19 response.

In addition, many national and regional authorities have included provisions specific to health data management in national and regional data protection legislation and other relevant regulatory frameworks. National laws on medical practice may also include specific rules on health data management. Consult a local legal professional to ensure you are aware of and abide by all applicable data protection laws.

The World Health Organization Policy statement on data sharing by WHO in the context of public health emergencies (as of 13 April 2016) and Guidance on good data and record management practices are the primary global frameworks of reference for the management of data in public health emergencies.

The Global Health Cluster Standards for Public Health Information Services in Activated Health Clusters and other Humanitarian Health Coordination Mechanisms should also serve as a key reference for humanitarian practitioners. Although this document refers to Public Health Information Services (PHIS) in activated health clusters (HCs), these PHIS Standards are by no means restricted to health clusters, and can be applied to support government led emergency coordination or other types of humanitarian sectoral coordination mechanisms.

The WHO ‘Policy on the use and sharing of data collected in Member States by the WHO, outside the context of public health emergencies’ contains extensive annexes on security, safeguards, ethics and guidance on implementation and may also serve as a helpful reference. However, the policy excludes data shared in the context of public health emergencies, including Public Health Emergencies of International Concern (such as the COVID-19 pandemic) and data and reports from clinical trials and biological samples, and data collected by WHO prior to policy implementation.

While there are a number of different sets of principles related to the responsible management of data in public health, international development and humanitarian action, the most directly relevant here are the FAIR data principles and the United Nations Privacy Policy Group Personal Data Protection and Privacy Principles.

When data is used for purposes other than informing the response (e.g. research), additional frameworks and principles may apply. Researchers should refer to the WHO Code of Conduct for responsible Research, which provides standards of good practice to guide individuals working on all research associated with WHO, including non-clinical research, in line with the principles of integrity, accountability, independence/impartiality, respect and professional commitment described in WHO’s Code of Ethics and Professional Conduct.