Accurate data enables effective decision making that is important in all aspects of a business or for any undertaking. As a data entry company, we know that data is at the heart of any organization. Data are of different types and here we are going to talk about humanitarian data. UN’s OCHA (Office for the Coordination of Humanitarian Affairs) defines humanitarian data as data about the context in which a humanitarian crisis is occurring; data about the people affected by the crisis and their needs; and data about the response by organizations and people seeking to help those who need assistance. The principle of humanitarian action is Do No Harm, signifying that any action undertaken should not result in harm to those affected by the crisis. There should be minimal risk with effective use of the data available. However, data collection and processing in humanitarian action has some element of risk of harm as for instance, data breach. If there should be no risk at all, then there should be no collection of data. But this won’t work. For efficient decision making, data is vital. Proper use of data can increase the efficiency and speed of operation as well as accurate targeting of interventions, and in some cases even allow for hands-on work to prevent potential disasters before they emerge. These issues were discussed at an event on data responsibility in humanitarian action held at Wilton Park in May, which was hosted by OCHA Centre for Humanitarian Data.
Risk vs. Utility when Managing Data
Humanitarian data management involves data collection and data sharing, both of which carry risk. To minimize risk while utilizing the data available, both risk and utility have to be quantified. Risk is measured in terms of severity and chances of its occurrence. With GDPR being implemented in European countries, many organizations make sure not to share personally identifiable data. Many organizations are also coming to realize the potential risk of re identifying respondents by combining multiple data sources. Ideally, the measure of riskiness of the data could be taken as the extent to which data can be employed to support illegitimate interventions.
OCHA works with many partners including the Red Cross and has hundreds of country offices. During a crisis, these partners collect data and store it in spreadsheets on their own computer systems. However, there is little interoperability or a means to share timely information with others. OCHA’s Humanitarian Data Exchange (HDX) aims to improve this by enabling collaboration through an open source software tool designed to achieve collective benefits of accurate, timely, local and reliable data. When such data is shared and utilized, measures have to be taken to safeguard confidentiality of any sensitive data.
How does OCHA handle the data it collects? As a coordinator and data aggregator, OCHA has a unique perspective into the many data flows that exist within a crisis response as well as the many ways in which data is collected and processed. The agency does not allow the sharing of personal data or high-risk data through the HDX platform even when attempting to drive growth in datasets or users. They monitor every dataset added to the platform and flag sensitive data to their partners or contributors. According to OCHA’s ASG (Assistant Secretary General) Ursula Mueller, to do no harm, they must be able to properly navigate the technical and ethical issues involved with data about crisis-affected people – from names and locations to fingerprints and iris scans. If data is not handled responsibly, it can place already vulnerable people at greater risk of harm or exploitation.
- Data minimization or collecting only the essential data is considered the best way to ensure that the data aren’t stolen or misused. Donors can also play a crucial role in data minimization efforts. An increased chance of risks could be created for affected people by donor audits or evaluations. It is important therefore to weigh the need to effectively appraise the relief effort against the risks data collection and storage would entail. To simplify reporting hassles for operational agencies and reduce avenues of attack for troublemakers, donor requirements could be balanced to cover a few important indicators.
- To minimize risk of data sharing, there should be a good set of rules for exchanging information. Apart from between the organizations, these rules should extend across an entire sector to maximize impact.
- Another alternative for safe data sharing is using contemporary cryptographic solutions, which allows for data usage without giving up data governance. So, organizations can run analysis on another organization’s data and get total output without accessing the data directly.
Any data conversion company knows that there are various data management practices that can minimize risk and prevent unauthorized access to data – password protection for computers used; encryption of files; use of firewalls, use of up-to-date antivirus; limited access to data and so on. Good practices can prevent breaches to an extent; however, those handling humanitarian data may find it very challenging to stand up against a powerful and determined attack. This calls for robust measures in place to handle any breach that may occur.