Link Search Menu Expand Document
Responsible data management toolbox

6.5 Keep, classify, access

13-Sept-2022 12 mins Share on social networks


TABLE OF CONTENTS

Case study: unstructured database study: unstructured data

The situation

You have just taken a new position. You are given a computer, as well as 2 hard drives and a USB key. When you first consult the computer, the USB drive, the hard drives, it is impossible to identify a logical structure tree in the files. You find some files in a survey directory, others in a reporting directory, others in a tool directory etc…

What are the potential risks?

  • Incorrect analysis
  • Loss of data, loss of time
  • Misuse of resources

What to do?

The first of the limits is the amount of time you can dedicate to sorting, and your immediate needs regarding the organisation’s documents.

If you do not need past survey documents, or other files that include pre-existing data, archive all the documents in an “archive” directory and build a consistent structure from the outset that will allow you to work efficiently while reconstructing the thread of previous documents step by step.

If you identify a form of logic, especially if there are 2 majority authors for instance, you can search for documents by author (do not hesitate to visit this site or others for search tips to perform them more efficiently) to try to facilitate your search and thus classify documents more easily. It is also usually possible to identify recurrences in the way files are organised by a person.

How could the situation have been avoided?

To avoid this type of mishap, both time-consuming and ineffective, it is essential to define a shared tree structure within an organisation, preferably shared and used by all, at least up to the 2nd level. (i.e., that at least the first directories, and then the directories displayed within them, are standardised).

This allows you to link personalised approach (since workers can organise themselves within this standard) and standardised, so as to facilitate transfers, limit search times, make handovers easier…

If there is no need for a specific tree structure at work-computer level, ensure however that any sharing and archiving platform is organised according to a structure known and understood by all. Otherwise, you will find files that have nothing to do with one project in those of another, or the results of a survey in different folders depending on users, which will generate a waste of time and energy.

Case study: illegal use by a private actor

The situation

Your Head of Mission encourages you, as regards the IDP Support Project that you manage, to work with a cash transfer provider that has been recommended by the donor/local public authorities.

After a few weeks, you discover that the provider has used your database to find the location of people in debt at home before they were displaced, and that they are taking advantage of the situation to draw directly from the cash program the funds owed by the persons concerned, without informing them.

What are the potential risks?

  • This is a data disclosure or “data breach”
  • Targeting of a vulnerable population
  • Disclosure of personal and sensitive data that does not comply with humanitarian and data protection principles
  • Reputational risks, loss of confidence of affected beneficiaries vis-à-vis the NGO

What to do?

The first step is of course to prevent the populations concerned of the illegality of the operation affecting them and to work with your legal department to find a solution with the supplier to resolve the situation. It is also important - to the extent possible - to communicate with other actors at risk regarding this practice you have been confronted with.

It is necessary to identify an alternative, or a different money transfer provider in case the organisation has to suspend its contract with that service provider.

Beware of the consequences of suspending the contract too abruptly or being tempted to lodge a complaint against this private operator. Given that the money withheld comes directly from the donor, it may be useful to inform them of the situation.

How could the situation have been avoided?

Given that what the provider is doing is illegal if your contract has been well crafted on the rights of the provider regarding the data that its tool allows to collect (with a “data sharing agreement” / “non agreement disclosure”), beyond having made a meticulous risk analysis on this subject / a reference check with other actors and institutions of the serious nature of the supplier, not much more could have been done.

Making sure that your organisation is involved in thematic discussions between stakeholders in the sector (on this issue, the work of the CALP- Cash Learning partnership) could have given you a better knowledge of the possible safeguards to set up.

If you do not have legal bases, your organisation may have a contract with a lawyer who can advise and guide you on the commercial law of the country of intervention and the contractual clauses. If this is not the case, it may be time to take such steps.

Drawing on this experience may provide an opportunity to review your contracts and engage in discussions on the proper respect of humanitarian principles and data protection with your service providers.

Case study: departure on bad terms

The situation

Following a disagreement over his salary, one of the people in your team who has access to sensitive data on very vulnerable populations (orphans in an area at risk of human trafficking) leaves the organisation on bad terms. You find out that he often used his personal computer - more powerful than the computer made available by the organisation - and that he therefore has access to many sensitive databases that he had downloaded to the latter to work in good conditions, and that were not always backed up on the shared server.

What are the potential risks?

  • Loss of data, theft or destruction
  • Loss of control of what can be done with such data
  • Risk of extortion, “a sword of Damocles” on the beneficiary populations concerned and the organisation responsible for this data

What to do?

This is a case of negligence that exposes the organisation to many more or less hypothetical problems.

In the immediate future, it is essential to block or change access to the databases to avoid any new connection by this employee and to prevent any further loss or damage.

It will be necessary to investigate and try to establish a list, as exhaustive and as precise as possible, of the data to which the person could have access, as well as any missing bases on the shared server. On this basis, it will then be necessary to identify the risks of disclosure or misuse and weight using a probability index. Indeed, your former employee can be on bad terms with the organisation whilst remaining a resolute humanitarian who would never jeopardize beneficiaries.

Follow-up actions will depend on the results of your risk analysis. Chances are that the consequences of this negligence will be quite time-consuming to mitigate.

How could the situation have been avoided?

Confidentiality and respect for vulnerable populations are part of humanitarian principles so this goes without saying and it is expected that whatever the reasons for disagreement between an employer and their staff, a certain individual ethics is required. Do not shy away from pointing this out.

These elements are generally included in a charter, a code of conduct, a code of ethics or a privacy policy, or the employment contract.

In addition, it is of course necessary to implement all mechanisms for securing work tools: prohibition of the “bring your own device,” provision of sufficient quality computer hardware, security by passwords and restricted access to tools and platforms, procedures associated with local data storage, possibility to close access remotely, etc.

Case study: lost data

The situation

You are headed to the office of another organisation for an inter-NGO coordination meeting that will last all day. At lunchtime, you leave the room leaving your computer. When you return 2 hours later, several computers have disappeared.

What are the potential risks?

  • Loss of data, theft or destruction
  • Loss of control of what can be done with such data
  • Risk of extortion, “a sword of Damocles” on the beneficiary populations concerned and the organisation responsible for this data

What to do?

  • Immediately notify your colleague in charge of IT and equipment so that he can react and take control of your email accounts, etc.
  • If you work with collaborative tools, it will certainly be possible to disconnect your computer from all shared tools and thus prevent any intrusion by the thief. If your data is backed up on one of these collaborative tools, the chances of data loss will be lower.
  • However, if you keep your data on your computer locally and have not archived your data recently, you will have lost several days, weeks or even months of work.
  • The severity of the theft, apart from the market value of the computer, will depend on what was stored there.
  • Lodging a complaint with the police will be required to activate the insurance.

How could the situation have been avoided?

Do not leave your equipment vulnerable to theft. Stay alert. When you leave a room, make sure it will be locked during your absence, or ask to store your computer in a drawer or closet that can be locked, or suspend your computer with an anti-theft device, or finally, take it with you.

Even if your computer does not contain personal or sensitive data, even if access can be suspended in minutes, the organisation will lose both money and time to handle this situation.

Case study: access request to sensitive data from a program manager

The situation

A program manager requests access to beneficiaries’ monitoring records for a project centred on ‘Child Protection’ for which she is responsible. These files contain personal and sensitive data about children benefiting from the program, yet her role does not require a level of data access such as this (‘need to know’).

What are the potential risks?

  • Disclosure of personal and sensitive data that does not comply with humanitarian and data protection principles
  • Non-compliance with the ‘need to know’ principle and access to personal and sensitive data that is not in line with humanitarian principles and responsible data management

What to do?

This is a situation that may seem legitimate at first and which is obviously tricky since the request comes from a hierarchical superior. In this situation and given the sensitivity of the data, such a request must be argued in writing to demonstrate that access to this data is necessary to do their job.

If possible, ask for advice from a Data Protection Officer who can enlighten you on the principles and “best practices” in terms of responsible data management. The program manager may indeed need some information but not full access In that case, establish with the DPO or a superior the nature of the data that is needed.

How could the situation have been avoided?

There are no universal rules to define your data protection needs, each situation being different in terms of context (political, legislative, technological, ethical, partnership…), and risks.

Training teams on the principles of responsible data management is essential to dealing with these situations. But bear in mind that the purpose of these training courses is not to establish fixed rules, which can quickly be out of step with contextual reality, but rather to ensure that all teams are aware of potential risks and have the reflex to ask the right questions at the right time when analysing the situation.

Key resources

OCHA recommendations: