7.3 The Data Protection and Privacy guides from Mercy Corps
13-Sept-2022 3 mins
TABLE OF CONTENTS
- What is it about?
- Why will this resource be useful to you?
- Why is this resource particularly interesting?
🔗 Download the series of guides: here.
What is it about?
This series of guides aims to help you better understand and implement responsible data practices. You will find simple tutorials, policies and guidance documents designed by Mercy Corps and links to other resources.
The guides cover the following topics:
- Understand Sensitive Data: Defines what sensitive data is and provides guidance for its collection and use.
- Privacy Impact Assessments (PIA): Provides details regarding PIAs and the assessment templates required by the Responsible Data Policy of Mercy Corps.
- De-identifying Data: Presents an overview of de-identification (anonymization, pseudonymization, etc.).
- Encrypting a File: Provides a brief overview of encryption and an example of encrypting a file.
- File Sharing Best Practices: Presents an overview of best practices and a brief tutorial.
This resource presents the distinctive advantage to be available in several working languages: English, French, Spanish, Arabic, Russian and Ukrainian (in PDF, and online).
Why will this resource be useful to you?
- As a reference tool to introduce essential concepts related to data protection and responsible data management, including – but not limited to: sensitive data, Privacy Impact Assessment (PIA), Personally Identifiable Information (PII), Pseudonymization, Anonymization.
- As a diagnostic and planning tool for program teams to help them understand the risks related to data management, and to help them design and implement responsible data practices. Concrete examples will help them to better adapt the solutions to the particular context of their intervention. For instance, the “Sensitive Information Assessment (SIA) Template” can be used with a Privacy Impact Assessment to document all additional safeguards being employed for sensitive data.
- As a step-by-step tutorial for implementing data protection measures that may be technical (e.g. anonymizing data, encrypting a file, de-identifying data, etc.). The de-identification guide includes an example of one way to de-identify a dataset using a spreadsheet software.
As a model for designing and implementing a Privacy Impact Assessment – including templates for 5 different situations:
1) New policy 2) New process or procedure 3) New technology or software 4) New vendor or partner 5) New project or program
- As a data protection awareness tool for your organization’s teams.
This resource is intended in particular for program teams and partners, whether they are:
- Staff in charge of writing guides and procedures related to responsible data management
- Technical staff (e.g. staff in charge of anonymizing data, etc.).
Why is this resource particularly interesting?
- Combines multiple documents (simple tutorials, policies and guidance documents, links to other resources, etc.), in a range of formats and languages.
- Designed specifically for program teams and partners for localized content.
- Contains detailed information and practical examples.
- The guides are being made publicly available so you can share it and modify it in order to adapt it to your contextual needs and situation.
- Includes short videos (~5’) that will also help you understand and implement responsible data practices.
- Very recent content (2022), using examples from the news to illustrate the different concepts of responsible data management