Donors such as USAID have a critical role to play in encouraging greater respect and protection of the data of vulnerable individuals and groups. They can help to reduce data-related risks by bringing a values-based responsible data approach to their work and by supporting implementing partners to improve their handling of data, especially data belonging to vulnerable individuals and groups.
Here are three ways that donors can contribute to more responsible data management:
1. Enhance donor awareness on responsible data practices
Adopt responsible data processes
Adopt processes that take a closer look at the possible risks and harms of collecting and holding data and how to mitigate them. Ensure those aspects are reviewed and considered during investments and grant making.
Conduct risk-benefits-harms assessments
Conduct risk-benefits-harms assessments early in the program design and/or grant decision-making processes. This type of assessment helps lay out the benefits of collecting and using data, identifies the data-related harms we might we be enabling, and asks us to determine how we are intentionally mitigating harm during the design of our data collection, use and sharing.
Importantly, this process also asks us to also identify who is benefiting from data collection and who is taking on the burden of risk. It then aims to assess whether the benefits of having data outweigh the potential harms. Risks-benefits-harms assessments also help us to ensure we are doing a contextual assessment, which is important because every situation is different.
When these assessments are done in a participatory way, they tend to be even more useful and accurate ways to reduce risks in data collection and management. Some examples of risk-benefits-harms assessments include this one and this one.
Additionally, USAID’s newly released Considerations for Using Data Responsibly offer a number of tools and templates that can help.
Provide technical support to grantees
Hire people who can help provide technical support to grantees when needed in a friendly — not a punitive — way. Building in a ‘data responsibility by design’ approach can help with that. We need to think about the role of data during the early stages of design.
- What data is collected? Why? How? By and from whom?
- What are the potential benefits, risks, and harms of gathering, holding, using and sharing that data?
- How can we minimize the amount of data that we collect to serve our objectives, and mitigate potential harms of misuse and wrongful use?
Be careful with data on grantees
If you are working with organizations who (because of the nature of their mission and their operating context) are at risk themselves, it’s imperative that you protect their privacy and don’t expose them to harm by collecting too much data from them or about their operations. Here’s a good guide for human rights donors on protecting sensitive data of their grantees.
2. Use donor influence for responsible data practices by grantees.
If donors are going to push for more data collection, they should also be signaling to grantees and investees that responsible data management matters and encouraging them to think about it in proposals and more broadly in their work.
Find out grantee data needs
Find out what kind of technical or systems support grantees/investees need to better uphold ethical data use and protection and explore ways that you can provide additional funds and resources to strengthen this area in those grantees and across the wider sector.
Increase grantee responsible data capacity
Strengthen grantee capacity as part of the process of raising data management standards. Lower-resourced organizations may not be able to meet higher data privacy requirements, so donors should think about how they can support rather than exclude organizations with less capacity as we all work together to raise data management standards.
Invest holistically in both grants and grantees
This starts by understanding grantees’ operational, resource, and technical constraints as well as the real security risks posed to grantee staff, data collectors, and data subjects. For this to work, donors need to create genuinely safe spaces for grantees to voice their concerns and discuss constraints that may limit their ability to safely collect the data that donors are demanding.
Invest in grantees’ data systems
Invest in grantees’ IT and other systems and fund the operational and human resources that enable these systems to work. There is never enough funding to maintain and updated core IT systems, and this puts the data of vulnerable people and groups at risk.
One reason that organizations struggle to fund systems and improve data management is because they can’t bill overhead. Perverse incentives prevent investments in responsible data. Donors can help grantees and partners work through this to find solutions.
Don’t punish grantees for investing in responsible data infrastructure
Don’t punish organizations that include budget for better data use, protection and security in their proposals. It takes money and staff and systems to manage data in secure ways. Yet stories abound in the sector about proposals that include these elements being rejected because they turn out to be more expensive. It’s critical to remember that safeguarding of all kinds takes resources!
Be patient with pace of change
Remember that we are talking about long-term organizational behavior change. It is urgent to get moving on improving how we all handle data — but this will take some time. It’s not a quick fix because the skills are in short supply and high demand right now as a result of the General Data Protection Regulation (GDPR) and related laws that are emerging in other countries around the world.
Don’t encourage poor responsible data practices
Don’t ask grantees to collect data that might make vulnerable individuals or groups wary of them. Personal data is an extension of an individual. Trust in how an organization collects and manages an individual’s data leads to trust in an organization itself. Organizations need to be trusted in order to do our work, and collection of highly sensitive data, misuse of data or a data breach can really break that trust compact and reduce an organization’s impact.
3) Accept donor responsibility for shaping society
Innovation isn’t an excuse for bad data practices
Don’t use “innovation” as an excuse for putting historically marginalized individuals and groups at risk or for allowing our societies to advance in ways that only benefit the wealthiest.
Respect local norms and cultures
Support partners that put rigor in understanding people’s relations to data in the context of local norms and culture, and in the unique rites of passage that their society is experiencing in its development journey.
Take a rights-based approach to data
Take a rights-based view of personal data, and commensurate obligations of duty bearers in ensuring proper conduct in its access and utilization.
Check out this curated list of Responsible Data resources for additional ideas and orientation!
By Linda Raftree, Independent Consultant on Responsible Data and Syed Raza, Senior Director, Data for Development at DIAL.
This post is based on the Responsible Data for Philanthropists post published on April 3rd, 2019
The original post can be found on ICT Works here.