Last year we worked with the Norwegian Refugee Council (NRC) and the DIGID consortium to map risks and threats related to data sharing in humanitarian CVA – part of a broader initiative focused on interoperability and data sharing in the humanitarian sector.
The results of our research were published near the end of last year – you can download it here:
This report aims primarily to support decision-makers involved in considering, evaluating or building new technological approaches to data sharing in CVA contexts.
There is, however, much in there that is relevant (and hopefully useful) to a much wider audience: anyone who handles data in the course of their humanitarian work, in any capacity, should find something in there that widens their understanding of where the data they’re collecting could end up, how it might be shared or used beyond what was originally intended, and how this could affect the recipients of CVA – the data subjects.
To this end, the report:
- Outlines a broad array of stakeholders, interests, legal considerations and technical and economic factors to take into account when handling data about those receiving assistance.
- Looks at the types of harms that misuse or leakage of data can lead to for the people receiving humanitarian assistance – sometimes many years down the line.
- Reports back on insights derived from our conversations with key practitioners in the field, including experts in digital security and responsible data, people with deep knowledge and experience of humanitarian operations, data privacy and legal experts, and others.
Technical mitigation measures
Part of this research also involved looking at what potential technological approaches might be able to mitigate the risks involved in collecting, storing and sharing CVA data.
In this report, we offer an overview and explanation of some of the mitigation technologies that surfaced in the research, and present key questions that should be asked in the context of specific deployments.
These are designed to support decision-makers to better understand and determine how much protection that specific technology is likely to be able to provide in a given context – or whether it’s even feasible to deploy in the first place.