15 Aug 2019

The Centre for Humanitarian Data Guidance Note Series, Data Responsibility in Humanitarian Action - Note #2: Data Incident Management

Report
from UN Office for the Coordination of Humanitarian Affairs
Published on 14 Aug 2019 View Original
preview
Download PDF (500.3 KB)

Data incidents are events involving the management of data that have caused harm or have the potential to cause harm. As more data and a greater variety of information systems are used in humanitarian response, there is an increased risk of data incidents occurring in humanitarian contexts.

Humanitarians have not had a common understanding of what comprises a data incident, nor is there a minimum technical standard for how these incidents should be prevented and managed. Without a shared language and clear approach to data incident management, humanitarian organisations risk exacerbating existing vulnerabilities as well as creating new ones, which can lead to adverse effects for affected people and aid workers.

In collaboration with the Jackson Institute for Global Affairs at Yale University, the Centre has developed a Guidance Note on Data Incident Management to help address these gaps in understanding and practice.

KEY TAKEAWAYS:

• Humanitarian data incidents are events involving the management of data that have caused harm or have the potential to cause harm to crisis affected populations, organisations, and other individuals or groups.

• Examples of humanitarian data incidents include physical breaches of infrastructure, unauthorised disclosure of data, and the use of ‘anonymised’ beneficiary data for non-humanitarian purposes, among others.

• A data incident has four aspects: a threat source, a threat event, a vulnerability and an adverse impact.

• There are five steps to responding to data incidents: notification, classification, treatment, and closure of the incident, as well as learning.

