Protecting beneficiary privacy: Principles and operational standards for the secure use of personal data in cash and e-transfer programmes

Manual and Guideline
Originally published
View original



The right to privacy through the protection of personal data is not only an important right in itself, but also a key element of individual autonomy and dignity. Protecting and respecting privacy is a strong enabler of political, spiritual, religious and even sexual freedoms. A number of international instruments enshrine data protection principles, such as Article 8 of the European Convention on Human Rights and Fundamental Freedoms2 , and many domestic legislatures have incorporated such principles into national law.

These Principles and Operational Standards have been produced by the Cash Learning Partnership (CaLP) to enable agencies to meet and respect these international standards and in particular to address risks inherent in the use of beneficiary data by agencies engaged in the delivery of cash with a specific focus on e-transfer programmes.

These risks are associated with the collection, storage, use and disclosure of the data of beneficiaries in receipt of cash and e-transfers. This personal data is often more extensive than that gathered in conventional aid distributions and is necessarily shared with, or generated by, commercial partners who assist in the distribution of cash via new technological means.

These risks have, on the whole, gone unrecognised and unaddressed by humanitarian actors. However, as humanitarian initiatives increasingly adopt new technologies to improve the effectiveness of aid delivery, it is vital that standards are put in place to ensure that beneficiaries (who are the very people agencies seek to support) are not exploited, put at risk or disadvantaged by their involvement in cash transfer programmes.

These Principles and Operational Standards are an attempt to establish good practice within the sector for the collection and processing of beneficiary data. For the reasons stated above, they are specifically addressed to managers of cash and e-transfer programmes but may have a wider application. They are not intended to replace or be a substitute for existing organizational data protection or privacy policies but can enhance or complement such policies where these policies do not include protections for beneficiary data or they lack detail. Where organizational privacy or data protection policies do not exist they offer a framework for protecting beneficiary data.

In view of the wide range of potential jurisdictions in which these Principles and Operational Standards might be applied they can only be advisory and do not constitute legal advice. If in doubt about legal standards which might be applicable then it is recommended that independent legal advice is sought. CaLP has endeavoured to ensure that they meet the requirements of some major legal frameworks but cannot guarantee that some countries’ requirements with regard to disclosure, encryption or transfer of data can be met through one set of advisory principles.