Principles for Design & Development

Community Insights on Principle 8: Address Privacy and Security

icon-principle8UN Global Pulse hosted the eighth Principle for Digital Development event on “Address Privacy and Security” on May 8, 2015 at the United Nations Secretariat Building in New York. The interactive session included panel discussions on the topics of Privacy and Security, followed by a small group discussions around barriers to effective implementation and strategies to overcome them.

Highlights of the discussion are captured below.  Does this content resonate with you? Are there aspects of the discussion that you would modify? Join the discussion using the comments section on this page.

  • Technology confers access to information, and access to information confers power. Privacy needs to become an inseparable part of all tech-supported development.
  • By generating data about individuals’ identities, behaviors, activities, and locations, technology opens the door for unintended and unanticipated outcomes that can lead to significant risks, particularly for the most vulnerable populations.
  • Beyond keeping user’s personal information private, and data that is collected secure, addressing privacy and security is about respect for and protection of the individual producers of data, and preserving their fundamental human rights.
  • The integration of digital tools into international development is requiring new principles, policies, and practices with regard to to data privacy and protection. This is particularly true in an era of big data.
  • Think about privacy and security from the beginning and embed it into project and program design. Any checklist or set of best practices is just the start; protecting privacy and security requires expert guidance and meaningful implementation.
  • Threat assessments/modeling can help inform policy and guide the development of appropriate privacy and security measures that reflect the unique, local needs of your program, and the type and sensitivity of data you’re dealing with.
  • Identify a point of contact within your organization who can discuss how your organization handles privacy and security, and answer data producers’ questions.
  • Create a governance structure that deals with accountability and enforcement.
  • Ensure staff have guidance and support, and that privacy and security guidelines are understandable and usable by staff and contractors.
  • When thinking about data use, consider context, which can include societal, political, regulatory, community norms, likelihood and magnitude of harms, and other factors. Assess privacy risks and possible harms resulting from data use, and assess the risk and possible harms of not using the data, in, for example, emergency situations.

Privacy

  • Privacy concerns how we control access to personal information/data, including the extent, circumstances, and effects of sharing.
  • Even anonymized and aggregated information can lead to individual re-identification.
  • Privacy is a fundamental right that enables trust in institutions and the protected expression of opinions. It is particularly important where civil society is under attack In this context, privacy is an enabling right: it is free expression, and a basic building block of development.
  • Some basic principles of privacy: Be proactive, not reactive; treat protection of personal data as a default setting; embed privacy into design; offer end-to-end security for personal data; be transparent about how data is collected and used; be responsive to concerns and queries; ensure data accuracy and confidentiality.
  • Ensure that personal data is being used for a specific, fair, and justified purpose. Consider that data use should be necessary and proportionate to the identified and consented to purpose
  • Consent should be obtained whenever personal data are gathered, and careful consideration should be given to data reuse.
  • Consider consent versus understanding versus choice. People can be overwhelmed by information. Even where people understand, sometimes consent is not choice unless there are meaningful alternatives.
  • Transparency should be an ongoing commitment. Transparent policies with a description of data processing flows should be one of the first steps. Individuals should receive regular notice about when and how their personal data are being used, who their data are being shared with, and who has requested their data.
  • When defining control and use of data, organizations should consider the principle of minimization, which says data processors should collect only essential data, keep data for the minimum possible time, and destroy the data when they are no longer needed.
  • Acknowledge that there is a fragmented international regulatory landscape with regard to data privacy and data protection, data collection, and data re-use, with patchy accountability and enforcement cooperation. It is critical to do a landscape of the individual country in which an organization is working.

Security

  • Information security is about controlling who has access to data and under what circumstances. Measures can include checklists, technical tools like encryption, and policies governing authorized users who can validate and access information.
  • Know all the touchpoints and organizations that will handle data apart from your own. Consider privacy and security in the transfer of data, particularly across international borders, as well as in the outsourcing and subcontracting of data.
  • Consider that the use of shortcodes and SMS often mean that any information shared over mobile telecommunication channels may be shared with or accessed by other parties, such as third party aggregators, marketing companies, or government agencies.
  • Include security requirements with functional requirements, such as use of: initial configuration where default settings may not be sufficient; security testing, updates, and maintenance; minimally privileged accounts; strong passwords; and validation of all user-provided inputs.
  • In using big data: Do think carefully, adopt a risk-based approach, minimize data collection and storage, limit data use and distribution to what/whomever is essential, aggregate data to broad bands (eg. birth month or year instead of full date of birth), discard extremes, randomize, add noise, and use differential privacy. Don’t use simple hashes, redact in a way that can be undone, or use ad hoc methods.
  • Remember that technical security measures are only as strong as the human users of the technology. Design security that is usable in the contexts where the technology is used.
  • Recognize that there is still a gap between available technologies and best practice, such as the lack of standards and methodologies for the use of anonymized data.
  • The move to the cloud will further complicate some of the issues. There is not yet a universally binding resolution covering all countries in the context of cloud computing.
  • Balance privacy and security measures with expected risks and benefits. Aim to support both the analytical benefits of data with protection of producers of those data.

You can also download a PDF of the Community Discussion here.

Leave a Reply

Your email address will not be published. Required fields are marked *

Digital Principles