This is the fourth in a series of blogs sharing lessons learned from a collaboration between DataShift and the SPEAK! campaign and the resulting conversations about data management practices among diverse organisations working to overcome social divisions around the world. The series aims to show that sound data management is built on common sense and available to everyone, no matter their level of technical expertise; to get readers thinking and talking about data; and to encourage conscious decisions about its creation, use, protection and disposal. Click here to read the earlier blog posts.
Once data has been created or collected, it is used for running an organisation’s programs. It needs to be adequately protected and used responsibly during this process. And in order to protect something, you need to know what it is, where it is, and how valuable or sensitive it is.
During SPEAK! 2018, campaign partners organised dialogue events to overcome division around the world. We used a loose script of questions designed to get them talking about how they work with data, and to help us design support that would meet their needs. The following questions from the script dealt with the next stage in the ‘data lifecycle’ – dealing with data responsibly while it is in active use.
These conversations made us reassess some assumptions. Perhaps due to our team’s biases (we are all digitally literate and based in the global North), we had been thinking of data primarily as digital data, but conversations with partners in Syria, Turkey, Uganda and Argentina showed us that paper is still used by many organisations, for simple ease or because of a lack of funds to buy computers or low computer literacy among some staff. Most of the principles in these blogs will apply equally to paper files as to digital ones.
What policy, if any, do you have in place to deal with your data?
Policies can be formal or informal. Even if there is no written policy in place, are your partners thinking about how to deal with their data responsibly? Conversely, there may be a beautiful policy that is stored in a cupboard and ignored. Discussing the policy can be a way to formalise and validate it, or to notice if it is illogical, not fit for purpose, or is being disregarded.
Where is your data stored?
On the organisation’s computers and mobile phones? At an onsite server, or rented server space, elsewhere? On staff members’ own devices? At internet café computers? In cloud services, or email and messaging applications? What about paper files? Is it in the public realm? Data tends to spread to more places than one might expect, and once it has left your organisation, it is very difficult to have any form of control over it.
Who can access the data?
Can all staff access all data? What about volunteers? What data is available to the public? Overall, sensitive data should be accessible on a need-to-know basis: that is, only staff who need a piece of data to complete a task should be able to view it, for the amount of time they need it for that particular task. Furthermore, staff or volunteers need to understand for what purposes they are allowed to access the data. In a large organisation, the IT department may have a sophisticated access control system, or in a more paper-based organisation it may be as simple as the manager keeping hold of the keys to the filing cabinets.
It is a good idea to have a clear conception of where your data is located, how important it is and who has access to it. A data mapping exercise can help you achieve this by getting a grasp on what data you have and where it is kept, which in turn will help you to protect it and to plan for archiving or deletion when it is no longer in use – check out our online course for more on how to carry out a data mapping.
The next blog in the series will look at assessing the risks your data is exposed to.
These blogs are based on the publication How to talk about data? Learnings on responsible data for social change from the SPEAK! campaign, and this work was made possible through a Digital Impact Grant by the Stanford Center on Philanthropy and Civil Society.