While applications of data have the potential to enable organisations like Oxfam to be more needs-driven and responsive, data also has the capability to put communities at risk if the related processes are not responsibly designed or managed. Adopting meaningful approaches to data security and ethical methodology is not a new effort within Oxfam, or in the broader development community. However, the rapidly changing digital landscape is presenting new challenges and opportunities that require Oxfam to react and alter the way we collect, store, manage, use and dispose of data responsibly.
That’s why we at Oxfam are working on a Responsible Data Policy, which is a starting point towards ensuring that our staff have appropriate guidance and support in order to adopt better data practice. I have been participating in a working group at Oxfam whose target has been to develop a policy that will encourage responsible data for all Oxfam programming from humanitarian, to campaign and long term development work.
I remember very clearly when the group who were developing the policy for Oxfam had a light bulb moment – you could sense the energy in the room. It came when rather than focusing on Oxfam’s commitments and responsibility, we reframed the whole question and policy in terms of the rights of those who data is about. As a rights based organization, Oxfam is committed to using data responsibly in order to uphold the rights of the individuals, groups and organizations with whom we work.
Oxfam’s Responsible Data Policy involves ensuring we obtain informed consent from those who have shared their data, not collecting unnecessary or potentially damaging data, and protecting privacy through anonymization, restricted access or encryption. Furthermore, it includes the responsibility to fairly represent the contributors of the data in analysis and perhaps involve them in the process of how data is used by adopting less extractive and more empowering methods.
We also added a statement that “This policy should not be seen as restricting or discouraging, rather to enable the invaluable contribution that data makes to the quality of our work, enabling accountability and allowing us to raise the voice of those with whom we work.“ This helps us communicate the importance of the policy to others. We also recognize that the policy has implications far beyond Oxfam – the way we employ our Responsible Data Policy has the potential to influence how our partners and other stakeholders with whom we work think about and manage data.
By sharing our process at Oxfam about how the policy has evolved and integrated into our methodology, we hope we can start a conversation to relate to other agencies going through a similar process. The development of the policy has been a multi-step process and the work is ongoing, but here’s a snapshot of what we have done so far:
1. Find out what already exists – First we did a review to figure out what resources and support are available. We often refer to ICRC’s Protection Standards, Save the Children’s guidance on working with children and UNICEF’s advice on research ethics. A number of relevant Oxfam guides already exist, but they need updating to ensure their relevance in light of new realities.
2. Define the scope – We knew the policy had to focus on good practice throughout the data cycle, from the design of the data collection process, through the storage analysis and use of results, and finally to the disposal of the data. We had to make sure we had clear focus and scope, so we decided not to cover ethical research methods that we already have guides around (for example on control and comparison groups). At first we called the policy Data Ethics, but we soon realized this placed too much emphasis on the methodology and not enough on the full scope of related data processes.
3. Check in with others – After we got a draft on paper, Oxfam went to RDFBuda, the M&E Tech Series in the US and The London Tech Salon on “Data for Development.” Not only did these events help us figure out where we can access the expertise we need; meeting others helped us feel like we are not alone as we engaged more deeply in the responsible data community. We helped to develop a working definition of responsible data at RDFBuda, which resonated so much that we named our policy the “Responsible Data Policy”.
The responsible data definition (produced at RDFBuda, September 2014)
The duty to ensure people’s rights to consent, privacy, security and ownership around the information processes of collection, analysis, storage, presentation and reuse of data, while respecting the values of transparency and openness.
4. Consultation and policy development – Immediately after RDFBuda, Oxfam colleagues met to work on the policy. It was crucial for us that this group was cross affiliate (Oxfam is made up of 17 groups) and had representatives of various roles within the organization (M&E, ICT, Researchers, regional perspectives) to include their support and insights from the outset. We included specific considerations for humanitarian response and gender issues.
5. Communication and buy-in – We used the opportunity of our existing Monitoring Evaluation and Learning (MEL) structure to jump on a meeting in Delhi where colleagues commented on the working draft. The group appreciated the rights based approach that underlies the policy elements, and recognized the growing need to put a policy in place. This meeting was a breakthrough – it showed the undeniable need and consensus this is something we need to work on – but also affirmed concerns about practical implications and accompanying guidance and support. Now we have a plan to tell the whole organisation about the importance of this initiative without using too much jargon. We are taking steps so that it can be embedded into existing guides on best practice methodology.
6. Ensure staff have support and guidance – Without guidance and support to enable staff to put recommendations into practice, the policy is relatively meaningless. The policy is just the beginning, our next steps include the development of minimum standards, operational guidance and drawing on the expertise of others to support the implementation of the policy in reality.
Responsible data is an undeniable issue affecting the way development is evolving and we’re sure that we are by no means the only agency facing responsible data challenges or the only agency with requirements for better guidance. So our next step is that we want to invite other like minded NGOs to work with us in an honest space to share approaches, challenges and concerns. We are hoping to organize an event with the engine room to host a conversation and to share learning on approaches to responsible data. So if you are thinking about similar challenges in your work or developing a policy along these lines, please get in touch through the comments.
Overall we have to remember that protection of data is not just an issue about technology and functionality, it is an issue about well designed content and methodology. Data has the potential to empower and allow us to be more responsive, as well as holds the risk of potentially damaging consequences. By designing effectively and responsibly, we can enable the invaluable contribution that data makes to the quality of our work, upholding accountability and allowing us to raise the voice of those with whom we work.