Every year hundreds of people come together for the Monitoring, Evaluation, Research, and Learning (MERL) in Development Tech Conference. The MERL Tech Conference – this year hosted in Washington, D.C.— brings together practitioners, from a number of international development sectors, to exchange ideas on innovative ways to use technology to collect, analyze, and use data.
My colleague, CIPE Senior Evaluation Officer Denise Baer, and I attended the conference in search of ideas of how to best handle the “responsible data” CIPE collects from its partners. We also partnered with representatives from Sonjara, The Engine Room, and Reboot to co-lead a conference session entitled “The Lifecycle of Responsible Data.”
Responsible data, as defined by the Responsible Data Forum, is:
“The duty to ensure people’s right to consent, privacy, security and ownership around the information processes of collection, analysis, storage, presentation and reuse of data, while respecting the values of transparency and openness.”
Most (hopefully all) practitioners who conduct human subject research understand the rights of human subjects and the ethical guidelines surrounding human subject research.
In today’s digital age it is more important than ever to put in measures to prevent malicious use of data and protect the identities of the subjects, and somewhat ironically, one of the ways an organization can demonstrate its integrity, is by keeping its data open for validation.
During our session on the lifecycle of responsible data, I sat with a group of conference participants who discussed the challenges of designing a project while incorporating the principles of responsible data. Here is what they said:
- Balancing data security and transparency: Finding a balance between data security and openness in the design phase of a project is difficult. One of the largest challenges is making decisions in the design phase that may affect the rest of the project. Ensuring that data collection is ethical throughout all stages of the project, that there aren’t legal concerns, and that necessary data is confidential but also transparent can be hard to do.
- Competing interests: The number of people involved in the design of a project and their competing interests can complicate how data is treated.
- Unknowns: Unknowns are exactly that – things that cannot be foreseen during the design phase of a project. Whether assumptions will remain valid or if the context of the project will stay constant can have effects on the data reported.
- Getting ahead of the curve: Monitoring and evaluation (M&E) teams need to “hit the ground running” but in many projects, M&E tools are still being developed while the baselines are already being conducted and activities implemented. This leaves little time to fully think through a responsible data plan.
However, these challenges are not insurmountable. The same group was able to come up with strategies to mitigate issues surrounding responsible data during the design of a project. One way is to submit all research involving human subjects to the Institutional Review Board Process. Doing this will help protect the rights and welfare of human subjects and reinforce the principle of informed consent.
A number of strategy suggestions involved lessening the risk of data would not being used responsibly. These included:
- conducting a risk assessment to determine when the data would be most vulnerable
- keeping sensitive data offline
- “blurring” sensitive data from the beginning stage so that a person’s privacy would remain intact but data could remain open
- using proxy measures that are not directly associated with any individual
A final suggestion was to hold weekly data meetings. Data meetings could help M&E practitioners build mechanisms for responsible data into their tools during the early stages of project implementation.
However, it is worth noting that there was debate surrounding who should participate in these meetings – one participant suggested that more stakeholder involvement would increase transparency while another cautioned against stronger stakeholder voices dominating the conversation.
We closed the discussion on the topic of resources and best practices for responsible data and project design. During the discussion, it was suggested that data collection should be put in the hands of the beneficiaries. I think all people working in development agree that one of the easiest ways to gain buy-in and ensure the sustainability of a project or program to build local capacity to manage the project in the future. Training beneficiaries to collect and maintain data would not only build the capacity of the beneficiaries, but also alter (and hopefully alleviate) some of the power dynamics.
On the subject of security vs. transparency, it was noted that an important best practice is weighing benefits versus risks to figure out what really needs to be reported on. Over-reporting is not just a security issue, but also a waste of time and money. By only collecting necessary data, there’s an increased chance that the data can be shared while maintaining the confidentiality of the subjects. A tool like the Privacy Impact Assessment template can help the implementer identify and assess privacy risks throughout the lifecycle of a project.
In short, there are a number of reasons why including data collection in the design of a project is important (accountability, monitoring progress, assessing results, learning), but equally important is balancing the privacy of project beneficiaries while being transparent about results.
Building mechanisms for responsible data into a project’s design is not only ethical, but helps maintain the credibility of the M&E practitioner and project implementer.