8. Follow The UNDP Data Principles
This standard is linked to the following Principles for Digital Development: Address Privacy & Security.
Due to UNDP’s global work, we cannot take an informal approach to the data lifecyle.
UNDP already has a set of Data Principles that every project must adhere to:
- Safeguard personal data
- Uphold the highest ethical standards
- Manage data responsibly
- Make data open by default
- Plan for reusability and interoperability
- Empower people to work with data
- Expand frontiers of data
- Be aware of data limitations
The critical risks with data collection are:
- Security issues and vulnerabilities that leak data to malicious third parties
- Collecting unnecessary personal data that is used
- Oversharing collected data with authorised third parties
- Breaking local privacy laws in the countries where we operate
UNDP should manage data responsibly and effectively through the data lifecycle from collection to sharing, to maximise the value of data. Work with data experts to limit the collection of personally identifiable data and manage storage.
Be clear about:
- who owns it
- who can access and manage it
- what it can and cannot be used for
- where, how, and with whom it will be shared
- how it will be collected continuously
Assume your product has security issues. Work with cybersecurity experts to embed privacy and security in the design and audit the final code and infrastructure.
Do:
- Have a third-party security audit on your product
- refer to the data guiderails to verify your solution complies with UNDP Data Principles
- Ensure that the process aligns with the policy and procedures available on data privacy and information classification
- Minimize the collection of private data
- Check the data catalogue available to leverage the existing datasets to avoid collecting information that already exists
- Get specific consent from users, and ensure that they know what data you are collecting and how it will be used
- Plan for reusability and interoperability through using standards
- Allow users to request to delete their data entirely
Don't:
- Start capturing data without defining its ownership, management and use.
- Capture personal information and data without user consent
- Share personally identifiable information with third parties without user consent
UN Resources
- UNDP Data Principles
- UNDP Data management guiderails on data lifecycle
- Data Innovation Risk Assessment Tool UN Global Pulse
- Conducting Mobile Surveys Responsibly, World Food Programme (WFP)
- #8 Follow UNDP Data Principles - Definition Canvas
To Watch
To Read
- GDPR Compliance Checklist
- Find Guidance on Cybersecurity: Explore the UN portal for guidance on digital capacity development
- Responsible Development Data Book
- Responsible Data Management, Oxfam.
- The Hand-Book of the Modern Development Specialist: Designing a Project, Responsible Data Forum.
- Data Protection, Privacy and Security for Humanitarian & Development Programmes, World Vision International.
Case Studies.
- ICRC Cyber Attack is Our Constituent Data Management Nightmare A sophisticated cyber security attack against the International Committee of the Red Cross (ICRC) servers exposed sensitive, personally identifiable information of 515,000 people in the Restoring Family Links program that seeks to reunite family members separated by conflict, migration, disaster, or detention.
- Read about the potential pitfalls of shiny solutions that do not intentionally disrupt biases and exclusions. Learn about how following the Digital Development Principles and UNDP Digital Standards can support you in embedding ethical considerations within the design to protect privacy and security.