The interface of information security, risk, and privacy on the humanitarian frontline
With natural disasters and man-made conflicts continuing to define global spaces, emergency response NGOs delivering aid and assistance are tasked with helping growing volumes of people affected by these life-changing events. Deployed to some of the most chaotic environments imaginable, aid organizations rely on data from the field to complete their missions successfully. The majority of this data, which is subsequently shared with others within an organization as well as with implementing partners, and others circulating the humanitarian sphere, is in part comprised of personal data from the beneficiary community. Yet, the ways and degrees to which NGOs protect this personal data – much of it sensitive, has been reported as insufficient to effectively protect it from breaches and malicious activities by growing numbers of cyber threat actors. It follows therefore, that robust and responsive data protection and information security protocols are much needed to effectively protect humanitarian data. As such, the NGO community has created a series of data policy documents, yet until now little was known about whether the instructions therein were successfully practiced or actionable in the field by aid workers. By analyzing the data protection policy documents from ten NGOs working under the United Nations Cluster System, followed by an e-survey of aid workers and follow-up interviews, this dissertation explores the protective provisions made by NGOs and for the first time it is believed, provides a platform for aid workers to share their views and experiences on related issues. Using findings, this study also provides actionable data privacy and protection recommendations for NGOs and the broader humanitarian sector.