Data protection in humanitarian action
A handbook, revised and released in 2020, that offers data protection principles for humanitarian organizations.
An organization’s data protection policy should begin not with technical data protection protocols (which of course are important), but with the starting point that the only data that should be collected and retained is that which are necessary. Less data, less risk. Not rocket science. The benefits of this minimalist approach holds true across contexts, but it’s particularly important for humanitarians that collect considerable amounts of data from people who are at their most vulnerable during times of armed conflict. This HANDBOOK ON DATA PROTECTION IN HUMANITARIAN ACTION offers data protection principles for humanitarian organizations to put into action.
Additionally, the ICRC has it’s own data protection framework based on its Rules on Personal Data Protection (revised in 2020).
When it was released:
Now, around 120 countries have data protection laws or some kind of statutory requirement concerning privacy. As new technologies emerge and the world becomes increasingly interconnected, it is possible to process ever increasing quantities of data faster and more easily. Yet the potential for intrusion into individuals' private sphere is also becoming more significant.
The ICRC, as a trusted manager of personal data in challenging environments, applies data protection standards that preserve the integrity, confidentiality and availability of personal data, and respects the rights, freedoms and dignity of the individuals it interacts with and whose data it processes.
The ICRC Rules on Personal Data Protection were adopted in 2015. The Rules take account of relevant legislation and the specifics of the ICRC's mandate. They also ensure that the organization safeguards personal data even in the most challenging circumstances. The Rules were revised in 2019 in light of recent regulatory, social and technological developments in the field of data protection.