Data Use Policy

Purpose

This data policy sets forth PeaceTech Lab’s approach for data collection, storage, processing, and dissemination. Because PeaceTech Lab works in conflict-affected communities, this policy recognizes that there is a need for a high degree of sensitivity in the data lifecycle. PeaceTech Lab is committed to protecting the rights of the individuals and organizations with whom it works, which requires ensuring the safety, respect, privacy, and dignity of people who provide data to support the Lab’s programs. Along these lines, this policy recognizes and addresses concerns surrounding secure storage of sensitive data. For data dissemination, this policy emphasizes a transparent, open data approach balanced by a “Do No Harm” mandate.  

 

Scope 

This policy pertains to all of the Lab’s programs, and is designed to enable the Lab and its partners to take advantage of opportunities to gather insights through data gathering and analysis while ensuring responsible and ethical practices. This policy covers all of the Lab’s data collection efforts as well as the transmission, storage, analysis, and dissemination of this data through visualizations or open datasets. It shall be upheld for all projects in which PeaceTech Lab retains control over data processes. PeaceTech Lab is responsible for ensuring that all staff and external partners comply with this policy and all standards and guidelines that pertain to the policy. 

 

Definitions

  • Data: The physical representation of information in a manner suitable for communication, interpretation, or processing by human beings or by automatic means
  • Open Data: Data that can be freely used, reused and redistributed by anyone - subject only, at most, to the requirement to attribute and sharealike
  • Informed Consent: Provision of sufficiently detailed information on a study to participants in data collection efforts so that they can make an informed, voluntary and rational decision to participate 
  • External partners: Organizations and/or individuals engaged in collaborative work with PeaceTech Lab

 

Policy Statements

Policy statements are categorized using elements of the data management lifecycle, including data collection, storage and processing and dissemination.

 

Data Collection

  • PeaceTech Lab and its partners will: 
    • Not put participants at risk as a result of data activities. All data collection activities will include a risk assessment and mitigation approach that includes physical, psychological, social, and political considerations.
    • Assess and mitigate risks to ensure each participant’s right to privacy in the collection and treatment of data, and fulfill its responsibility to protect the identity of those providing data, unless otherwise agreed to in informed consent.
    • Respect each participant’s time and personal dignity by only collecting data that is essential to the purposes of a project, and in a manner sensitive and appropriate to the local context, and after ensuring that participants are fully informed to the extent practicable about the project, data lifecycle, and associated activities.
    • Make all reasonable efforts to ensure adequate representation of vulnerable and marginalized populations in information it collects.
    • Mitigate and minimize the impact of barriers to active participation of women to ensure that their voices are heard and their experiences and opinions are fairly represented. 
      Inform participants of potential long-term secondary uses of the data to update relevant PTL risk indices on peace and conflict. 
    • Assess the risks associated with using datasets collected by third parties prior to incorporation and use within the OSRx.  To the extent practicable, the risk assessment will include risks to the initial data collection subjects. 

 

Data Storage and Processing

  • Peacetech Lab and its partners will:
    • Only collect and store the minimum necessary personally identifiable information, and will keep this information no longer than is absolutely necessary.
    • Secure stored data from external intrusion by providing only roles-based controls with limited, authorized access to sensitive data.
    • Maintain a pedigree for all data processing actions.
    • Anonymize data provided for dissemination, including those provided by third parties for use with OSRx services prior to sharing, including stripping of metadata in both documents and media.

 

Data Dissemination

  • PeaceTech Lab and its partners will:
    • Apply the “Do no harm” principle in assessing and mitigate the risks associated with the visualization and dissemination of data.
    • Provide the option and capability to download associated data required to produce visualizations
      Support and use open data standards, and document the use of APIs to ingest and visualize publicly available datasets 
    • Share data through a Creative Commons Attribution-Noncommercial License (CC BY-NC)
      Based on risk assessment, datasets developed by the Peacetech Lab deemed too sensitive to be released will not be provided to external partners, including PeaceTech Lab partners. 
    • Develop tailored views of the information for specific audiences, including corporate partners of the PeaceTech Lab, but will not release datasets private that is are not made available to the public. 

 

Consent in Data Collection Considerations

Participants in data collection for PeaceTech Lab or its partners should be fully informed about the data lifecycle and capable of making a decision about their participation in any data activity. For the PeaceTech Lab, this will require: 

  1. Informed Consent: PeaceTech Lab will take steps to ensure to the extent practicable that participants fully understand the process and purposes of the data lifecycle and any risks involved before obtaining information from participants. The Lab will also explain security measures involved in retaining the data and limitations of securing this information. As part of the informed consent process, the lab will also work to provide education and training to survey participants on the use of data for conflict prevention.
  2. Voluntary Participation: PeaceTech Lab will explain that all participants are free to choose whether or not to give their consent, without inducement or negative consequences for not participating or withdrawing their participation later in the data process.
  3. Parental Permission: If the data process involves minors and collection of personally identifiable information, PeaceTech Lab will secure their parents’ and/or guardians’ consent, except in circumstances where it is inappropriate to do so.
  4. Disclosure: The PeaceTech Lab will be transparent in disclosing what data is being collected, the purposes for which it is being collected, and the methods of collection.

 

References  

This data policy is informed by the following sources: