Post on 25-Aug-2020
Zoom Meeting: https://zoom.us/j/857686142
11:30am-1:00pm Bangkok time, March 7, 2019
Welcome to Asia-Pacific Regional Cash
Working Group (RCWG) and CaLP
Webinar on Beneficiary Data Protection
in Asia
• CashCAP
• Myanmar Red Cross Society
• Oxfam Indonesia
• World Food Programme—Afghanistan
• World Food Programme—
Regional Office for Asia
• USAID
Acknowledgements
Asia-Pacific RCWG
Sources: Left: Rosemarie North/IFRC, Nepal, 2015.
Right: Jane Beesley/Oxfam, Philippines, 2013.
Agenda1. Demystifying data protection: Blake Stabler, Capacity Building
Officer, Cash Learning Partnership (CaLP), Washington, DC, United States
2. Data Minimization: Moe Thida Win, Deputy Director, Preparedness and Disaster Management Department, Myanmar Red Cross Society, Nay Pyi Taw, Myanmar
3. Storing and Using Data: Hilman Agung, Monitoring, Evaluation, Accountability and Learning (MEAL) and Information and Communications Technology (ICT) Humanitarian Support Personnel (HSP), Oxfam, Palu City, Indonesia
4. Privacy Impact Assessment (PIA): Mohammad Jawad Shahabi, Programme Policy Officer for Protection and Accountability to Affected Populations (AAP), World Food Programme, Kabul, Afghanistan
5. Questions and discussion
MRCS Data Minimization
Moe Thida Win
Deputy Director, Preparedness, Disaster Management Department
Myanmar Red Cross Society
Asia-Pacific Regional CWG & CaLP Webinar on Beneficiary Data Protection
March 7, 2019
Agenda
• The justification for personally-identifiable information
• The “bus scenario”: proxy
• The community committee/authorities validation
• Age as sensitive information
Why collect personally-identifiable information
• Demonstrate due diligence not to duplicate beneficiaries
• Demonstrate that the person entitled is the person that received assistance
How to collect personally-identifiable information
• Unique national identity number
• Phone number (registered to national identity number)
• Bus scenario (one-off encashment): proxy
• Ongoing (multiple transfers): local authority verification
Data Use and Storage in the Palu Response
Hilman Agung – HSP ICT (MEAL/ICT)
Page 10
Background
• 7.5 SR earthquake hit Central Sulawesi followed by Tsunami
on 28th September 2018. 2,500 death toll, thousands of
houses were destroyed/destroyed, ten of thousands relocated
• The famous Liquefaction
• Limitation of international staffs on the ground by the GoI
• MEAL/ICT combined as one unit – MEAL/ICT Coordinator
• Digitalized since the1st day – we use Survey CTO – service
contract Mobile Data Collection
• GDPR came into force May 2018
• To date – at least 25 mobile forms have been established
Page 11
Main Issue
How to protect sensitive data i.e. PII
and generic data (shareable)?
Sensitive Data Generic Data
• Registration forms
• Form that contains PII:
name, contact, sex, ID
number, contact
number
• Activity reports
• Generic monitoring
data
Page 12
2 Ways to Protect Data Form
Separate groups
Forms are encrypted
1 account of MDC but has separate groups
of users
Download data is only allowed by a person
who has decryption key
Page 13
Recommendation
• Risk Assessment Beneficiary Data Management
• List tools/forms
• What benefit of collecting such data
• Possible risks
• Risk mitigation
• Risk Mitigation
• Consent is essential – all survey need to have consent but must not
overly complicated
• Limited staff to access sensitive data
• Encryption the survey form
• Separate the sensitive data and other forms
• Data sharing agreement needs to have the same data arrangement with
agency that implement the data safeguarding policy.
WFP Afghanistan
Privacy Impact Assessment (PIA)
March 2018
PIA: Basic Concepts
A Privacy Impact Assessment is a project-based management tool in which risks to privacy are
identified and assessed, and risk avoidance and/or mitigation strategies are developed.
Conducting PIA
• PIA: What, when, who
• Context analysis and leading questions
• Sources of information
• Legal frameworks
• Analysis of data flows
• Data subjects rights
• Data security standards
Challenges: Experiences from Afghanistan
• Speaking to different stakeholders
• Speaking to affected communities
• Data security measures
Thank You!
Mohammad Jawad Shahabi
jawad.shahabi@wfp.org
Questions
Source: The IRC, The Philippines, 2013.
Some Resources
• CaLP Protecting Beneficiary Privacy 2013
• CaLP E-transfers and Operationalizing Beneficiary Data Protection (e-learning) 2013 (requires a Kaya account to access)
• WFP Guide to Personal Data Protection and Privacy 2016
• ELAN A Data Starter Kit 2017
• ICRC Handbook on Data Protection in Humanitarian Action 2017
• Oxfam Responsible Data Management Training Pack 2017