Zoom Meeting: https://zoom.us/j/857686142

11:30am-1:00pm Bangkok time, March 7, 2019

Welcome to Asia-Pacific Regional Cash

Working Group (RCWG) and CaLP

Webinar on Beneficiary Data Protection

in Asia

• CashCAP

• Myanmar Red Cross Society

• Oxfam Indonesia

• World Food Programme—Afghanistan

• World Food Programme—

Regional Office for Asia

• USAID

Acknowledgements

Asia-Pacific RCWG

Sources: Left: Rosemarie North/IFRC, Nepal, 2015.

Right: Jane Beesley/Oxfam, Philippines, 2013.

Agenda1. Demystifying data protection: Blake Stabler, Capacity Building

Officer, Cash Learning Partnership (CaLP), Washington, DC, United States

2. Data Minimization: Moe Thida Win, Deputy Director, Preparedness and Disaster Management Department, Myanmar Red Cross Society, Nay Pyi Taw, Myanmar

3. Storing and Using Data: Hilman Agung, Monitoring, Evaluation, Accountability and Learning (MEAL) and Information and Communications Technology (ICT) Humanitarian Support Personnel (HSP), Oxfam, Palu City, Indonesia

4. Privacy Impact Assessment (PIA): Mohammad Jawad Shahabi, Programme Policy Officer for Protection and Accountability to Affected Populations (AAP), World Food Programme, Kabul, Afghanistan

5. Questions and discussion

MRCS Data Minimization

Moe Thida Win

Deputy Director, Preparedness, Disaster Management Department

Myanmar Red Cross Society

Asia-Pacific Regional CWG & CaLP Webinar on Beneficiary Data Protection

March 7, 2019

Agenda

• The justification for personally-identifiable information

• The “bus scenario”: proxy

• The community committee/authorities validation

• Age as sensitive information

Why collect personally-identifiable information

• Demonstrate due diligence not to duplicate beneficiaries

• Demonstrate that the person entitled is the person that received assistance

How to collect personally-identifiable information

• Unique national identity number

• Phone number (registered to national identity number)

• Bus scenario (one-off encashment): proxy

• Ongoing (multiple transfers): local authority verification

Data Use and Storage in the Palu Response

Hilman Agung – HSP ICT (MEAL/ICT)

Page 10

Background

• 7.5 SR earthquake hit Central Sulawesi followed by Tsunami

on 28th September 2018. 2,500 death toll, thousands of

houses were destroyed/destroyed, ten of thousands relocated

• The famous Liquefaction

• Limitation of international staffs on the ground by the GoI

• MEAL/ICT combined as one unit – MEAL/ICT Coordinator

• Digitalized since the1st day – we use Survey CTO – service

contract Mobile Data Collection

• GDPR came into force May 2018

• To date – at least 25 mobile forms have been established

Page 11

Main Issue

How to protect sensitive data i.e. PII

and generic data (shareable)?

Sensitive Data Generic Data

• Registration forms

• Form that contains PII:

name, contact, sex, ID

number, contact

number

• Activity reports

• Generic monitoring

data

Page 12

2 Ways to Protect Data Form

Separate groups

Forms are encrypted

1 account of MDC but has separate groups

of users

Download data is only allowed by a person

who has decryption key

Page 13

Recommendation

• Risk Assessment Beneficiary Data Management

• List tools/forms

• What benefit of collecting such data

• Possible risks

• Risk mitigation

• Risk Mitigation

• Consent is essential – all survey need to have consent but must not

overly complicated

• Limited staff to access sensitive data

• Encryption the survey form

• Separate the sensitive data and other forms

• Data sharing agreement needs to have the same data arrangement with

agency that implement the data safeguarding policy.

WFP Afghanistan

Privacy Impact Assessment (PIA)

March 2018

PIA: Basic Concepts

A Privacy Impact Assessment is a project-based management tool in which risks to privacy are

identified and assessed, and risk avoidance and/or mitigation strategies are developed.

Conducting PIA

• PIA: What, when, who

• Context analysis and leading questions

• Sources of information

• Legal frameworks

• Analysis of data flows

• Data subjects rights

• Data security standards

Challenges: Experiences from Afghanistan

• Speaking to different stakeholders

• Speaking to affected communities

• Data security measures

Thank You!

Mohammad Jawad Shahabi

jawad.shahabi@wfp.org

Questions

Source: The IRC, The Philippines, 2013.

Some Resources

• CaLP Protecting Beneficiary Privacy 2013

• CaLP E-transfers and Operationalizing Beneficiary Data Protection (e-learning) 2013 (requires a Kaya account to access)

• WFP Guide to Personal Data Protection and Privacy 2016

• ELAN A Data Starter Kit 2017

• ICRC Handbook on Data Protection in Humanitarian Action 2017

• Oxfam Responsible Data Management Training Pack 2017