By working together to share data with other NGOs we can be more effective at getting aid to those who need it, and provide greater data privacy and security for individuals.
Just as our digital identities are changing so are those of crisis-affected people the world over. Many of us increasingly use facial recognition or finger print scanners to unlock our smartphones, or log into multiple online sites using our Facebook profiles and this verification of who we say we are is constantly evolving. How does this changing landscape affect the over one billion people who are unable to officially prove who they are? In humanitarian crises, where formal records of identity may be lost, if they ever existed, and navigating ways to access aid for your family might be dependent on different actors’ standards for verification these changes can be far more challenging.
While governments and the UN focus on legal/formal ID, NGOs are increasingly looking at how to use identity data to facilitate aid delivery – using what we call ‘transactional identities’.
For our programme activities one of the first points of contact with affected communities is often a registration process. Different agencies (and sometimes internal teams) can duplicate registration processes leading to fatigue and confusion from those we’re working with, increased risks to data security and privacy, and increased administration costs. One individual can have multiple identities to access multiple services from different service providers. This inevitably leads to inefficiencies for individuals, agencies, donors and host governments.
Imagine having to provide often personal data to numerous aid agencies in the hope of receiving aid, ending up with many ID cards, but little control over how the data you provide is usedImagine having to provide often personal data to numerous aid agencies in the hope of receiving aid, ending up with many ID cards, but little control over how the data you provide is used by those collecting it and even less visibility of who it is shared with.
Oxfam is part of a small group of NGOs working together and with the private sector, to develop and test a set of identity standards that agencies and technology suppliers can sign up to. These standards will focus on how we collect, store, share and delete the data of those we work with in humanitarian situations. Individuals will then only need to be registered once to access services from different providers, using one ID.
One of the key principles in this work is ‘putting people first’. This is a stance that links very closely with our Responsible Programme Data policy, with individuals rights to privacy and protection viewed as fundamental in any activity we are involved in. We want to work towards a point where ownership of data is put in the hands of individuals themselves and they are in control of how their data is used.
To design and implement a project during a response our staff in general do not need to know personally identifiable information about individuals, such as their name and date of birth. What’s key for us is how many people within this community meet our vulnerability and target group criteria. Then at the point of distribution, it’s important to know whether the person who arrives at the distribution point is eligible to receive goods or services, but we don’t need to know exactly who they are. This authentication could be provided by the scanning of an ID card or via some form of biometrics ( the use of biometric data also raises important issues, see: To use or not to use biometrics?). This approach to reducing access to information within our own teams helps protects individuals’ personal data.
As we develop our standards for managing identity data we will need appropriate governance structures. That’s why we are commissioning a piece of research into the best approaches to this, looking at examples from both within and outside the NGO sector. The findings will enable the inter-agency group to take forward our data sharing plans and ensure the ongoing viability of the scheme, and security of individual’s data. We’re now looking for expressions of interest and you can view the Terms of Reference here, including details of how to apply.
Every day NGOs collect personal data from vulnerable individuals. Many people we collect data from need our protection from abuse, violence and conflict. It’s hoped that our new approach will drive change within and between our organizations, reducing the risk of data breaches and ensuring greater all-round protection for the vulnerable people we support. If you have thoughts or comments on the topic, do get in touch. We’d love to hear from you.Apply to conduct research into shared digital identity standards