Play 07 - Develop the infrastructure for tech-facilitated risk and privacy processes
Technical play for data stewards: Develop the infrastructure for tech-facilitated risk and privacy processes.
Create a system that facilitates the management of data-related risks and privacy concerns. A good system makes it easier to stick to data protection requirements consistently. This means less chance of staff accidentally sharing sensitive information or for data to be exposed in unintended ways. Relevant parts of the system should also be included in data sharing agreements. This includes:
- Think about the ways in which you may want to use the data in the future so that data #collection is intentional.
- If collecting data on individuals, ensure that you have a consent process in place that shares with users what their data will be used for and their rights in regards to their data.
- If needed, use methods like differential privacy to anonymize statistical analysis.
- For particularly sensitive information, consider regularly reviewing and deleting data that is no longer required.
- Spend time completing the Ford Foundation Cybersecurity Assessment Tool to better understand your level of risk and make a plan for implementing the recommendations provided over time.
Access Controls:
- Implement role-based access control (RBAC) to provide appropriate levels of access based on user roles and responsibilities.
- Regularly audit user #access access permissions to ensure they align with roles and data sharing agreements.
Security:
- Ensure that those with direct access to the data are using secure and unique passwords for platforms.
- Select platforms that use encryption to protect sensitive information.
Maintenance:
- Set up calendar events to schedule reminders for #dataaudits, compliance checks, password changes, and policy reviews and revisions.
- Ensure that platforms receive regular updates and security patches.
🌱 Each play stems from a takeaway from an case study, workshop, or other learning source.
Takeaway: Risk emerges in different ways when data sharing.
Data #misuse runs the gamut from truly harmful—misaligned actors can selectively choose data points to communicate harmful or untrue narratives—to merely inconsiderate—people could use data without acknowledging the original source. The risks of sharing data can rarely be fully eliminated, but there are practices and tools that can mitigate against potential threat.
Source: Community Data Playbook (Full report)