The Holistic Data Responsibility Framework

What is data responsibility?

The 510 Initiative of the Netherlands Red Cross defines data responsibility as:

 “the responsible processing of data with respect to ethical standards and principles in the humanitarian context, bearing in mind potential consequences and taking measures to avoid putting individuals or communities at risk”². UNOCHA’s Centre for Humanitarian Data states that data responsibility “entails a set of principles, processes and tools that support the safe, ethical and effective management of data in humanitarian response”³. 

However, as UNOCHA’s Sarah Telford has highlighted, the issues of data protection and privacy “are not unique to the [humanitarian] sector and have been gaining broader awareness due to data misuse by big-name technology companies”⁴. Given the potential of such misuse and the increasing need for high-quality data to inform decision-making in all sectors, LLInC believes that an emphasis on data responsibility is necessary for all organisations, even outside humanitarian contexts.

Toward a framework of data responsibility

In a 2016 white paper developed with NYU Govlab, LLInC made a call for a responsible data framework that assists in the implementation of “accepted data principles and institutionalise[s] responsibilities and procedures”⁶. Building on this work, the Centre has devised a framework that outlines the necessary elements that need to be covered when integrating data responsibility into any organisation that works with data⁷.

The Holistic Data Responsibility Framework

Through our research, we have identified six core Elements which form the foundation of data responsibility: Technology, Legal, Governance, Process, People, and Network. Crucially, shaping and determining each of the six core elements is the Dimension of Ethics.

The Ethics Dimension | Identifying and establishing the guiding ethical principles of the organisation. 

How do you navigate difficult decisions where other elements or legal ‘grey areas’ do not provide clear answers? By establishing core principles, an organisation can maintain a clear, ethical trajectory through its decision-making practices. This entails continual assessment of what are the ethical boundaries of the organisation and  if any data practices break these boundaries.

The six core elements should always support the organisation in achieving the ethical dimension of the data responsibility framework, thus ensuring that the organisation is designed around ethics rather than the other way around⁸. Applied at the project level, this ethical dimension requires an organisation, as a first step in data responsibility assessment, to ask: should we do this? 

Once the assessment has been completed across all of the core elements of the framework, it is essential to return to the ethical dimension and ask should we still do this?

The Elements of Holistic Data Responsibility

Technology | Organisations need to ensure that the technological aspects of working with data support their principles and obligations. This includes ensuring access control, encryption, and all other technological measures necessary to protect any data handled throughout the data life cycle.

Legal | An organisation has specific legal obligations based on its location, the type of data it handles, its legal status, and the context of a specific project. However, legal mechanisms can also help an organisation uphold and adhere to its principles. Therefore, this element aims to focus on what the organisation’s legal obligations are and what the legal aspects are that could and/or should be in place.

Governance | Each organisation should have formalised policies and governance structures that support and institutionalise each of the necessary requirements that have been identified from the assessment of the other elements. This includes policies that formalise the technological standards and legal procedures that need to be followed, as well as training mechanisms, data management, and so on.

Process | Although formal policies for the way in which members of an organisation should work may exist, informal processes tend to persist. The strength of this framework is that it acknowledges both formal and informal processes. For instance, if failures in provided tech systems occur, individuals already understand the importance of why those systems and policies exist in the first place. The focus is to enable individuals to react appropriately and responsibly, in order to enact steps to be as secure and ethical as possible. This is closely linked to the next element, people, regarding the human capacity needed to be data responsible. Establishing the ethical principles of the organisation will support this as it will foster a culture of data responsibility.

People | Incorporating data responsibility into an organisation requires that every individual understands and embeds it into their everyday work. Depending on the nature of the organisation’s work, and the differing roles of groups and individuals, the minimum general workforce capacity necessary will vary. It  will also impact the specialised capacity. Assessing this is key: the success of an organisation’s data responsibility relies on the ability of each employee to understand how it relates to their work, how they can implement it, and bring any issues and challenges to light.

Network | The data landscape is constantly evolving. Both positive and negative lessons need to be shared in each sector, but also across sectors. Networks allow expertise to emerge and transfer from organisation to organisation and from industry to industry, enabling both formal and informal learning in a manner that may be quicker than, for example, official assessments and publications. 

By assessing each of these elements, LLInC believes that any discussion around data, data security, and data privacy is not siloed. The Holistic Data Responsibility Framework encompasses all aspects that are needed to take a holistic approach to data responsibility.