For decades, humanitarian organisations have been dedicated to helping the most vulnerable populations worldwide, from disaster relief to essential services for refugees and displaced communities. In today’s digitally connected world, humanitarian organisations have adopted new technologies to deliver much-needed assistance to displaced communities in timely and scalable ways. However, with these new technologies come new challenges.
Many major humanitarian organisations are increasingly relying on AI tools and Financial Technology to streamline aid distribution and humanitarian efforts, collecting and processing vast amounts of personal data including personal information, health records and financial data of individuals. Questions have arisen as to whether these technologies are actually benefiting those displaced communities they are intended to help, or rather increase their vulnerability by placing their sensitive and identifying data at risk of breaches. For these vulnerable populations, compromise of personal data can have far-reaching consequences.
In 2017, a digital platform used by 11 major NGOs and UN agencies was breached, exposing data relating to names and locations of displaced individuals receiving financial assistance. In 2022, the International Committee of the Red Cross reported two breaches on their servers, nearly 70 days after the breaches had occurred. These events exposed the names, locations, and contact information of more than 500,000 people worldwide. The implications of these data breaches are far-reaching and it has become more crucial to minimise the risk within the humanitarian sector.
There is a high risk that this data could be misused. A prime concern is that displaced communities may easily fall prey to cybercriminals or information could be exploited for fraudulent activities. While there has been no evidence of these consequences, such risks are imminent. The International Committee of the Red Cross (ICRC) reported that they had to shut down their servers and systems which hampered their ability to provide essential services to the displaced communities.
Continuous data breaches within humanitarian organisations pose a significant and multi-faceted risk towards vulnerable communities. These go beyond privacy concerns and have the potential to erode the trust in the impartiality of delivering humanitarian assistance by humanitarian organisations. Trust is the cornerstone of humanitarian work and the erosion of it could have dire consequences, particularly for donors and funding partners. Consequently, safeguarding humanitarian data becomes a crucial aspect of the provision of humanitarian aid. The Network Readiness Index highlights trust towards technology as an important aspect as it is closely tied to reliability and security. Users need to trust that their information will be used as intended, securely and will not lead to unauthorised access and or data breaches. Existing regulatory frameworks and principles could ensure that these risks are mitigated. Importantly, assessing the Do No Harm principle as it relates to the use of technology in the humanitarian sector would be vital especially in instances.
The Do No Harm principle aims to ensure that humanitarian efforts do not have adverse impacts on, or create new risks for individuals and the vulnerable communities they serve. It helps to identify the unintended consequences of humanitarian interventions. While technology is being used in good faith, their risks can have adverse effects and cause harm to the beneficiaries.
In line with the Do No Harm principle, humanitarian organisations should adopt stringent data policy mechanisms to safeguard sensitive data and risks are mitigated. These include, limiting access to sensitive data to authorised personnel, continuously monitoring and updating security protocols to address vulnerabilities and threats which may emerge. Importantly, there are various data protection regulations and policies which provide clear guidelines for responsible data management.
Fortunately, humanitarian organisations such as the UN have been adopting Data Privacy, Ethics and Protection guidelines to assist with handling and processing of sensitive data by humanitarian organisations. Should they be effectively implemented, together with data regulatory principles, then risks and harm would be significantly reduced.
Striking the right balance between leveraging technology and safeguarding data is essential to ensure that humanitarian efforts continue to make a positive impact while minimizing the risks associated with data breaches. A first step would be to conduct a risk assessment to identify potential vulnerabilities within the system. Also, integrating data protection and privacy policies and guidelines within the system could also ensure adequate security and lower risks and impact of the exposed data.
Data breaches within the humanitarian sector are a concerning issue that can have profound implications for both organizations and the vulnerable populations they serve. While the use of technology introduces new challenges, it also offers opportunities to enhance efficiency within the humanitarian sector. It’s important to leverage on these opportunities without risking human lives.
The 2023 edition of the Network Readiness Index, dedicated to the theme of trust in technology and the network society, will launch on November 20th with a hybrid event at Saïd Business School, University of Oxford. Register and learn more using this link.
For more information about the Network Readiness Index, visit https://networkreadinessindex.org/
Samantha Msipa is a passionate researcher and has actively engaged on various projects on law and technology throughout her career. She has a Bachelor of Laws degree as well as a Master of Laws in International Commercial Law from the University of Johannesburg. Her affiliation with Research ICT Africa as an AI Research Fellow allows her to delve deeper into the complexities of AI and its implications on the African continent.