How to Protect Digital Privacy and Security During COVID-19 Response
Oct 27, 2020
What do cyber attacks, virtual learning platforms, and the spread of misinformation online have in common?
- All have seen substantial spikes over the past four months.
- Each one would be nonexistent without digital technology.
Technology has served as both an advantage and a hindrance during COVID-19 digital response. On one hand, apps like Zoom have allowed people to stay connected with loved ones while safe at home, and many have been able to work remotely without major disruption to their jobs.
On the other hand, Google is blocking millions of scam emails related to COVID-19 every day, and tech firms believe the pandemic is on track to be the most-frequently-used bait for phishing attacks, with a near 700 percent increase since the pandemic started.
For development practitioners, the advent and rapid growth of digital technology offers enormous benefits—a pathway to advance freedom and transparency, generate shared prosperity, strengthen inclusion, and inspire innovation. Despite this, digital tools also present significant risks, particularly in relation to privacy and security, and can cause significant harm if not used responsibly.
Women Connect Challenge grantee, Humanitarian OpenStreetMap Team (HOT), partners with schools in Peru to train students to safely use mapping and surveying tools to raise the awareness of local policymakers about gender-based issues in their community. Photo credit: GAL Group.
Are You Protecting Digital Privacy and Security?
In April, the U.S. Agency for International Development (USAID) launched a five-year Digital Strategy outlining a path to strengthen open, inclusive, and secure digital ecosystems in their programs and in partner countries. USAID is committed to helping development partners navigate both the risks and rewards associated with digital tools by advocating for digital data collection in all programs; increasing investments in the privacy and protection of that data, and expanding abilities to mitigate harm through cybersecurity programming.
Moving to Digital Data Collection
USAID recommends collecting data on and monitoring programs digitally—by tablet, mobile phone, etc.—and encourages staff and implementing partners to assess how digital tools can be adapted to collect data relevant to COVID-19 response efforts.
There are key questions implementing partners should ask themselves if collecting data digitally to ensure a robust program. For example:
- What information do you need, and who has it?
- Is someone already collecting this information?
- What digital data collection tools have been deployed in my area of interest by USAID partners or other groups?
- Can you reach your population of interest by text, phone, or internet?
- What assets outside of USAID’s network can be leveraged?
- What data collection systems are already in place by market research firms, civil society, and host-country governments?
Download this USAID short guideto help assess how digital data collection tools can be adapted to support the continuous monitoring of programs.
Protecting Data Privacy
Pandemics present a unique risk of health-related personally identifying information being compromised, and then potentially used to harm an individual. If a person contracts COVID-19, and their identity is made public, what repercussions might they face in their personal or professional life? Once data is collected, how do you ensure it is protected, and the privacy and security of beneficiaries are safeguarded?
By thinking strategically about how data might be used and shared, development practitioners can mitigate risks and build trust in our institutions. Pertinent questions include:
1. How will the data be used?
- Who collected/will collect this data?
- Is this the minimum amount of data necessary for decision making?
- Is this data representative?
2. Who will the data be shared with?
- Who is it being shared with?
- What data is being shared?
- Can the data be transmitted/shared in a secured manner?
- Can the party receiving the data protect it?
- What was the individual’s expectation when their data was collected?
3. How is the data being protected?
- Does the project have the necessary resources and safeguards in place?
- Where will the data be stored?
- How is data being protected—now and in the future?
- Will vulnerable populations still be identifiable?
- What are the implications of the loss of privacy?
- What are the plans in the event of a data breach?
- What are the relevant laws?
- How else are you promoting compliance?
USAID’s approach to using data responsibly is to balance use, privacy and security, and transparency and accountability. First and foremost, we seek to do no harm. To better understand responsible data use in development, download this USAID short guide.
Cyber threats have the potential to cause serious disruption to development programs. To protect against attacks, implementers should have a plan in place. Just as wearing masks and washing hands have become regular and necessary protective measures against COVID-19, consider what protective measures are needed to protect your programs and beneficiaries.
Cybersecurity for development can be understood as identifying, protecting, detecting, responding, and recovering from threats and risks in a digital environment. Key questions for program teams include:
- Have basic cyber hygiene practices been defined for programs? Are they being followed by implementing partners and program constituents?
- Are implementing partner staff and constituents now working from home? What measures have organizations taken to mitigate related threats?
- If implementing partners or constituents become the victim of a ransomware attack, is there a planned response?
- How would programs be affected if data was lost or compromised due to ransomware or other attack?
- Is critical data being regularly backed up and secured through multiple copies that are stored in separate virtual locations?
The cybersecurity risks emerging during the global pandemic could both undermine response efforts and the long-term resilience and health of the digital ecosystem in developing countries. Learn how to protect your programs by downloading this USAID short guide.
COVID-19 and Digital Development
USAID is committed to helping staff, as well as development partners, navigate both the risks and rewards associated with digital tools—particularly in the face of a global pandemic. We have developed a series of COVID-19 considerations on digital payments, data collection, data privacy, cybersecurity, the gender digital divide, digital literacy, and the digital investment tool to inform staff about the opportunities and risks presented by digital tools in the context of COVID-19.
Jane Clifford is a Communications Advisor for the DAI-led Digital Frontiers project. This post first appeared on ICTWorks.