CRS Responsible Data Values & Principles
The CRS Responsible Data Values and Principles express how we care about protecting the data of our beneficiaries, donors, employees and other constituents. They derive from CRS' Organizational Guiding Principles. CRS also bases its ethical responsibilities to constituent data on existing and widely adopted standards and principles, four of the most notable of which are:
- The Humanitarian Charter, to which CRS adheres. The Charter provides the ethical backdrop to Humanitarian Protection Principles and the Core and Minimum Standards.
- Protection of Human Subjects, as laid down by what is known as “The Common Rule,” or the Department of Health and Human Services Policy for Protection of Human Research Subjects
- The Principles for Digital Development, which CRS has endorsed.
- Responsible Data results from prioritizing people’s rights to consent, privacy, security and ownership; and implementing values and practices of transparency and openness.
RESPONSIBLE DATA VALUES AND PRINCIPLES
Respect and protect an individual’s personal data as an extension of their human dignity.
We consider a person’s data to be an extension of the person, and we will treat those data in such a way as to demonstrate our respect for the inherent sacredness and dignity of the person.
The Reason: The type of data we collect in our work is often personal and private in nature -- it tells us about someone’s habits, their finances, their health, their family, their beliefs. Individuals who share their data with CRS trust us to use it for their benefit. If we value the sacredness and dignity of the human person, we also have a duty to respect and treat an individual’s data with the utmost respect throughout the entire data lifecycle.
Balance the right to be counted and heard with the right to privacy and security.
We will make responsible decisions that respect the voice of our constituents and their right to be heard and counted while also preserving their right to privacy.
The Reason: We will be guided by the “Do No Harm” principle related to managing sensitive information and ensure that we share data in ways to which individuals consent. We must never jeopardize the security of those we serve or those who may be identifiable from the data we collect.
Weigh the benefits and risks of using digital tools, platforms and data.
We will ensure that we are not putting data at risk through the collection or sharing of data on digital tools and platforms.
The Reason: In a world where our constituents may be encouraged to make social connections on digital platforms, we need to educate users and those who provide data about what happens with their data and the potential risks. In reviewing digital tools and platforms that we recommend for our work, we will minimize any potential for negative exploitation of user data. We will always consider the option to not use digital tools and platforms.
Open data for the common good only after minimizing the risks.
In response to requests from institutional donors to share granular beneficiary data and the International Transparency Aid Initiative (IATI) to share project and partner data, we will open such data as part of our contribution to development effectiveness, but only following an assessment of the tradeoffs between openness and privacy and minimization of the risk and harm that could come from it.
The Reason: To protect our constituents, especially the vulnerable persons and groups that we serve, we must ensure that the benefit of opening and sharing our data—particularly individual-level datasets— outweighs any potential risks. In addition, we will ensure that any data we collect, use or share are of the highest quality and accuracy, and that any personally identifiable information is anonymized before opened or shared.
Prioritize local ownership and control of data for planning and decision-making.
We will design our entire data cycle in ways that leverage our data for the common good while also empowering people at local levels.
The Reason: We will practice subsidiarity when it comes to collecting, analyzing, sharing and using data to ensure the greatest effectiveness of their use.
Work to educate, inform and engage our constituents in responsible data approaches.
We will engage our beneficiaries, partners, employees, contractors, donors and other constituents in efforts to better understand the implications of responsible data approaches and their importance, especially to those whom we serve.
The Reason: In today’s world of increasing interconnectedness, our organizational principle of solidarity leads us to make a special effort to raise awareness about responsible data at all levels and with all our constituents.
Exercise a preferential option for protecting and securing the data of the poor.
We will consider first how data provide benefits to those individuals and communities that provide them; our own institutional benefit and that of CRS supporters and donors will come second.
The Reason: Our preferential option for the poor and most vulnerable leads us to adopt a weighted concern for the privacy and security of their data. We will always seek to obtain active and informed consent from our beneficiaries when asking them for data, and we will clearly explain to them how their data will be used, secured and protected throughout the data lifecycle.
Responsibly steward the data that is provided to us by our constituents.
We will practice “data minimization” by collecting only the data that are necessary for project or programmatic goals and normal business operations, and we will keep those data only for as long as needed.
The Reason: In our capacity as steward and broker for data collected from the poor and vulnerable as mandated by donors or contractors, we must optimize the use of these data through the responsible analysis and dissemination of data and results. We are responsible for using data to make decisions, improve our operations and to influence policy makers on behalf of our beneficiaries and constituents.