Data and Security Responsibilities of the Individual Humanitarian

Bridging the Gap in Humanitarian Data Security

Published in June 2023 by the Digital Humanitarian Network (DH Network), this report addresses a critical "yawning gap" between high-level organizational data policies and the daily realities faced by humanitarian workers. Authored by Lidewij Heerkens and Andrej Verity, the study highlights how inconsistent data security practices across the sector create undeniable risks for vulnerable populations. By examining the disconnect between outdated mandatory policies and modern field requirements, the report serves as an urgent call to action for international organizations to modernize their approach to digital protection.

The Burden of Individual Responsibility and "Shadow IT"

A central finding of the report is the unrealistic burden of responsibility currently placed on individual aid workers. Many humanitarians rely on personal initiative and their own limited knowledge to secure sensitive data, often resulting in the use of non-approved services—known as "shadow IT"—to overcome inadequate organizational tools. From using WhatsApp for field communication to managing sensitive files in personal password-protected ZIPs, these inconsistent practices stem from a lack of practical, actionable training and technical support that reflects the complexity of the humanitarian operating environment.

Strategic Recommendations for Cultural and Technical Shifts

To mitigate these risks, the report provides a comprehensive roadmap for improvement focused on targeted education and minimizing individual liability. Key recommendations include replacing "one and done" training with recurring microlearnings, institutionalizing the role of Data Responsibility Officers, and leveraging automation like multi-factor authentication (MFA) to bake security into standard workflows. Furthermore, the authors advocate for a "humanitarian-centric" approach to data collection: if an organization cannot adequately protect sensitive data, it should not collect or store it in the first place.

Building a Data-Secure Humanitarian Future

Ultimately, the report argues that data security is not just a technical challenge but a "wicked problem" that requires a fundamental cultural shift within the sector. Moving forward, organizations must prioritize data security in funding decisions and donor reporting to ensure that digital protection becomes as much a priority as physical aid. By adopting scenario and impact analysis as a standard requirement, the humanitarian community can protect its reputation and, most importantly, prevent real-world harm to the people it serves.