Over the past few months, I’ve been working with CARE to develop a Responsible Data Maturity Model (download as PDF or Word). This “RDMM” joins a growing set of tools (created by a wide variety of organizations) aimed at supporting organizations to move towards more responsible data management.
Responsible Data is a concept developed by the Responsible Data Forum. It outlines the collective duty to prioritize and respond to the ethical, legal, social and privacy-related challenges that come from using data. Responsible Data encompasses a variety of issues which are sometimes thought about separately, like data privacy and data protection, or ethical challenges. For any of these to be truly addressed, they need to be considered together.
CARE’s model identifies five levels of Responsible Data maturity:
- Unaware: when an organization has not thought about Responsible Data much at all.
- Ad-Hoc: when some staff or teams are raising the issue or doing something on their own, but there is no institutionalization of Responsible Data.
- Developing: when there is some awareness, but the organization is only beginning to put policy, guidelines, procedures and governance in place.
- Mastering: when the organization has its own house in order and is supporting its partners to do the same.
- Leading: when the organization is looked to as a Responsible Data leader amongst its peers, setting an example of good practice, and influencing the wider field. Ideally an organization would be close to ‘mastering’ before placing itself in the ‘leading’ stage.
The main audience for the RDMM is the point person who is tasked with moving an organization or team forward to improve data practices and data ethics. The model can be adapted and used in ways that are appropriate for other team members who do not have Responsible Data as their main, day-to-day focus.
There are multiple other uses for the RDMM, however, for example:
- As a diagnostic or baseline and planning tool for organizations to see where they are now, where they would like to be in 3 or 5 years, and where they need to put more support/resources.
- As an audit framework for Responsible Data.
- As a retro-active, after-action assessment tool or case study tool for looking at a particular program and seeing which Responsible Data elements were in place and contributed to good data practices, and then developing a case study to highlight good practices and gaps.
- As a tool for evaluation if looking at a baseline/end-line for organizational approaches to Responsible Data.
- In workshops as a participatory self-assessment tool to 1) help people see that moving towards a more responsible data approach is incremental and 2) to identify what a possible ideal state might look like. The tool can be adapted to what an organization sees as its ideal future state.
- To help management understand and budget for a more responsible data approach.
- With an adapted context, “persona,” or work stream approach that helps identify what Responsible Data maturity might look like for a particular project or program or for a particular role within a team or organization. For example, for headquarters versus for a country office, for the board versus for frontline implementers. It could also help organizations identify what parts of Responsible Data different positions or teams should be concerned with and accountable for.
- As an investment roadmap for headquarters, leadership or donors to get a sense of what is the necessary investment to reach Responsible Data maturity.
- As an iterative pathway to action, and a way to establish indicators or markers to mainstream Responsible Data throughout an organization.
- In any other way you might think of! The RDMM is published with a Creative Commons License that allows you to modify and adapt it to suit your needs.
Over the past few months, we’ve tested the model with teams at headquarters, country offices, in mixed teams of people from different offices in one organization, and with groups from different organizations. We asked them to go through the different areas of the model and self-assess at which level they place themselves currently and which level they would like to achieve within a set time frame, for example 3 or 5 years. Then we worked with them to develop action points that would allow them to arrive to the desired level.
Teams found the exercise useful because:
- It allowed them to break Responsible Data into disparate pieces that could be assigned to different parts of an organization or different members of a team.
- It helped to lay out indicators or “markers” related to Responsible Data that could be integrated throughout an organization.
- It allowed both teams and management to see that Responsible Data is a marathon not a sprint and will require that multiple work streams are addressed over time with the involvement of different skill sets and different parts of the organization (strategy, operations and IT, legal, programs, M&E, innovations, HR, fundraising and partnerships, etc.)
- It helped teams with limited resources to see how to make incremental steps forward without feeling pressured to make Responsible Data their only focus.
We hope others will find the RDMM useful as well! It’s published under a creative commons license, so feel free to use it and adapt it in ways that will suit your needs.
We’re in the process of translating it into French and Spanish. We’d love to know if you use it, how, and if it is helpful to you! Please get in touch with me or Kelly Church at CARE for more information.
Originally published as A Responsible Data Maturity Model for non-profit organizations
Wonderful resource Linda and team, thanks for putting this together and supporting organizations on their path to secure, transparent and responsible data use.
Hi Linda!
I took a look at the definitions of “Leading” for Data
sharing and open data as well as Data Partnership. Personally, I would have wanted to see a Leading organization include the following: “Shares all possible de-identified data on leading open data portals where possible and on the organization’s own open, easily-accessible portal when not.” I saw things about sharing protocol and policies around the data, but not so much on aggressively, but responsibly, making data and metadata public, so that it can used by others.
Was this debated and considered when developing the RDMM? If so, was it excluded as the team doesn’t consider it best practice or because it’s too unrealistic even for a Leading organization?
I have a HUGE appreciation that goes into all the work to make sure that data is collected, managed, inventoried, etc. responsibly. I have a dream (perhaps a pipedream) that all data and metadata collected by the development organizations makes its way onto publicly accessible, “aggregate-able” websites, perhaps running CKAN, https://ckan.org/
Hey Eric and thanks for your comment,. Some initial thoughts —
In general, the RDMM doesn’t define intent or best practices for disseminating data according to open data principles – it defines the groundwork necessary to be able to do so responsibly. so in a way, the RDMM stops where an open data policy begins, if that makes sense. In fact, some organizations have created RD policies specifically to push back against aggressive donor mandates on “open data” because they were worried that opening certain data could lead to harm.
The RDMM doesn’t aim to be prescriptive — “you should open your data” or “you should never use biometrics” but rather it aims to help organizations establish processes that would allow them to make careful decisions on whether to e,g., open data or whether to use biometrics.