Whenever the issue of sharing data securely between partners or donors comes up, everyone always wants to talk about the don’ts.
- Don’t share via Dropbox;
- Don’t share via email;
- Don’t share via iCloud;
- Don’t use consumer file sharing tools.
The list goes on, and it repeats messages that we’ve all heard, and probably ignored, before.
Oftentimes, pressure from superiors and the deadlines they impose can cause people to skip good data sharing practices in the interest of time, or they literally aren’t aware of them at all; however, the extra time it may take to share your information securely can and will ensure the safety of your constituents and their data.
We Need to Share Data
With data coming from partners, different technology platforms, donors, team members, and other stakeholders, there is an absolute need to share amongst each other. After all, data-driven decision making is essential if your organization wants to efficiently and effectively create lasting and sustainable change.
Every international development organization nowadays stresses the importance of data for development, as it is vital for the design of effective projects, programs, and policies.
With the increasing use of technology in development projects and programs, there is an even greater need for data security and safe file sharing practices. The bottom line is that using more technology results in the collection of more data, which must be protected.
We Need to Share Data Responsibly
When there is a data security incident, there will be fallout with donors, governments, partners, and beneficiaries that could damage your organization’s reputation irreparably; Or, put the data subjects e.g. your constituents, constituents in harm’s way.
Data breach prevention should be on the mind of everyone within an organization. With so many security protocols in place, it’s rare that you can blame a data security breach on one person or group. However, a few bad decisions made by one or two people can easily snowball into a devastating breach; such as, improper data sharing techniques being used by individuals within that organization.
What may just be an excel attachment to us could easily endanger the lives of the people we are trying to serve. This can be done by attaching the wrong file to an email, sharing with or emailing the wrong person, or using an insecure data sharing practice.
For instance, if your survey data becomes compromised by an outside party, your targeted data subjects could be in danger after they’ve been identified (by knowing their PII or Personal Identifiable Information). We are providing people with a name, address, and GPS coordinates to find anyone on our list.
Our constituents did not sign up for someone to show up at their door because of their ethnicity or other parameters. They signed up because we promised to help them.
5 Ways You Can Responsibly Share Data
Try and relax as you read these 5 Data Sharing Practices that allow you to pass your data around the relevant audiences without doing any harm to your organization or your beneficiaries in the process:
1. Use enterprise standard data visualization software.
Software exists that allows you to share and visualize your data with live dashboards and reports that you can share online without the need to export them to PDF or another portable format. For example, Microsoft’s Power BI Pro and Google Data Studio. In doing so, be sure to:
- Manage user access and security from one central place.
- Control access by user with role-specific insights and row-level security.
- Use software that safeguards your data in a way that meets stringent industry compliance standards and certifications.
2. Use enterprise standard data storage applications
CRS recommends its staff use OneDrive for Business for multiple reasons.
- Encryption: OneDrive places each individual file in its own lockbox, with its own key, which makes it hard for a potential attacker to unlock all of your data at once. Other data storage applications use one key for all the data in one account, so a hacker can gain access to all files at once.
- Management: CRS has enterprise management under its Office 365 tenant. CRS can deactivate users accounts upon their departure from the agency, and gain access over enterprise data
- Storage: OneDrive allows you to store up to 1 TB of data or unlimited storage according to your subscription plan – compared to a 1 GB limit with other data storage applications.
In addition to security, there are many technical considerations behind our selection of OneDrive for Business, e.g. its content management features, versioning, data loss protection (very efficient for enforcing privacy rules on content), collaboration capabilities, integration with many platforms: e.g. SharePoint and Salesforce – the two major platforms used heavily at CRS.
Other similar software includes Box for Enterprise, which gives you a single place to manage, secure, share and govern all the content for your internal and external collaboration processes.
3. Use enterprise standard cloud-based collaboration software
This type of software (for example Microsoft Teams or Slack) can help your team stay organized, have conversations, and share files securely inside and out of your organization.
However, please be warned, Slack is banning some users who have visited U.S. sanctioned countries while using its app. Do not use Facebook Messenger, regular Skype, or un-encrypted SMS for exchanging and sharing data.
4. Use password encrypted files
If there is no other way for you or your partners/donors to share data other than email, then you should make sure that the files you send have been password encrypted.
BitLocker is a tool built into Windows that lets you encrypt an entire hard drive for enhanced security. Here is a video on how to encrypt an Excel file. Using PowerPoint or Word instead? Don’t worry, you encrypt those types of files the exact same way as in the video.
5. Use user permissions and file expiry dates
For added security, choose a file sharing platform that allows you to apply information rights management and automatic expiry to each shared file. Information rights management allows you to restrict saving or printing of the file.
Applying expiry dates automatically revokes access to the file after a specified period. Here is a video on how to do this for OneDrive for Business.
What Are Other Data Sharing Best Practices?
Our 5 suggestions were born from a careful vetting process by CRS IT experts that weighed each option based on security, functionality, and cost. Also, these selections are based off their relevancy to the way CRS operates and how we do business.
Essentially, we use what works best for us. We are acutely aware of the broader ICT4D security vulnerabilities if strong protection systems are not fully adopted, regularly tested and updated.
Here are more resources on good data security practices.
- 5 Simple Ways to Improve Your Data Security Today
- 5 Tools for Secure Communications and Data Storage
- 4 Digital Security Principles to Protect Your Organization
- 4 Best Practices for Responsible Data in Agriculture
How Can We Improve Responsible Data Sharing?
Data privacy has become a priority focus as CRS explores ways to increase the reliance of development and humanitarian programming with new, relevant and accessible technology. We want this post to be a good starting point to initiate a deeper discussion.
What are other data sharing best practices? Please share in the comments!
Remember, the time it takes to use data sharing best practices is nothing compared to potentially making a mistake and compromising the data of your organization, beneficiaries, or donors! Safeguarding this data is an essential aspect of protecting these individuals’ lives, their physical and mental integrity, and their dignity.
By Ali El Benni, Kathryn M Clifton, Ognen Plavevski, and Paul S Wiedmaier of Catholic Relief Services.
Sorry, the comment form is closed at this time.