Kafa’s Data Management
Kafa is a non-governmental organization that helps raise awareness and tries to take action in several areas related to violence and exploitation, especially revolving around women. Their mission clearly states that “It seeks to realize substantive gender equality through the adoption of a combination of different approaches, such as:
“Advocacy for law reform and introduction of new laws and policies; influencing public opinion, practices and mentality; conducting research and training; and empowering women and children victims of violence, and providing them with social, legal, and psychological support” (Kafa Mission Statement).
Most of the data they publish are testimonies as well as the number of people they help. Their targeted population is mainly women, but in some cases, children facing violence are also included. Most of the information they publish is personal therefore so many issues and ethical questions are raised.
Kafa releases most of the information they gather through studies and research papers. The fact that they tackle very sensitive cases where the subject might be in danger, they can’t include some information that can put anyone in a dangerous position. The data they gather should be available and on their site, without having anyone put in danger. Consent for posting this information should be very clear and easily understandable since the informational is very personal and there is a risk to posting them. Another challenge they should face is the collection of the data in general. Because of the personal nature of the data they are collecting, and because of the type of society we live in, contacting people to receive information and testimonies should be very difficult.
There is a lot of information that Kafa makes public. One of the clearest information is their annual reports that state all of their achievements and events. After conducting an interview with Kafa’s founder and director, Zoya Rouhani, we found out that the information collected in studies is processed by third party collectors. Since the NGO only gathers the information they receive through phone calls and their centers, Kafa’s data management policy is impossible to find on their site and we have been told that they did not have one. Many clickable links were not working and as soon as they were clicked on it was found that the page is unavailable, since the site is still under construction according to the founder. Yet, we found that in one publication, Kafa’s annual report (2015), it was stated that the information they gathered was digitized through another organization or company, Ipsos. The other studies or the site in general do not include any information of how the data is stored and managed.
Ipsos ex:
https://www.kafa.org.lb/sites/default/files/2018-12/PRpdf-94-635951276749134776_0.pdf
Through our interview with Kafa, we found out many of the missing information. First, we found out that the studies they publish and the information they gather is mostly through third party collaborators. When asked if the collaborators keep the information with them or they destroy them, it was answered that in principle, the collaborators should destroy the data, yet we can’t know that for sure. If the information gathered is sensitive and very personal, Kafa tries their best to keep this information safe and not let it get out. Yet, for example, with the Ipsos study, the the information is not as sensitive and doesn’t need to be kept as safe. Second, that most information they gather themselves, without any collaborators, are the information they receive through their call centers and support centers. When it comes to working with illegal domestic workers for example, Kafa takes legal measures; first they contact authorities to inform them that the worker is at their centers, then they ensure safety through follow up. They only inform people that need to know her personal information about her since it is stated in the law. When it comes to consent, all the people involved are asked for consent and every detail about what they will do to their data and testimonies is disclosed. When it comes to the subject’s rights, since all of their testimonies and their participation in general is a choice, they have the right to withdraw their consent, erase their data object to the processing of it as well as rectification. We didn’t get any information on the right to data portability or access. They are an NGO that wants to help women and put them out of danger, so they do protect the data, through anonymity and other safety measures that were not disclosed. Before publishing the information, they gather through their call centers and support centers, they make sure to anonymize it completely and they never de-anonymize the information without the consent of the person concerned. Also, they keep doing follow ups with their cases in order to ensure their safety. For ownership, we deduced from their terms and conditions that they mostly own the rights to what they publish on the site. It is stated that all intellectual property and the material information the site contains will remain under the property of Kafa.
As stated many times before, Kafa’s data policy is not found on their site, and it was confirmed to us that the data management is ensured through third party collaborators. One key weakness at Kafa is the fact that we do not completely know the standards the organization has. Yet, we can see, from what we know that there are some discrepancies in what they disclosed to us. First, the fact that they ensure their data processing through third party collaborators, it is expected for them to follow up on if the collaborators destroy the data they have since it is a necessity. Much of the data collected by Kafa is very sensitive, and according to their answer “collaborators should in principle destroy the data yet they can’t know that for sure”. Through this answer, we can start doubting Kafa’s and the collaborators’ safe storage of data. One of the rights mentioned in the signal code is the right to privacy and security; Kafa tries to protect the anonymity of all their participants and if anything should happen to the safety of someone they would immediately know, since they follow up with all their cases and they are always available, they also ensure the availability of safe houses. Kafa’s employees undergo several trainings every year according to their annual reports, which helps a lot in intervening in case of safety breach. Yet the privacy of Kafa’s data is still unclear. There could be many potential risks in misuse personal data, overtime, this misuse combined with fear for safety confidentiality and other concerns might lead to resisting sharing of data by people, and might undermine humanitarian work (OCHA, 2016). Until now, Kafa’s information has been kept safe and according to them it is one of their most important aspect. When it comes to their rights to data agency, every person that comes to that is provided with clear information about what is going to happen with their data, a form of consent is provided, and according to them since “it is completely their choice to come and testify” they have all the rights when it comes to their data. If the data management is ensured through third party collaborators such as Ipsos, then it should be mentioned at the forefront in order to find the data management policy and see whether the collection of information was done properly or not. For the question of data ownership or confidentiality agreements, no information is given. Through going through their site and studies, we noticed first that the participants are mentioned in the acknowledgement, yet no clarity on whether they own the rights to their information is given. Yet through putting them in the acknowledgement, they could be considered as co-authors. When we go through the terms and conditions of the site, it is stated that they own the rights to their publications and anything posted on the site. There are blurred lines when it comes to that question. One of Kafa’s strengths is the transparency of what they do; every achievement, goal or event is published on their site. According to OCHA (2016), one of the characteristics of humanitarian organizations that use data responsibly is transparency. Another strength is when it comes to the data collected, all the information that is published in each study is very concise and only consists of relevant information. The methodology used in every study is well organized and only gives room to necessary information to be said. The objectives and goals of each study is respected and to our knowledge, no unnecessary information is stated. When we go through Kafa’s site, the testimonies section is empty, which prevents the public to access the data. This is justified to a certain extent; it ensures the safety of the participants, and it may be too sensitive to reveal, yet having the option of pressing that link makes it unfair since this information can be used in order to raise awareness and help Kafa’s mission.
It is very unclear what Kafa’s data management policies are and on what grounds and “rules” they are collecting their data. Even though their work is great, the methodology and their rule book for data collection is not available. If they follow the data policy of each organization they collaborate with, it is extremely confusing, and they should write or make available their data management policy or they might face some problems. If I had to give a grade for their ethical standards I would give them a 6/10; even if their data collection seems ethical and done within good conditions, there is no evidence that points towards it since it isn’t available on the site.
References:
Harvard Humanitarian Initiative (2016) The Signal Code. A Human Rights Approach to Information During Crisis.
KAFA. (n.d.). Retrieved from https://www.kafa.org.lb/en/about
OCHA (2016) Building data responsibility into humanitarian action. OCHA Policy and Studies Series
