Navigating Digital Response in a Time of Crisis
Authors: David Eaves, Lecturer in Public Policy, Harvard Kennedy School; Westerly Gorayeb, Master in Public Policy, Harvard Kennedy School 2022
Emergency Declarations Lack Guidance on Digital
Crises necessitate change. And at the highest level, emergency declarations and crisis standards — thresholds at which barriers to acting are removed or resources are reallocated to where there is the most need — help make that change happen. Emergency declarations and crisis standards have impacts that trickle down to all levels of government and guide how agencies and departments adapt to crises. But despite the growing role of digital technologies in government, it is not always clear how these tools affect digital response.
In the United States, the Centers for Disease Control and Prevention follows a playbook for emergency and crisis communication that touches on digital capabilities only as a way to push information out quickly, while almost no attention is given to the power of a coordinated digital response. In the Department of Homeland Security’s Emergency Support Function #15, the key policy that mobilizes a coordinated communications response during a crisis, the use of a website is mentioned just once.
Even in countries with renowned government digital services, pre-pandemic plans for digital crisis response proved sorely lacking. Take Singapore, where the emergency health declaration exercised during the COVID-19 pandemic provides for broad, “extraordinary” powers, but fails to describe how those powers affect the way digital technologies might be developed or deployed by government departments to address the spread of infectious disease.
As a result of these gaps in crisis preparation, leaders of digital crisis response are often left to improvise, working out what is and is not productive in real time, as a crisis unfolds. Without guidelines, the pressure that emergencies create — to roll out a response or add features quickly- — may result in services that do not meet the public’s needs and might even betray their trust.
Lessons Are Emerging
In the midst of the COVID-19 pandemic, digital service groups and digital government experts around the world have started to codify what a good digital crisis response could look like. These efforts have resulted in documents like the California Digital Crisis Standard, developed by the state of California’s COVID-19 response team. Another example comes from Singapore, where the national digital service group had to decide its obligations regarding data protection for a brand-new digital contact tracing app. Looking at these two experiences in more detail reveals several important tenets of crisis response trends that other digital service groups might be able to learn from.
California
The California Digital Crisis Standard is a publicly available list of best practices that the California COVID-19 response team is using to maintain the quality of the state’s official COVID-19 response website. The standard’s objective is to ensure that user needs remain top of mind during the chaos and pressure of a crisis. To that end, the standard emphasizes the importance of maintaining clear content, providing an experience that is integrated with existing resources, and iterating rapidly in response to user needs.
A testament to the value of cross-sector and multinational collaboration, the development of the standard was supported by Public Digital and built on 10 design-in-a-crisis principles codified by British service design expert Lou Downe.
Singapore
As the COVID-19 crisis unfolded, Singapore’s national digital service group, GovTech, led an effort to develop the country’s first contact tracing app, TraceTogether. To function, the app would need to collect at least some data from a user’s smartphone and share it among government agencies, which raised concerns about data security and privacy. Even though Singapore’s government agencies are exempt from the country’s comprehensive privacy law, Personal Data Protection Act (PDPA), the team at GovTech nonetheless wrestled with whether to hold itself to strict data privacy standards.
GovTech had conducted several surveys and found that privacy considerations were a major concern for potential TraceTogether users. Following those surveys, despite the PDPA exemption, the GovTech team made a decision to bring TraceTogether largely in compliance with the law’s obligations. This required consultation with data privacy and security experts elsewhere in government, who helped the GovTech team put in place processes and technical measures to make sure app users’ data was protected. These operating procedures, which have since been shared publicly, continue to guide how TraceTogether collects and shares user data.
Key Observations
Even as the COVID-19 crisis continues to unfold and the efficacy of certain digital responses become clearer, we can begin to draw out a few key themes from these two cases. The broad takeaway from California and Singapore is that in crisis, tried-and-true digital practices become even more critical to executing digital service delivery. The experiences of California and Singapore tell us that:
1. Working in the open enables learning
In a national emergency, working in the open allows multiple service providers — within the same governing system or outside of it — to learn from one another, accelerating development timelines and surfacing creative solutions. The California Digital Crisis Standard was made possible by work that had been shared in the open, while the TraceTogether team brought their concerns about privacy and security to government professionals who helped design a way forward.
2. There is always time for user testing
While some may view user testing as a time-consuming luxury that does not have a place in rapid crisis response, the experiences of California and Singapore highlight the importance of prioritizing user needs. If anything, user testing is more important in a crisis because the consequences are more serious if services do not work for users.
3. Clear communication is essential
Both examples underscore the importance of communicating simply and clearly with users of digital services. Doing so can reduce panic and confusion, as well as create trust between users of the service and the government agency managing it.
Looking Ahead
The experiences of these two agencies do not hold all the answers to an effective digital crisis response. No crisis is the same and some degree of improvisation will always be necessary. But in any crisis, taking time to develop a framework for response — to understand how normal working processes might change or stay the same — helps to mitigate the pressure teams face while handling the crisis. In other words, it is important to plan or at least try to anticipate in advance what California and Singapore did on the fly.
In designing that plan, one key element to consider is how aggressively a team should deviate from the pre-crisis norm when developing their crisis response product. During a crisis, teams may — inadvertently or by choice — build a digital response that forgoes many of the security, privacy, or service standards that would have otherwise been implemented. Depending on how much processes change from the non-crisis status quo, teams may find that they have to spend time and resources later to align the product or service with the non-crisis standard. The teams in California and Singapore had to factor this into their response and decide how much technical and policy debt they were willing to incur to get their services to the public quickly.
At a minimum, digital service groups need to be thinking proactively about how crises change the development and deployment of digital technologies in the public realm. From there, they can build a basic crisis standard that draws on elements of impactful crisis responses, like those of California and Singapore. Other examples of successful responses will surely emerge as digital service groups around the world continue to help the public navigate the COVID-19 crisis.
