Information Management and Data Protection
Expert-defined terms from the Advanced Certificate in Compliance in Humanitarian Organizations course at London School of Business and Administration. Free to read, free to share, paired with a professional course.
Access Control – Policies and mechanisms that restrict who can view or ma… #
Related concepts: authentication, authorization, role‑based access. Example: A humanitarian logistics team grants read‑only access to field staff while reserving edit rights for data managers. Challenge: Balancing operational speed with strict permission settings in emergency contexts.
Algorithmic Bias – Systematic error introduced by data‑driven models that… #
Related terms: fairness, discrimination, training data. Example: A predictive health‑needs model that under‑represents women due to skewed historical data. Challenge: Detecting bias without compromising model performance in resource‑constrained settings.
Anonymization – Process of removing personally identifiable information t… #
Related concepts: pseudonymisation, de‑identification, k‑anonymity. Example: Replacing beneficiary names with unique codes before sharing data with partner NGOs. Challenge: Re‑identification risk when combined with external datasets.
Audit Trail – Chronological record of system activities that supports acc… #
Related terms: log management, provenance, compliance reporting. Example: A cloud‑based data repository logs every file upload, edit, and deletion with timestamps and user IDs. Challenge: Ensuring logs are tamper‑proof while not overwhelming storage capacities.
Availability – Assurance that information is accessible to authorized use… #
Related concepts: redundancy, disaster recovery, uptime. Example: Deploying mirrored databases across two data centres to maintain service during a power outage. Challenge: Maintaining high availability in remote field offices with intermittent internet.
Baseline Security – Minimum set of controls established to protect inform… #
Related terms: security policy, hardening, configuration standards. Example: Enforcing default password complexity and disabling unnecessary services on all laptops. Challenge: Keeping baselines up‑to‑date as threats evolve and hardware varies.
Beneficiary Data Management – Lifecycle handling of data about aid recipi… #
Related concepts: data stewardship, consent, retention schedule. Example: Recording household composition during a food‑distribution survey and deleting it after the program ends. Challenge: Aligning humanitarian need for rapid data capture with strict protection obligations.
Big Data – Large, complex datasets that exceed traditional processing cap… #
Related terms: volume, velocity, variety, analytics. Example: Analyzing satellite imagery and mobile phone call‑detail records to predict population movements after a disaster. Challenge: Ensuring privacy safeguards when aggregating massive, heterogeneous sources.
Certification of Compliance – Formal recognition that an organization mee… #
Related concepts: audit, accreditation, continuous improvement. Example: Obtaining ISO 27001 certification to demonstrate robust information security to donors. Challenge: Allocating resources for certification while maintaining frontline program delivery.
Change Management – Structured approach to transitioning individuals, pro… #
Related terms: governance, stakeholder engagement, training. Example: Introducing a new data‑collection app across multiple field offices with phased roll‑out and user workshops. Challenge: Overcoming resistance and ensuring consistent use in high‑turnover environments.
Confidentiality – Principle that information is disclosed only to authori… #
Related concepts: encryption, need‑to‑know, data classification. Example: Encrypting beneficiary health records before transmitting them to a central server. Challenge: Managing keys securely when staff travel across insecure networks.
Consent Management – Process of obtaining, recording, and honoring indivi… #
Related terms: informed consent, withdrawal, opt‑out. Example: Using a tablet form that captures a survivor’s consent to share case data with partner agencies. Challenge: Re‑capturing consent when beneficiaries move or when data is repurposed for new analyses.
Data Classification – Categorising information based on sensitivity and i… #
Related concepts: labeling, handling procedures, access levels. Example: Tagging “Highly Sensitive” for individual protection plans and “Public” for aggregate impact reports. Challenge: Consistent application across diverse teams and languages.
Data Governance – Framework of policies, roles, responsibilities, and pro… #
Related terms: stewardship, data owner, policy enforcement. Example: Establishing a Data Governance Committee that approves data‑sharing agreements. Challenge: Aligning governance with rapid decision‑making required in emergencies.
Data Integrity – Assurance that information is accurate, complete, and un… #
Related concepts: checksum, validation, audit trail. Example: Using hash functions to verify that transferred beneficiary lists have not been corrupted. Challenge: Detecting subtle alterations caused by manual entry errors in field conditions.
Data Minimisation – Principle of collecting only the data necessary for a… #
Related terms: purpose limitation, proportionality, retention. Example: Recording only age and gender for a nutrition screening instead of full addresses. Challenge: Balancing granularity needed for program targeting with privacy considerations.
Data Protection Impact Assessment (DPIA) – Systematic process to evaluate… #
Related concepts: risk analysis, stakeholder consultation, documentation. Example: Conducting a DPIA before launching a mobile cash‑transfer platform that stores personal identifiers. Challenge: Performing thorough assessments under tight implementation timelines.
Data Retention Schedule – Policy defining how long different categories o… #
Related terms: archiving, legal hold, destruction. Example: Retaining disaster‑response beneficiary data for three years, then securely deleting it. Challenge: Coordinating retention across multiple jurisdictions with varying legal requirements.
Data Subject Rights – Legal entitlements of individuals regarding their p… #
Related concepts: GDPR, request handling, transparency. Example: Providing a refugee the ability to view all personal data held by the aid agency. Challenge: Implementing request processes in contexts where individuals lack stable contact details.
Data Transfer Agreements (DTAs) – Contracts that govern the cross‑border… #
Related terms: standard contractual clauses, adequacy decisions, safeguards. Example: Signing a DTA with a partner NGO in a neighboring country to share health data. Challenge: Navigating differing national privacy regimes and limited legal expertise.
Data Quality Management – Practices to ensure data is accurate, timely, c… #
Related concepts: validation rules, cleansing, monitoring. Example: Implementing automated checks that flag missing GPS coordinates in field surveys. Challenge: Maintaining quality when data is entered on low‑tech devices with intermittent connectivity.
Data Sharing Protocols – Established procedures for exchanging informatio… #
Related terms: information exchange standards, consent, anonymisation. Example: Using the Humanitarian Exchange Language (HXL) to share nutrition indicators with UN partners. Challenge: Harmonising protocols across agencies with differing technical capacities.
De‑identification – Removal or alteration of personal identifiers to prev… #
Related concepts: masking, pseudonymisation, aggregation. Example: Replacing exact birth dates with age ranges in a disease‑surveillance dataset. Challenge: Preserving analytical utility while reducing re‑identification risk.
Disaster Recovery Plan (DRP) – Documented strategy for restoring informat… #
Related terms: business continuity, backup, recovery point objective. Example: Restoring the beneficiary database from off‑site backups after a flood destroys the primary server. Challenge: Testing DRP regularly despite competing operational priorities.
Encryption at Rest – Protecting stored data by converting it into ciphert… #
Related concepts: key management, disk‑level encryption, file‑level encryption. Example: Enabling full‑disk encryption on laptops used by field officers. Challenge: Managing encryption keys when staff rotate frequently.
Encryption in Transit – Securing data as it travels across networks #
Related terms: TLS, VPN, secure sockets. Example: Using HTTPS for all web‑based data entry forms. Challenge: Ensuring all devices, including legacy hardware, support modern encryption protocols.
Ethical Review Board (ERB) – Independent committee that evaluates researc… #
Related concepts: informed consent, risk‑benefit analysis, oversight. Example: Submitting a new vulnerability‑mapping project to the ERB for approval. Challenge: Aligning ERB timelines with urgent humanitarian response cycles.
Exposure Risk – Likelihood that sensitive information could be accessed b… #
Related terms: threat, vulnerability, impact. Example: Assessing the risk of a data breach when staff share passwords verbally. Challenge: Quantifying risk in rapidly changing field environments.
GDPR (General Data Protection Regulation) – EU legislation that sets stan… #
Related concepts: lawful basis, data controller, data processor. Example: Adopting GDPR‑style consent forms for EU‑funded projects. Challenge: Interpreting GDPR provisions in non‑EU operational contexts.
Geospatial Data – Information tied to geographic coordinates, such as map… #
Related terms: GIS, remote sensing, location privacy. Example: Mapping displacement camps to plan water‑distribution routes. Challenge: Preventing precise location disclosure that could endanger vulnerable populations.
Information Management (IM) – Coordinated processes for collecting, stori… #
Related concepts: knowledge management, data lifecycle, situational awareness. Example: Maintaining a central dashboard that visualises real‑time health‑service utilisation. Challenge: Integrating disparate data sources while respecting privacy constraints.
Information Security Management System (ISMS) – Comprehensive set of poli… #
Related terms: ISO 27001, risk assessment, continuous improvement. Example: Implementing an ISMS that includes incident‑response procedures for phishing attacks. Challenge: Scaling ISMS processes to small field teams with limited expertise.
Incident Response – Structured approach to handle security breaches, incl… #
Related concepts: forensics, communication plan, lessons learned. Example: Activating an incident‑response team after discovering unauthorized access to a beneficiary database. Challenge: Coordinating response across multiple time zones and languages.
Information Classification Levels – Hierarchical categories (e #
G., Public, Internal, Confidential, Highly Confidential) that dictate handling requirements. Related terms: labeling, access control, disposal. Example: Marking strategic plans as “Confidential” and limiting distribution to senior staff. Challenge: Ensuring consistent labeling when documents are copied or translated.
Integrity Controls – Mechanisms that verify data has not been altered, su… #
Related concepts: hashing, audit trail, tamper‑evidence. Example: Applying a SHA‑256 hash to a CSV file before uploading it to a shared repository. Challenge: Training staff to verify hashes without adding excessive workload.
International Humanitarian Law (IHL) – Legal framework governing conduct… #
Related terms: principle of distinction, protection of civilians, legal obligation. Example: Ensuring that data about internally displaced persons is not used to target them. Challenge: Translating IHL principles into concrete data‑handling policies.
Inter‑Agency Data Sharing – Collaboration between multiple humanitarian o… #
Related concepts: memorandum of understanding, common data standards, trust frameworks. Example: Sharing disease‑surveillance data among NGOs, UN agencies, and local health ministries. Challenge: Aligning divergent data‑privacy policies and technical platforms.
Juridical Authority – Legal power granted to an entity to collect, proces… #
Related terms: legal basis, statutory mandate, consent. Example: Relying on a national emergency law to gather health data during an outbreak. Challenge: Documenting authority when operating across borders with varying statutes.
Key Management – Processes for generating, storing, rotating, and revokin… #
Related concepts: PKI, hardware security module, key escrow. Example: Using a centralized key‑management service to distribute encryption keys to field devices. Challenge: Preventing loss of keys when devices are damaged or stolen.
Least Privilege – Security principle that users receive only the access n… #
Related terms: role‑based access, segregation of duties, privilege escalation. Example: Granting data‑entry clerks permission to add records but not to delete them. Challenge: Maintaining granular permissions in dynamic humanitarian teams.
Life‑Cycle Assessment (LCA) – Evaluation of environmental impacts of data… #
Related concepts: carbon footprint, sustainable IT, e‑waste. Example: Choosing low‑energy servers for data centres supporting climate‑relief operations. Challenge: Balancing sustainability goals with the need for high‑performance computing in crisis analysis.
Metadata – Data that describes other data, providing context such as sour… #
Related terms: catalogue, provenance, data dictionary. Example: Recording the GPS coordinates and collection date for each household survey response. Challenge: Ensuring metadata is accurate and kept up‑to‑date across multiple data custodians.
Minimum Necessary Standard – Principle that only the smallest amount of p… #
Related concepts: data minimisation, proportionality, purpose limitation. Example: Capturing only age and gender for a nutrition‑screening tool, omitting full names. Challenge: Determining the true minimum when programme design evolves.
Multi‑Factor Authentication (MFA) – Security method requiring two or more… #
Related terms: token, biometrics, OTP. Example: Requiring a password plus a time‑based one‑time code on a tablet used by field supervisors. Challenge: Providing reliable second factors in areas with limited cellular coverage.
National Data Protection Authority (NDPA) – Government body responsible f… #
Related concepts: regulatory compliance, sanctions, guidance. Example: Reporting a data breach to the NDPA within the statutory 72‑hour window. Challenge: Engaging with multiple NDPA offices when operating in several countries.
Network Segmentation – Dividing a computer network into isolated sub‑netw… #
Related terms: firewall, VLAN, zero‑trust. Example: Placing the public‑facing website on a separate segment from the internal beneficiary database. Challenge: Configuring segmentation on low‑cost routers in field offices.
Non‑Repudiation – Guarantee that a party cannot deny the authenticity of… #
Related concepts: audit trail, cryptographic proof, accountability. Example: Using a signed PDF to confirm a donor’s consent to share programme data. Challenge: Managing signature verification on devices without robust PKI support.
Open Data – Data that is freely available for anyone to use, modify, and… #
Related terms: transparency, licensing, public domain. Example: Publishing aggregate flood‑impact statistics under a Creative Commons licence. Challenge: Removing all personal identifiers while preserving usefulness for research.
Personal Data – Any information relating to an identified or identifiable… #
Related concepts: sensitive data, data subject, identifier. Example: Names, email addresses, health records, and biometric data of refugees. Challenge: Classifying data correctly when cultural naming conventions differ.
Privacy by Design – Embedding privacy considerations into the development… #
Related terms: default privacy, data protection impact assessment, proactive. Example: Building a mobile data‑collection app that stores data locally encrypted until a secure connection is available. Challenge: Allocating development time for privacy features in fast‑paced humanitarian projects.
Privacy Impact Assessment (PIA) – Evaluation of how a project or system a… #
Related concepts: DPIA, stakeholder analysis, compliance. Example: Conducting a PIA before launching a public‑facing dashboard that visualises displacement trends. Challenge: Balancing transparency with potential harm from disaggregated data.
Protected Health Information (PHI) – Subset of personal data concerning h… #
Related terms: HIPAA, confidentiality, clinical data. Example: Storing patient diagnosis codes for a cholera treatment centre. Challenge: Securing PHI in low‑resource settings where health workers use personal devices.
Public‑Private Partnership (PPP) – Collaboration between government, priv… #
Related concepts: data sharing agreement, joint venture, risk allocation. Example: Partnering with a telecom company to use anonymised call‑detail records for epidemic surveillance. Challenge: Negotiating data‑use terms that satisfy both commercial interests and humanitarian ethics.
Quarantine (Digital) – Isolating compromised systems or data to prevent s… #
Related terms: containment, sandbox, incident response. Example: Moving a laptop suspected of infection to a network‑isolated zone until it is cleaned. Challenge: Maintaining operational continuity while devices are quarantined in crisis zones.
Regulatory Compliance – Adherence to laws, regulations, and standards gov… #
Related concepts: audit, policy, legal risk. Example: Aligning data‑processing activities with the African Union’s Data Protection Regulation (AU‑DPR). Challenge: Keeping abreast of evolving regulations across multiple jurisdictions.
Risk Assessment – Systematic identification, analysis, and evaluation of… #
Related terms: likelihood, impact, mitigation. Example: Assessing the risk of data loss from flash‑drive theft in a field office. Challenge: Conducting thorough assessments without overburdening staff during emergencies.
Secure Data Disposal – Methods for permanently destroying data to prevent… #
Related concepts: media sanitisation, lifecycle, compliance. Example: Physically shredding hard drives from decommissioned servers after a programme ends. Challenge: Ensuring disposal processes are followed in remote locations lacking specialised facilities.
Secure File Transfer Protocol (SFTP) – Network protocol that provides sec… #
Related terms: encryption, authentication, port 22. Example: Uploading daily beneficiary lists to a central server using SFTP with key‑based authentication. Challenge: Configuring firewalls to allow SFTP while restricting other traffic.
Security Incident – Any event that compromises the confidentiality, integ… #
Related concepts: breach, alert, escalation. Example: Detecting unauthorized copying of a donor‑funded project budget spreadsheet. Challenge: Reporting incidents promptly while maintaining donor confidence.
Security Operations Center (SOC) – Centralised unit that monitors, detect… #
Related terms: SIEM, threat hunting, alerting. Example: A regional SOC monitoring network traffic for signs of ransomware targeting humanitarian databases. Challenge: Staffing a SOC with skilled analysts in a sector where security expertise is scarce.
Service Level Agreement (SLA) – Contractual commitment defining the expec… #
Related concepts: uptime, response time, penalties. Example: An SLA guaranteeing 99.9 % Availability for a cloud‑based data‑analytics platform. Challenge: Negotiating SLAs that reflect the unpredictable connectivity of field sites.
Single‑Sign‑On (SSO) – Authentication method that allows a user to access… #
Related terms: identity provider, federation, token. Example: Using an SSO portal so staff can log into the HR system, data repository, and reporting dashboard without repeated passwords. Challenge: Securing the central authentication service against compromise.
Smartphone Data Collection – Use of mobile devices to capture, store, and… #
Related concepts: offline sync, GPS tagging, user interface. Example: Deploying KoBoToolbox on Android tablets for rapid needs assessments. Challenge: Protecting data on devices that may be lost, damaged, or shared among multiple users.
Social Media Monitoring – Gathering and analysing publicly available onli… #
Related terms: sentiment analysis, privacy, data scraping. Example: Tracking Twitter hashtags to detect emerging disease outbreaks. Challenge: Avoiding collection of personal data that could be used to identify vulnerable individuals.
Software‑Defined Networking (SDN) – Architecture that centralises network… #
Related concepts: virtualisation, automation, security policies. Example: Using SDN to quickly isolate a compromised subnet in a humanitarian data centre. Challenge: Implementing SDN in environments with limited technical staff and legacy equipment.
Standard Operating Procedure (SOP) – Documented set of step‑by‑step instr… #
Related terms: process, compliance, training. Example: SOP for backing up beneficiary databases nightly to an off‑site location. Challenge: Keeping SOPs current as technology and threat landscapes evolve.
Statistical Disclosure Control (SDC) – Techniques applied to datasets to… #
Related concepts: cell suppression, noise addition, top‑coding. Example: Suppressing small cell counts in a table showing disease incidence by village. Challenge: Maintaining data utility for research while meeting strict privacy thresholds.
System Hardening – Reducing attack surface by disabling unnecessary servi… #
Related terms: baseline security, vulnerability management, configuration. Example: Removing default admin accounts from a server used to host humanitarian GIS layers. Challenge: Performing hardening on heterogeneous devices with limited update mechanisms.
Third‑Party Risk Management – Process of evaluating and monitoring extern… #
Related concepts: due diligence, contractual clauses, audit. Example: Assessing a cloud‑service provider’s compliance with ISO 27001 before storing sensitive beneficiary information. Challenge: Limited visibility into subcontractor practices in multi‑layer supply chains.
Tokenisation – Replacing sensitive data elements with non‑sensitive equiv… #
Related terms: encryption, de‑tokenisation, PCI DSS. Example: Storing credit‑card numbers as tokens in a cash‑distribution system. Challenge: Protecting the token‑mapping database against breach.
Two‑Factor Authentication (2FA) – Security method requiring two distinct… #
Related concepts: knowledge factor, possession factor, OTP. Example: Requiring a password plus a hardware token for administrators accessing the central database. Challenge: Distributing and maintaining tokens in remote field locations.
Unified Data Repository – Centralised storage that consolidates data from… #
Related terms: data lake, metadata, governance. Example: A unified repository that houses health, nutrition, and shelter data for a region. Challenge: Integrating heterogeneous file formats while enforcing consistent protection controls.
Use‑Case Governance – Defining and approving specific scenarios in which… #
Related concepts: policy, approval workflow, audit. Example: Approving a use‑case for analysing displacement trends before granting analyst access to raw survey data. Challenge: Keeping governance agile enough to support time‑critical humanitarian decisions.
Vulnerability Management – Ongoing process of identifying, assessing, pri… #
Related terms: patch management, penetration testing, risk register. Example: Conducting quarterly scans of the organization’s web applications to detect known CVEs. Challenge: Applying patches promptly when internet bandwidth is scarce.
Virtual Private Network (VPN) – Encrypted tunnel that extends a private n… #
Related concepts: remote access, split tunnelling, authentication. Example: Field staff connect to the headquarters network via VPN to upload beneficiary lists securely. Challenge: Configuring VPN clients on low‑spec devices without compromising performance.
Whistleblower Protection – Policies and mechanisms that safeguard individ… #
Related terms: anonymous reporting, retaliation, confidentiality. Example: Providing a secure, encrypted channel for staff to report unauthorized data sharing. Challenge: Ensuring reports are acted upon while maintaining the reporter’s anonymity.
Zero‑Trust Architecture – Security model that assumes no implicit trust,… #
Related concepts: micro‑segmentation, continuous authentication, least privilege. Example: Implementing a zero‑trust network where each device must authenticate before accessing any internal service. Challenge: Deploying comprehensive verification mechanisms in low‑resource field settings.