...
- In case the potentially sensitive data is microdata, the following steps will be taken:
- The DPT member on duty makes the dataset private and creates a ticket in the SDC for Microdata Log (this sheet)
- Nafi obtains a copy of the microdata
- Nafi notifies the organization and explains the SDC process, through this email template, and offers the organization the opportunity to download their data before it is deleted from the platform
- After Nafi and the organization have downloaded a copy, or after 24hrs pass, the data is deleted from HDX
- Nafi applies the risk assessment tool which is part of the SDCmicro package developed by the World Bank
- Nafi shares back the risk assessment with DPT and Policy
- The organization focal point and Nafi reach out to the organization to inform them about the established risk level and suggested next steps
- If needed, Nafi applies the SDC tool to the data concerned, and conducts another risk assessment and estimates information loss, results are shared with organization focal point and policy email address
- Next steps are decided in a call to do case review and recommendation with organization, focal point, Nafi, and ideally data policy
- If the data is re-published on HDX after SDC has been applied, Nafi suggests to the contributor how to flag this in the metadata
- Lessons learned are recorded in the SDC for Microdata Log (available here) by Nafi
...