All data publicly or privately shared through HDX is reviewed by a Centre for Humanitarian Data team member to ensure it follows the Terms of Service. This initial check is always performed by a member of the Centre's Data Partnerships team (DPT). A dataset will immediately be deleted from the HDX platform in case the data is found to contain personally identifiable information or other data that the Data Partnership Team DPT member considered likely to be sensitive.
- In case the potentially sensitive data is microdata, the following steps will be taken:
- A
- The DPT member on duty makes the dataset private and creates a ticket in the SDC for Microdata Log (this sheet)
- Nafi obtains a copy of the microdata resource is obtained by Nafi in Dakar
- Nafi notifies the organization and explains the SDC process, through this email template, and offers the organization the opportunity to download their data before it is deleted from the platform
- After Nafi and the organization have downloaded a copy, or after 24hrs pass, the data is deleted from HDX unless it is to be reasonably expected that the data in question does not pose any significant risk, given the contents and context of the dataset
- Nafi applies the risk assessment tool which is part of the SDCmicro package developed by the World Bank
- Nafi shares back the risk assessment with Javier DPT and JosJavier, Jos Policy
- The organization focal point and Nafi reach out to the contributor organization to inform them of about the risk of reidentification of individual respondents, and explain the SDC processestablished risk level and suggested next steps
- If needed, Nafi applies the SDC tool to the data concerned, and conducts another risk assessment and estimates information loss, results are shared with Javier and JosJavier, Jos and Nafi determine next steps (either publication of the perturbed dataset or sharing of the original dataset through HDX connect) together with contributororganization focal point and policy email address
- Next steps are decided in a call to do case review and recommendation with organization, focal point, Nafi, and ideally data policy
- If the data is re-published on HDX after SDC has been applied, Nafi suggests to the contributor how to flag this in the metadata
- Lessons learned are recorded in an overview of the incident, drafted by Nafi and reviewed by Josthe SDC for Microdata Log (available here) by Nafi