Skip main navigation

Key elements of data protection

Read on for practical measures to protect CAAFAG data.

Data protection risks should be identified and addressed at the beginning of project implementation, before data are collected and throughout the implementation. If the security situation deteriorates during the programme implementation, you may require updating the assessment.

Here are some measures to ensure the protection of CAAFAG data:

  1. Conduct a Data Protection Impact Assessment (DPIA) to assess the risks and identify risk mitigation measures.
  2. Develop clear data protection and information sharing protocols in response to the specific risks and include mitigation measures identified during the assessment. Children’s personal data and the sharing of data must be documented and managed using safe and appropriate systems, protocols and tools. The data protection and sharing protocols should be regularly reviewed based on the security situation.
  3. Train all staff involved in processing CAAFAG data (including information management and MEAL staff) on confidentiality, data protection and information sharing protocols. You can use the Alliance for Child Protection in Humanitarian Action Information management for case management online series.
  4. Organisations collecting data must ensure confidentiality and control of access to identifiable information, based on the need-to-know and data minimisation principle.
  5. Use a secured information management system to manage case management information. Secured software such as Primero is recommended to manage case management data.
  6. If implementing case management services, use harmonised case management forms, in order to collect a minimum of standardised data for all cases and to easily transfer cases from one organisation to another if needed.
  7. Data related to CAAFAG status should ideally be gathered by trained caseworkers. When a child is provided with complementary services such as Education, MHPSS, and Livelihoods, documentation should not identify CAAFAG status, unless stringent data protection and information sharing protocols are in place.
  8. Password protect all documents such as database, list of children as well as access to folders, flash disk and storage device.
  9. Protected cloud to store data.
  10. Use a coding system to record CAAFAG in case management forms.
  11. Use the need to know principle to inform the data sharing protocol and push back on government or donor requests for identifiable information
  12. Case management forms should be stored in locked filing cabinets.
  13. If relevant, use tablets to store and collect data instead of paper forms.
  14. In case of emergency, plan for safe evacuation and storage of data and paper forms, as well as their destruction if needed.

This list is adapted from Child Protection Minimum Standard in Humanitarian Action Standard 18 Case Management. You can also see pages 131-132 of the guidelines for more information.

This article is from the free online

Programme Design for Children Associated with Armed Forces and Armed Groups (CAAFAG)

Created by
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now