This blog is part of a running series from the Responsible Data for Children initiative highlighting each of the RD4C principles and real-life efforts to realize them. You can learn more about this series here.

Ahead of International Youth Day on 12 August, today’s blog looks at the importance of preventing harms for children and youth across the data lifecycle and which resources are available to you to operationalise it. It also highlights how UNICEF, the Ministry of Social Affairs and other partners in Guatemala embedded this principle into CPIMS+/Primero for uprooted children and youth. 

What is Prevention of Harms Across the Data Lifecycle? 

Data is a powerful tool. When used well, data has the potential to uphold children’s rights and offer critical insights to ensure informed services. Like any power tool, however, data needs safeguards. If used badly, data can erode children’s rights, including their right to privacy, and expose them to serious dangers and harms. This is especially true for children in  vulnerable contexts such as uprooted children and youth (whether refugee, displaced or migrant children and youth). 

As data is not static, but exists as part of a process, the opportunities and risks generated by data handling vary depending on the stages of the data lifecycle (when planning, collecting, processing, sharing, analyzing, using data). Though the data lifecycle can take various shapes, RD4C has consistently referred to the following stages: 

• Planning: Defining specific objectives of a data activity; 
• Collection: Gathering data directly from the field or collating it; 
• Processing: Removing irrelevant or inaccurate information; 
• Sharing: Exchanging data and other information with relevant collaborators; 
• Analyzing: Assessing the data to extract insights; 
• Using: Acting on the insights derived. 

As part of a commitment to data responsibility, people handling data for and about children in any way, at any of the stages of the cycle, can assess and take action to prevent risks across the full data lifecycle. This work includes avoiding risks of misuse (i.e. ensuring protection of data and preventing a use of data that would erode children’s rights) and missed use (i.e. ensuring promotion of data and preventing a situation where data could be used to uphold children’s right, but is not). This concept is called end-to-end data responsibility, which is essential for ensuring trust. 

How Have Others Pursued Prevention of Harms Across the Data Lifecycle? 

The CPIMS+/Primero is an open-source child protection system used in more than 50 countries. It provides clear workflows to assist social services workers with documenting case management processes — from identification and registration, to assessment, case planning, referrals and transfers, and case closure. Designed with and developed by child protection caseworkers and social service providers, it allows users to define who can see specific data and perform determined actions to ensure confidentiality, privacy and security. By allowing many organizations and users to securely manage their caseloads on a single database, CPIMS+/Primero helps ensure that the data is of high quality, without duplication, and therefore reliable for analyses and reporting.   

Together with UNICEF in Guatemala, the Ministry of Social Affairs (Secretaría de Bienestar Social, SBS, in Spanish) rolled out a customized version of CPIMS+ in 2021—prioritizing its implementation in shelters and departmental agencies for returnee children from Mexico and the United States of America. With the thorough assessment and analysis of the data collected, the Government is taking a proactive approach to improve the insights generated about and enhance case management of children—including referral to appropriate child protective services for vulnerable, excluded, or at-risk children, family search and reunification and/or alternative family care, as well as follow-up and support for children and families. 

Careful attention to harm prevention at each stage of the data life cycle is necessary, but can be quite time-intensive. To overcome these challenges, CPIMS+/Primero provides accountability and supervision features that ensure individual and safe oversight throughout the management of a case. Access is role-based to allow only authorized staff to access sensitive information. Additionally, UNICEF and the SBS, share an agreement that specifies how the safety of data will be handled and what the responsibilities between the institutions and the system are. Two of the most important clauses guarantee the responsibility of the State to protect CPIMS+ data and specify the modalities of data sharing between UNICEF and SBS through information exchange protocols.
 

What Resources Can I Use For Prevention of Harms Across the Data Lifecycle?

The RD4C Studio Methodology provides a tool for organizations striving to address children's needs through data to assess the risks and opportunities related to that data at each stage of the data lifecycle. 

The Methodology comprises a sequence of interdisciplinary participatory workshops following a five-step approach, namely (1) Kick-off, (2) Research, (3) Convene & Ideate, (4) Output Draft, and (5) Release. This stepped approach empowers organizations to prioritize pressing issues, gather diverse insights from key stakeholders, including children and youth, and work collectively towards impactful and responsible data use throughout a project for the well-being of children.

***

We hope this blog has been useful to you in helping you understand what it means to prevent harms across the datalifecycle. Please return to our blog next week when we’ll discuss our next principle or subscribe for updates to the RD4C initiative by signing up to our mailing list here.

Back to the Blog