الجمعة، 24 مارس 2023

 OVERVIEW

THE ROCKEFELLER FOUNDATION Data for Good Policy

 As a global philanthropic leader, The Rockefeller Foundation recognizes that data is a valuable resource that can catalyze positive social impact. Thus, we believe that sharing information and better use of data has the potential to advance our mission of improving the well-being of humanity throughout the world and to promote more inclusive and equitable societies.

The practice of “data for good” means that the appropriate mechanisms and controls must be put in place for protecting the privacy of individuals and the security of the data while also ensuring confidentiality and minimizing any harmful uses. By embracing sound and ethical data sharing and use practices, all actors – governments, commercial enterprises, academic institutions, researchers, and NGOs – can work together to unlock the full power of data and create sustainable solutions to our greatest challenges responsibly.

DEFINITIONS

"Personal data" or "personally identifiable information" is information which relates to an identified or identifiable individual (i.e. a natural person), whether acting in their personal or professional capacity, and irrespective of whether the information is publicly available. It includes names, addresses, email addresses, job applications, professional profile, financial information and correspondence to and from an individual. Certain personal data is designated as "sensitive" and given enhanced legal protections in some jurisdictions. Sensitive personal data is personal data revealing a person's racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; biometric or genetic information; or information about a person's health, sex life or sexual orientation. Information about a company or partnership is not personal data, but information about that company or partnership's individual employees will be. The entity’s information, however, may be subject to confidentiality restrictions.

"Processing" means any operation performed on personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.

DATA PRINCIPLES

Principle 1: The data assets and processes that we own or fund are powerful tools for social good.

Data assets and processes that we own or fund help us be a responsible, effective, and agile funder and agent of social change. Analyzing the data shows us what works and what doesn’t. Accessing the data more quickly improves the timeliness of our decision-making. And using the data across our portfolio maximizes the power of our charitable dollars. In addition, our sharing of data can spur collaboration, fuel innovation, inform policy debates, and spark public conversation.


Principle 2: We are responsible stewards of the data we own or fund.

With great data comes great responsibility. When funding, collecting, and storing data outputs, we commit to put the interests of the people we serve first. Toward this end:

• We will not fund data that we do not intend to use productively and that will not promote the values of the Foundation.

• We set and maintain high data control and security standards for the Foundation and expect the same from our grantees and partners.

• We will limit the amount of data collected, used, stored and shared to what is absolutely necessary.

• We will use data only for the purposes agreed to and in according with these principles, and not in any other way. In particular, data should not be used to institutionalize unfair biases like racism or sexism.

• We require that personal data from individuals be obtained and shared with informed consent and in compliance with all applicable laws and expect the same from our grantees and partners.

Principle 3: We Respect Privacy

Where research and data collaborations require the use of personal, sensitive or personally identifiable data, we will ensure that privacy by design methodologies are employed to protect the data of individuals in all stages of a data collaboration, study, research project or analysis. The Foundation and our partners our grantees should always have a clear purpose for any personal data before it is collected and reflect a specific business need for the Foundation in furtherance of its charitable mission.

If the personal data will be used for a new purpose or shared with a new third party, we should consider whether it is compatible with the original purpose, and whether it would be within the reasonable expectations of the individual or requires additional consent.

To ensure we respect privacy:

• We comply with relevant data privacy and protection laws, and we require that our grantees and partners do the same.

• We recognize and respect the rights of the individual at the center of all data practices in order to protect the privacy and prevent identification of any individual during the research and analysis processes, and we expect our grantees and partners to do the same.

• In all research and data collaborations, we require that all personal data must be anonymized and/or aggregated before it is shared.

• We endeavor to assess and understand the potential impacts of the data collaboration on people’s privacy and human rights and identify and implement controls to minimize any potential negative impacts.


• We expect our grantees and partners that are data recipients to commit not to re- identify anonymized data and carefully review data combinations to ensure data does not become re-identifiable upon combination and additional use.

Principle 4: Governance

Every research study or data collaboration supported by the Foundation that involves human subjects must follow appropriate procedures that will ensure that their dignity, rights, and welfare are protected, that conflicts of interest are appropriately addressed, and that there are appropriate evaluation and monitoring procedures in place throughout the life of the project. Procedures will be proportionate to the nature and degree of risks entailed in the research. Towards this end:

• We will make training and education materials available to our staff so that all individuals and stakeholders involved in the data collaboration efforts are aware of and trained in appropriate data management practices.

• We expect that project documentation should include data lifecycle, data flows and impact assessments, regular project reviews, use of internal and external reviews in order to ensure comprehensive stakeholder review of the project or initiative.

• Each of the parties to a research or data collaboration with the Foundation should have an identified individual or team who is responsible for data governance and is available to respective staff in order to ensure that the governance practices set forth herein are followed and to answer questions and/or raise concerns regarding appropriate data use and governance.

Principle 5: Open and Fair Access

The Foundation seeks to shares with the public information regarding the work that the Foundation, its grantees and partners are undertaking and the impact that is being achieved. We believe this encourages new perspectives, tools, policies and public debates that advance the Foundation’s mission. At the same time, we seek to protect relationships of trust and sensitive confidential information. Towards this end, the Foundation shall be transparent about our processes and how we use individual personal data. We will not do anything with personal data which individuals would not expect or that would compromise them.

In particular, the Foundation will inform individuals if their personal data will be passed to a third party. Similarly, if we receive personal data from a third party, we will make sure the individual knows that we have it as soon we can. If the Foundation uses service providers for the processing of personal data, a privacy notice accessible to individuals should inform them of such sharing.

Further, the Foundation will take the following actions:

• Any data research project with or funded by the Foundation must proactively identify the methods, and means of communication of the project including the medium used to communicate about the research, the spokespeople for each of the


parties, agreement on how the data used will be classified and discussed as well as how the data practices, uses and combinations will be explained.

• Key information will be discussed and agreed upon by the Foundation and its partners in advance of any communication including but not limited to: partnership or project announcements, interim publications, final publications or results, information about data sets, data combinations, use of data minimization and privacy protective techniques.

• The Foundation and its partners will endeavor to discuss any data sensitive issues that may come up during a collaboration, or in advance if such issues could affect the project. Data sensitive issues, include but are not limited to: regulatory investigation or enforcement, breach or information security events by any party even if it is not related to the study, as it may reflect on the reputation of the parties; other data collaborations or partnerships that are on related topics or are being conducted in parallel or are being done in furtherance of the research, partnership or collaboration, research grants, partnership establishments, extensions; biographies of researchers, assistants or other collaborators and any other information pertinent to the research, study, collaboration or project.


مرسلة بواسطة في ليست هناك تعليقات:
الاشتراك في: الرسائل (Atom)