By Ezra Mbogori, Executive Director at Akiba Uhaki
IHRFG recently held its semi-annual institute in San Francisco in the form of a Responsible Data Forum (RDF) for funders, organized by the Engine Room. The Forum brought together program officers and grants managers to identify and discuss responsible data related to grantmaking and management, ultimately developing tools and strategies for dealing with sensitive information. Following the event, funders shared their reflections and lessons.
Attending the Responsible Data Forum organized by IHRFG and the Engine Room brought home to me, rather starkly, just how little I had really taken to heart until now about data use, storage, and security in particular, but also the range of risks that accompany us in this information age. In one short day, numerous gentle warnings that I have received from many sources in the past were subtly repeated – sometimes eerily. It is easy, for instance, to forget that an email is literally a ‘postcard’ being sent from one user to the next via a series of other points.
Keeping this in mind should surely be reason enough to be careful about what one says and their general use of e-mail. As we talked about internet security and how the risk of hacking is a fact of life, it occurred to me that I trust too easily. I have no doubt that this is a part of my culture. Habits speak to how I have been socialized. I did recall being advised not too long ago that our servers were not securely isolated and this presented a risk. At the time, I simply dismissed the suggestion and imagined that the auditor just wanted to have something evaluative to say about our operations. Did they not know that these suggestions came with a cost, I asked myself? Do they not understand that any additional expense has implications for the work we do?
Attending the Responsible Data Forum brought to the fore what has become a more important question now: ‘How do I change my habits to react effectively to the risks we operate with every day?’ This became the enduring question that I left the forum with. It was clear from then that I need to do something about myself and my colleagues in our own organization, before even thinking about our grantees and what realities we need to consider where they are concerned.
I appreciate now more than ever before that, where data is concerned, we are all in a high-stakes game and need to act more consciously to protect our information – responsibly. I cannot help recalling the conversations about the power dynamics often at play among funders, grantees, and communities where data gathering, use and storage are concerned. Having seen big companies trying to recover from hacking incidents, I had never envisioned my organization going through any such experience. ‘It would never happen to us’ is a standard thought that has often crossed my mind. After all, we are small and have always operated ‘well below the radar’. The Forum brought home to me the fact that what I have always harbored was a false confidence that we are too small to be of interest to anyone where data is concerned. Recalling discussions that I have had more recently with data mining experts regarding how to use their skills for fundraising, I now feel a different kind of unease. We may have solutions to one challenge but, inevitably, this opens up new challenges. This has led to the blurring of what I thought was a clear vision on strategies for the future.