Topic 4: Safety and Security
How to Mitigate Risks: Risk Assessments
How to be Safe Online
Data Protection
What to do in an Emergency: Crisis Management
Risks and Risk Mitigation
Depending on the work that your organization will be carrying out, it’s important to be aware of your context and work actively to mitigate the risk that may come.
Your Safety and Security Policy will be your go to document however its important as management to continue to oversee these risks based on activities and on a quarterly basis.
Here is a sample of a risk assessment and what you need to take into account as an organization working in a challenging context.
How to be Safe Online
More and more people are using digital platforms than ever before. Unfortunately, that includes a minority who may have malicious intent.
It’s important that you maintain safety online for you as an individual, your people and your organization.
Don’t post any personal information online – like your address, email address or mobile number.
Think carefully before posting pictures or videos of yourself. Once you’ve put a picture of yourself online most people can see it and may be able to download it, it’s not just yours anymore.
Keep your privacy settings as high as possible.
Never give out your passwords or share any personal information with others, even if you think you trust them.
Don’t befriend people you don’t know.
Don’t meet up alone with anyone you’ve met online.
How to be Safe Online
Remember that not everyone online is who they say they are.
Think carefully about what you say before you post something online. Be particularly careful if you feel strong emotions about a subject as your words may be taken out of context or used against you in the future.
Respect other people’s views, even if you don’t agree with them.
If you see something online that makes you feel uncomfortable, unsafe or worried: leave the website, turn off your computer. Find a safe space to tell a colleague or friend.
If you are an online activist, consider a pseudo account that does not have your personal identification information.
Do not publish information about other people that may put them at risk.
As part of online activism work in a community or movement to avoid being singled out.
Data Protection
Data protection regulation is all about “personal data”. What does that actually mean?
“Any information that relates to individuals you may work with (including, but not limited to, staff, trustees, volunteers and suppliers), and includes information like their name, address as well as any other information that could identify them, for example a photograph or an internet address.”
Basically: can you use that data to contact, identify, or locate the person? If the answer is yes, it is personal data.
A Data Breach is a security violation, in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen, altered or used by an individual unauthorized to do so.
Examples of a Data Breach:
Sending personal data to an incorrect recipient, e.g. an email that contains personal data being sent to the wrong person.
Cyber-attack steals personal data (e.g. bank details or card numbers)
Theft of phone, laptop or files
Unauthorized access to our systems to alter personal data held by us.
A third-party data processor (e.g. our payroll provider) tells us that it has suffered a breach of personal data where we are the data controller.
Losing your personal mobile which may have your organizations documents on it with personal data that is accessible.
What to do in an Emergency: Crisis Management
In the event of an emergency, a swift and quick response is crucial in the way your organization responds.
These are the following steps in incident management:
Convene a Crisis Management Team.
Secure appropriate external expertise if needed.
Make financial decisions related to the crisis and post-incident recovery.
Coordinate with donors, authorities and other third parties.
Establish business resumption and continuity plans.
Create internal and external media and communication strategies.
Offer mental/psychosocial health support for affected parties.
Contact family liaison and support.
Manage partnership risks and team cohesion.
Incident documentation and learning steps.
Assessment 2: Risk Assessment
Your organization is organizing a feminist convening which will be a safe space for the community to share various issues regarding Gender Based Violence and strategies to cope and help those in urgent need. You have invited 50 people ages 15 – 30, including participants from marginalized communities and Minority groups. Using this sample template conduct a risk assessment for this activity highlighting the measures you will put in place.
