Tania Lee, GPIA Alumna and ICT4D Specialist, Discussed NGO Data Security at InterAction’s Forum Workshop

Published on July 10, 2015

Tania Lee, a GPIA alumna who concentrated in Conflict and Security, is an ICT4D (Internet Communications Technology for Development) specialist. Prior to GPIA she received a B.A. in Feminist Studies and Politics then helped to establish a tech and engineering consultancy that focused on promoting women of color in STEM (Science, Technology, Engineering, and Mathematics) jobs and worked for a local government agency in New York as a software development project manager. She was drawn to The New School because of its ‘unique commitment to social justice’ and GPIA in particular due to a desire for her ‘work to have a global focus.’ She recently left a position with the International Rescue Committee as an ICT (Information Communications Technology) for Programs, Program Officer and began a position with Caktus Group as an SMS (Short Message Service) and Web Product Manager. At the end of June Tania presented at InterAction’s 2015 Forum Workshop series on a workshop panel titled ‘The Next Big Scandal? International NGO Data in the Age of Edward Snowden, Facebook, & WikiLeaks.’ The workshop highlighted the real risks in the data lifecycle, examined the legal frameworks surrounding data protection and ownership, and trained attendees on a few free tools and approaches to mitigate these threats. In this interview Tania discusses her work and perspectives concerning NGO data and security.

How did you become interested in NGO data securitization?

I work with program staff to implement technology solutions that support emergency response and service delivery. We work in some high-risk environments where our operational and digital security practices need to be solid. While researching strategies, I stumbled on the Responsible Data Forum (responsibledata.io), a community of dedicated people working to promote and improve digital safety and security for vulnerable communities. I found information and really smart people who helped me to do my job better and have since collaborated on a few responsible data resources.

What are the major challenges NGOs face when improving data security practices and how did your work at the IRC attempt to address these challenges?

Addressing data security risks can seem overwhelming and it’s hard to decide who should own the process. An organization might address data security solely as an IT issue, but I don’t think that’s enough. Better digital safety practices require a cultural shift that involves every member of the organization. Some organizations might put together a policy, but a policy is only as effective as the practice. I worked within the IRC and collaborated across other NGOs to share strategies and toolkits that are “field-tested”. Beneficiaries and the staff who work alongside them have a unique understanding of the local context and can provide insights on risks and threats. I think it’s important to have a holistic perspective on digital safety and security from all levels of an organization.

Sometimes organizations may not address data security vulnerabilities until they are presented with an actual threat due to limited funding, etc. Is data securitization an issue that NGOs generally address proactively or reactively?

NGOs along with government and the private sector need to contend with shifting digital landscapes which could mean that the preventative measures we take today may not work tomorrow. I’m hopeful that NGOs will continue to invest and improve their digital security practices and we’re seeing more and more donors require digital security strategies in their calls for proposals. Just as consumers of technology and citizens of a country can apply pressure to companies and their governments to uphold their right to privacy, there should be similar advocacy efforts for NGOs to uphold the right to privacy of the communities they serve.

What advice would you give to GPIA students with non-tech backgrounds interested in working on this issue?

I think it’s important to educate ourselves and engage in the conversations on data security and privacy, in general. This is an issue of growing concern across so many sectors: healthcare, government, law enforcement, finance, human rights, etc. We need people thinking about better policies, coming up with better tools, raising public awareness, and educating the public on trade-offs. The issues aren’t black and white but the way we think and act on them now could have long-term effects.