Privacy Patterns
Overview
The Privacy Patterns project emerged in response to increasing awareness around privacy issues associated with the collection, use and disclosure of personal information, combined with the lack of guidance or regulation for civil society organizations in the United States in particular. For this sector, service delivery related data – client lists, personal history or even contact lists can be particularly sensitive. Donor data is a critical business asset, and employee data often needs to be managed with care as well. A plethora of advice is out there – but without dedicated resources (e.g. a privacy officer or attorney specializing in privacy) to analyze, search and curate that information – civil society organizations are faced with (yet another) operational challenge with an increasingly higher impact and likelihood of a bad outcome.
Tracy Ann Kosa on Digital Privacy for Nonprofits from Stanford PACS on Vimeo.
Approach
After conducting a literature review and numerous interviews with different organizations and experts across the country, the Privacy Pattern team developed a method to conduct a risk based recommendation system. We started by identifying and mapping global privacy principles, then analyzing actions required to support implementation and finally weighting those actions against regulatory activity. The project has stretched across all sectors of civil society activity, incorporating health, education and criminal history data considerations. Ultimately, the guiding principle of the project and team is focused on providing a Top Ten type list of prioritized actionable recommendations. Each recommendation is supported by a curated, free tool, template or support that will enable a non-subject matter expert to take an immediate action to enhance the privacy of whatever dataset they are concerned with in their organization. This may include developing a privacy policy from a well established authoritative template, or a consent statement that is contextually appropriate. The overall goal is to enhance the privacy of data subjects – be they employees of civil society organizations, donors to civil society organization or clients of civil society organizations. A secondary goal is to build capacity and expertise in the practice of privacy across the civil society sector. Privacy Patterns is also working on a framework for an advisory board / working group to help identify and curate region-specific tools, templates and supports for non-English speaking countries that will have culturally different notions of privacy, therefore requiring different supporting activities.
In 2017, the Privacy Patterns team launched an alpha version of a simple, user-friendly website that provides the front-end interface to the mapping and analysis work. A limited amount of information is required from the user about their specific organizational needs (none of which is retained), and a simple query yields the recommendations. A beta version of the site was developed in 2018, and we are currently working on adding additional country-specific requirements and recommendations, focused first on countries that have privacy obligations in place for civil society organizations (Canada, UK, Australia etc.) The team has also created a wire frame based on feedback to update the look/feel of the site, and simplify the user experience.
Process
The team deliberately adopted an iterative approach, as privacy obligations span the globe and data subject expectations grow and change regularly. Civil society organizations come to the site because they are aware of the growing need to pay attention to privacy as an organizational risk and they are particularly passionate about protecting their donors, employees and clients. We welcome the opportunity to continue to engage, grow and develop the site to meet the needs of the sector.
Next Steps
The Privacy Patterns project site is live (in beta release) for civil society groups to use to obtain advice and guidance on managing privacy concerns. In addition, we invite all user feedback on both the site, content and workflow through a survey (link below, under ‘Learn More’). We continue to maintain this site and provide it free of charge relying largely on volunteer hours. If you would like to get involved in supporting the project, either through design, translation, coding or another way, we’d love to hear from you. The project team is working with the Digital Civil Society Lab to develop strategies for sustainable capacity building, including working with funders to directly resource ongoing support for this work.