Using new and social media to interact with and collect, store and use data relating to and from citizens might warrant privacy concerns. You should be aware of the right to privacy and should therefore address such issues in your strategy and associated data protection policy and investigate and implement measures to meet the national and regional policies and regulations that are relevant to your practices.
Informed consent, for example, is a key dimension of the European data protection directive. Part of ensuring a person’s privacy is safeguarding personal information against misuse, through anonymisation (and pseudonymisation). Another important component of the European data protection regulation is proportionality and legitimate purpose. Proportionality is also linked to transparency, in that those collecting data should ensure they inform users if they are to use personal data for anything other than what the data was initially collected for. Transparency also helps build and improve trust in your organization and the relations you have with others. Furthermore pay attention to ownership of content by avoiding breaching copyright when sharing information through social media (or other means). Attention to ownership can serve to complement the development of trusting and mutually beneficial relationships between crisis managers and the public.
Examples of European policies and regulations to protect the rights of citizens include: the European Convention on Human Rights, the Charter of Fundamental Rights of the European Union and the European data protection regulation.
- Consider running an independent Privacy Impact Assessment (PIA) in order to ensure that applicable privacy related risks are identified and met adequately.
- Consider employing the principle of “Privacy by Design” (PbD) when designing and developing new ICT tools for crisis management purposes, to ensure that technologies are respectful of privacy considerations, which can in turn help to build trust in user’s engagement with tools.