Are You Over or Under-Protecting Your Grants Data? 5 Ways to Balance Transparency and Data Protection in Sensitive Contexts
Over the last few months, this blog has presented insights gained from the Advancing Human Rights initiative’s five-year trend analysis. Getting to these insights would not have been possible had not a growing number of funders decided to consistently share more detailed data about their grantmaking, such as through Foundation Center’s eReporting program. In a field where data can pose real risks, some might feel that this openness is ill-advised. Yet transparency and data protection need not be at odds. By operating from a framework of responsible data, funders can simultaneously protect the privacy and security of grantees and contribute to making the human rights field more transparent, accountable, and effective.
This topic – balancing transparency and data protection – was the focus of a session facilitated by Foundation Center at the PEAK Grantmaking annual conference last month. Our goal was not to debate the merits of one principle over the other, but to help provide a framework that funders can use in determining how to share grants data, even in challenging circumstances. What follows are some of the ideas and tips discussed at that session (a caveat here: these tips focus on data shared voluntarily by funders on their website, with external partners like Foundation Center, etc.; we recognize that funders may also face legal reporting requirements that could raise additional issues).
- Think of transparency as a spectrum: Conversations regarding data sharing often seem to end up at extremes: we must share everything or we can’t share anything. Instead, funders should identify what level of transparency makes sense for them by asking themselves two questions: (1) What portion of our grants portfolio contains sensitive data that could put grantees at risk if shared? and (2) For the portion of grants deemed sensitive, which grant details – if any – are possible to share? Based on our experience with Advancing Human Rights, in most cases funders will find that it is possible to share some, if not most, of their grants information.
- Assess the risks of sharing data: Answering these questions requires careful consideration of the consequences if information about certain grants is made public, particularly for grantees’ security. As noted at the PEAK session, in assessing risks funders should not only consider possible negative actions by government actors, but also by actors like militant groups or even a grantee’s community or family. It is also important to recognize that risks can change over time, which is why it is so critical that funders understand what will happen with the data they share; if circumstances change, they need to know who should be notified so that newly sensitive data can be removed.
- Get grantees’ input: Minimizing harm to grantees is of utmost importance to funders. And yet grantees usually have little or no input on decisions about what information is shared about them. Some funders do explicitly ask for grantees’ consent to share information, sometimes at multiple points along the grant process. This could take the form of an opt-in box included as part of the grant agreement process, for example. At a minimum, grantees should understand where and how data about the grant will be used.
- Calibrate what is shared based on the level of risk: Depending on the outcomes of their risk assessment (and grantees’ input), a funder may determine that it’s inadvisable to share any details about certain grants. In these cases, funders may opt not to include those grants in their reporting at all, or to only report on them at an aggregate level (e.g., $2 million in grants to region or country X). In situations where it is possible to acknowledge a grant, funders can take steps to protect a grantee, such as: anonymizing the name of the grantee; providing limited information on the grantee’s location (e.g., country only); and/or redacting or eliminating a grant description (note: from our experience processing data, it is easy to overlook sensitive information in grant descriptions!).
- Build data protection into grants management systems: Technology has an important role to play in making data protection systematic and, importantly, manageable. For example, some funders have “flags” to indicate which grants can be shared publicly or, conversely, which are sensitive. In one example shared at PEAK, a grants management system has been set up so that if a grant has been marked as sensitive, the grantee’s name will automatically appear as “Confidential” in any reports generated. These steps can minimize the risk of data being shared due to human error.
Transparency is at the core of Foundation Center’s mission. We believe deeply that transparency can not only help build public trust but also advance more inclusive and effective philanthropy. For that reason, we are committed to being responsible stewards of the data that is shared with us (see the security plan for Advancing Human Rights, for example). A single conference session or blog post cannot do justice to such a complex and long–debated topic. We are therefore thankful that our colleagues at Ariadne, 360Giving and The Engine Room have just started a project to provide funders with greater guidance around this issue (learn more in these two thoughtful blog posts from The Engine Room, here and here). We look forward to seeing and acting on their findings!