Protection of personally identifiable information (PII) is one of the most important responsibilities in M&E and a solemn duty of technology providers.
As the situation deteriorated yesterday in Kabul, our team discussed what we could do to protect the people that our partners and software endeavor to serve. Our team reached out to every organization we work with that reports any data in Afghanistan and has applied the extra security measures deemed appropriate by these teams.
These options are available to any DevResults users (at any time for any reason) to add additional security:
- Forced logout of all users: Forced logouts address the risk of someone gaining access to an unattended computer where someone is logged in or had logged in recently. A user must log in again with a password if they try to change pages or begin a new session.
- Erasing passwords for some or all users: Erasing passwords addresses the risk that passwords have been compromised. It does not prevent someone from creating a new password; a user would need access to their work email in order to create a new password.
- Temporarily removing access for some users: Owners of DevResults sites always have the option of temporarily changing the permission level of some users to “No Access”. This change takes effect when a user tries to change pages or log in.
- Temporarily shutting down all access to the site: The DevResults team can temporarily deactivate any site.
Today our hearts are with the people of Afghanistan. For any development or humanitarian professionals in Afghanistan, we ask that you take a moment to think of what information you might have online or on a hard drive that could put individuals at risk, and to take steps to protect it in the case of breach of property or access. We recommend reaching out to your technology providers to assess your options. In particular, consider protecting or erasing PII of women and girls receiving training and education, and of anyone working with civil society organizations. Please don’t hesitate to reach out to us at email@example.com if we can help with anything.