Over a period of six months, The Engine Room worked with Education as a Vaccine (EVA) , a non-profit organisation founded in 2000 that works in partnership with children and young people to advance their rights to health and protection from all forms of violence by strengthening capacities, providing direct services and influencing policies, for improved quality of life.
This post looks back at our work together in the course of our partnership (run through our Matchbox support programme), which focused on EVA Nigeria’s data collection, analysis, storing and sharing practices and processes; how the organisation uses the data they collect; and areas of potential improvement.
- Assessing the current data ecosystem and data lifecycle in order to identify opportunities for strengthening their data processes in ways that are both responsible and effective .
- Working together to determine how Eva Nigeria can approach data management more strategically for advocacy
- Strengthening knowledge around responsible data management
- Engaging in practical responsible data management exercises
- Co-creating a data management policy.
In Nigeria, internet use is widespread, but the speeds are often slower than recommended for work. While there are laws in place to protect people’s digital rights and data, Nigeria was ranked as the 32 most-breached country in early 2023, with a 64% increase in documented data breaches from the previous quarter. In 2021, the government also temporarily banned Twitter, which had significant economic and social impact. Despite these issues, however, there’s a strong sense of digital activism in Nigeria, with various campaigns mobilising the public.
What We Learned
EVA uses a variety of communication platforms and tools for internal collaboration, project management, and data analysis. As concerns were raised about high property crime rates in Nigeria, the team was interested in strengthening their security. To support in this, our team conducted a thorough assessment of EVA’s practices. This included:
- Context research: Our team conducted desk research covering the ways that Eva Nigeria’s varied contexts (geographical, network make-up, applicable legislation, etc.) impact potential risks and strategies.
- Documentation review: We reviewed information and communications documentation, including strategies and policies, and any documentation on relevant security incidents.
- Interviews and surveys: We conducted interviews and surveys with the team to better understand their experiences with tech and data.
- Mapping critical processes: Our team facilitated a data mapping session with the team where we traced the lifecycle of two critical operational processes involving data.
- Capacity Building: Based on our findings, we facilitated a group session that supported the learning goals of the organisation.
Looking Towards the Future
Our partnership surfaced several opportunities for EVA Nigeria to explore in terms of data and security practices – both internally and with their mobile apps:
EVA is an organisation that already uses data in a variety of ways to achieve its mission. We recommended that they primarily focus on incorporating responsible data practices into their workflow. Understanding what data is being collected and for what purpose, and assessing its sensitivity, can help the team identify risks. Additionally, knowing where the data is stored and who has access to it is important for any organisation who wants to better secure their data. Relatedly, minimising data collection, especially when it comes to sensitive information like location and sexual health, was also recommended to keep their users safe.
Strengthening Organisational Security
Given the context in which the team works and the ways in which they collaborate, we recommended implementing secure communication guidelines and practices that include using encrypted tools like Signal for internal chats. For video conferencing, we advised switching to services that prioritise privacy, such as Jitsi Meet or BigBlueButton. We also suggested establishing a comprehensive password management process that covers strong password creation, two-factor authentication, and periodic password changes. Training and guidelines for device security were also recommended, focusing on password protection, disk encryption, and limiting personal use on work devices.
Developing Privacy Policies
We are excited to see how EVA’s efforts will continue to shape their organisation’s data management and security practices. From our side, we found this partnership incredibly rewarding, with opportunities to expand our knowledge about health initiatives in Nigeria.
Read more about our Matchbox programme on our website (see the link below), and if you have questions about integrating tech and data more efficiently and securely into your own social justice work, get in touch!