AHEEN Data Protection Policy
AHEEN operates in sensitive humanitarian contexts where data protection is paramount to safeguarding vulnerable populations, ensuring educational access, and upholding human dignity. This handbook provides comprehensive guidance on protecting personal data throughout its lifecycle, tailored to AHEEN's operations in emergency settings.
Introduction
Purpose and Scope The African Higher Education in Emergencies Network (AHEEN) is a nonprofit init...
Data Protection Principles
AHEEN adheres to core principles from the DPA, UoN policies, and ICRC handbook, adapted for human...
Roles and Responsibilities
Data Protection Officer (DPO): Oversees compliance; reports to UoN's DPO (contact: dataprotectio...
Data Classification
Classify data to determine handling: Classification Examples Handling Requirements Public ...
Data Lifecycle Management
Collection Obtain explicit consent where possible; use vital interests/public interest in emerge...
Cloud Storage
Cloud services enable scalable storage for AHEEN's distributed programs but introduce risks like ...
Storage on Private PCs (BYOD Policy)
Personal devices (laptops, mobiles) are common in field operations but pose risks like loss/theft...
Use of AI
[TBD] Use of AI for analysis. OpenSources etc
Risk Assessments
Conduct DPIAs for high-risk activities (e.g., biometric enrollment): Identify risks (e.g., data ...
Data Sharing
Legal Basis: Consent, contract, or public interest (e.g., sharing with partners for degree valid...
Incident Response
Follow UoN/DPA protocols: Detection: Monitor for breaches (e.g., unauthorized access). Containme...
Training and Awareness
Mandatory annual training on principles, tools (e.g., encryption). Field-specific modules for em...
Compliance and Auditing
Internal audits quarterly; external every 2 years. DPO reports to AHEEN Board/UoN. Violations: D...
References and Appendices
Kenya Data Protection Act, 2019 University of Nairobi - Data Privacy Policy Approved 02022024 V1...