Search Results

Purpose and Scope The African Higher Education in Emergencies Network (AHEEN) is a nonprofit initiative dedicated to delivering academic diplomas, degrees, and employability-focused programs to refugees and internally displaced persons (IDPs) across Africa. Ho...

AHEEN adheres to core principles from the DPA, UoN policies, and ICRC handbook, adapted for humanitarian education. Principle Description Application to AHEEN Lawfulness, Fairness, and Transparency Processing must have a legal basis (e.g., consent, vita...

Data Protection Officer (DPO): Oversees compliance; reports to UoN's DPO (contact: dataprotection@uonbi.ac.ke). Conducts DPIAs and training. Staff/Volunteers: Handle data securely; report incidents immediately. Managers: Ensure team adherence; approve data sh...

Classify data to determine handling: Classification Examples Handling Requirements Public Aggregated program reports (no identifiers). Minimal protection; share freely. Internal General operational emails. Access limited to AHEEN staff. Confidential...

Collection Obtain explicit consent where possible; use vital interests/public interest in emergencies. Provide privacy notices at collection (e.g., via intake forms). Minimize: Collect only essentials (e.g., name, emergency context for enrollment). Processin...

Cloud services enable scalable storage for AHEEN's distributed programs but introduce risks like data sovereignty and access by foreign governments (e.g., US CLOUD Act). Guidelines Approved Providers: Use UoN-vetted services (e.g., Microsoft Azure with Kenyan...

Personal devices (laptops, mobiles) are common in field operations but pose risks like loss/theft in emergencies. Guidelines Approval: Register devices with IT; use only for AHEEN work. Security Measures: Full-disk encryption (e.g., BitLocker/FileVault). MFA...

[TBD] Use of AI for analysis. OpenSources etc

Conduct DPIAs for high-risk activities (e.g., biometric enrollment): Identify risks (e.g., data leakage in refugee camps). Assess impacts on vulnerable groups. Mitigate via minimization/proportionality. Review annually or post-incident.

Legal Basis: Consent, contract, or public interest (e.g., sharing with partners for degree validation). Humanitarian Contexts: Balance urgency with "do no harm"; use aggregated data for reports. Third-Party Sharing: No sharing without a Data Processing Agree...

Follow UoN/DPA protocols: Detection: Monitor for breaches (e.g., unauthorized access). Containment: Isolate affected systems; notify DPO within 1 hour. Assessment: Evaluate scope/impact. Notification: Report to ODPC within 72 hours if high-risk; inform subjec...

Mandatory annual training on principles, tools (e.g., encryption). Field-specific modules for emergency contexts (e.g., data risks in camps). Awareness campaigns: Posters/notices in multiple languages.

Internal audits quarterly; external every 2 years. DPO reports to AHEEN Board/UoN. Violations: Disciplinary action per UoN code.

Kenya Data Protection Act, 2019 University of Nairobi - Data Privacy Policy Approved 02022024 V1.pdf ICRC Handbook on Data Protection in Humanitarian Action Appendix A: DPIA Template Appendix B: Data Processing Agreement Sample For queries, contact AHEEN DPO...