Information Ecosystem

Explore detail 04

Purpose & Output

The purpose of this exercise is to take an inventory of the most important information assets you manage, in order to create policies for its safekeeping later on.

Input & Materials

It may be helpful to reproduce the example table below, either by printing it or drawing it on a flip-chart or other materials.

Format & Steps

Brainstorming and documentation

To begin the exercise – especially in a group – it may be useful to use a spreadsheet, or a large sheet and sticky notes, or some other means which allow you to brainstorm easily and group things together.
Brainstorm and make a list of all of the data you manage. If you're not sure where to begin, consider:

  • data related to each of your human rights activities
  • personal data and files, especially if stored on your work computer
  • browsing activities online, especially of sensitive data
  • emails, text messages and other communication related to your human rights activities.

Imagine a spreadsheet that has several columns enumerating categories as described below. Your task is to fill the rows with information.

Start with your information at rest, and for each type of information, elaborate on the following

  • What information is it?
  • Where does it reside?
  • Who has access to it?
  • How sensitive is it (secret / confidential / public) ?
  • How important is it to keep it?
  • Who has access to it?
  • How should it be protected?
  • How long should it be kept before destroyed?

Characterise and qualify the information you have mapped out.

You can repeat the same process and expand the spreadsheet with additional entries for your information in motion; e.g. data being transferred (physically, electronically), communications over the internet or telecommunications networks.

The questions and example in Table 2 below may help you with this.


Remarks & Tips

This process is iterative. Once you have done the first round, you may detect patterns and groupings. For instance, you may decide that since all financial information (regardless of type) has similar sensitivities and longevity, you can group them and think of them as a financial information category.

Conversely, you might find yourself needing to expand a row into several rows. For instance, a row containing 'email' needs to be expanded to several rows to account for a subset of emails - and their safe-keeping - which is sensitive.

This should be a live document and will change according to shifts and developments in your situation. So you will benefit from regularly updating this document to account for any of these changes.