The Collection Plan serves as the foundational document for the collection effort. It may be tendered as evidence in criminal proceedings in support of the collected audio data.
The preparation of a Collection Plan involves developing written documentation prior to the initiation of the collection effort that outlines in detail the collection effort’s objective(s), context, practical steps from the preparation of collection to the data’s transfer to third-party recipients, and the foreseeable security risks and how they will be managed. It should include short-term and long-term preservation strategies for the collected data.
Once the Collection Plan is established, adherence to the Plan should be closely and continuously monitored and documented. The Collection Plan should be considered a ‘living document’ and adapted as needed. If the Collection Plan is amended or updated during the collection effort, the changes should be made in writing and communicated to all personnel.
The Collection Plan should, in substance, comprise policies for a) data collection, b) data processing, c) data transfer, and d) risk management. Each of the policies should provide, at a minimum, detailed answers to the following questions:
-
a) Data Collection
i. What is the Collector’s overall objective? If there are multiple objectives, how are they prioritised?
ii. For each data collection effort, what is the purpose of the data collection?
iii. What type(s) of data will be collected, in what formats?
iv. Who is the intended end user of the data collected?
v. How will the data, and its embedded metadata, be collected? What tools are required?
vi. What is the contextual framing for the collection effort? (This may include a brief history of the region and/or conflict, relevant political and socio-cultural dynamics, persons of interest, linguistic barriers, etc.)
vii. What are the domestic, regional, and international legal frameworks applicable to the collection effort? (Advice from a qualified legal professional is recommended.)
viii. What is the intended timeline of the collection effort?
ix. How will the collection effort adhere to ethical principles?
x. How will the informed consent of witnesses, victims, or other data subjects be included in the data be obtained at the point of collection? What circumstances would make informed consent inaccessible/impossible to obtain?
xi. What types of documentation procedures and tools will be used?
xii. Who are the Collection personnel and what are their roles, qualifications, and responsibilities/authorisations? What is the supervisory and reporting structure?
xiii. Will any cooperation or partnerships be needed to achieve the objectives of the collection effort?
xiv. What are the limitations, weaknesses, and risks (see ‘c. Risk Management’, below) of the collection effort and its collected data? Are any mitigation steps available?-
b) Data Processing
i. What is the applicable legal and regulatory data protection framework? What steps will be taken to ensure compliance? (Advice from a qualified legal professional is recommended.)
ii. How will the data be preserved and stored? What types of long and short-term storage facilities are available? What are the costs of the storage, and other resource considerations?
iii. Who will have access to the data? What criteria will determine access?
iv. How long will the Collector retain the data for, and what infrastructure is required in order to do so?
v. How will the integrity of the data be evaluated, and maintained?
vi. Will the data be enhanced in any way? If so, how and for what purpose?
vii. Will the data be analysed? If so, how and for what purpose?
viii. How will the metadata be verified for accuracy and completeness, and documented?
ix. How will the data and metadata be organised and labelled?
x. Will any data be deleted? If so, how will the decision to either delete or retain the data be made, and audited? -
c) Data Transfer
i. Will the data be shared? With what third-party recipients?
ii. How will assurance be obtained that the data will be safeguarded once transferred? What criteria will be used to conduct a due diligence assessment of the recipient?
iii. Will the recipients of the data be required to complete non-disclosure agreements?
iv. In what format will the data be shared, and is the Collector’s data format interoperable with the intended recipient’s?
v. Do the applicable legal framework(s) impose any constraints to sharing data? (Advice from a qualified legal professional is recommended.)
vi. Under what conditions and authorizations will the data be shared? What is the internal decision-making process leading up to data transfer?
vii. Will the tools used to share the data put the integrity or quality of the data at risk? If so, how can the risk be mitigated?
viii. Will the informed consent of the data subjects be obtained and documented prior to transfer of the data to a third-party recipient? What circumstances would make informed consent inaccessible/impossible to obtain? -
d) Risk Management
i. What are the foreseeable risks of the collection effort to the (physical, cyber, or other) security of the data and the collection equipment; the Collector and personnel; the data subjects and/or affiliated individuals or entities; or other persons/environments, at any point in the collection, processing, and/or transfer of the audio data?
ii. What is the Collector’s risk tolerance (i.e. with what level of risk can the Collector cope, and under what circumstances?)
iii. What measures will be taken to prevent and to monitor for a security breach?
iv. What is the procedure in the event of a security breach? To recover from a security breach?
-
The Collection Plan should be reviewed and updated at regular intervals or prior to any significant changes to the collection effort, based on the most up-to-date best practices.
Tech Specs & Resources
Data collection and processing resources
For guidance on incorporating data responsibility into organisational data management planning, see e.g., IASC, Operational Guidance on Data Responsibility in Humanitarian Action (2023) (‘IASC (2023)’) Annex B Template: ‘Standard Operating Procedure for Data Management Activity’.
For considerations related to evidence sources, physical media and devices, media longevity, imaging digital data, and storage considerations, see e.g., NIST, Interagency Report 8387, Digital Evidence Preservation Considerations for Evidence Handlers (2022).
For guidance on working with data from mobile devices, see e.g., SWGDE Best Practice for Mobile Device Evidence Collection and Preservation, Handling, and Acquisition (2019).
Data sharing resources
For detailed data sharing guidance, see e.g., IASC (2023) Annex B Template: ‘Information Sharing Protocol Template (including a Data Sensitivity Classification)‘.
For an example data sharing agreement, see e.g., IASC (2023) Annex B Template: ‘Data Sharing Agreement Template’.
Risk management resources
For a detailed how-to resource for civil society organisations to establish essential security policies and protocols, see e.g., C. Guerra Merlo, Safe and Documented for Activism Manual (2018).
For a risk management SOP template, see e.g., IASC (2023) Annex B Template: ‘Standard Operating Procedure for Data Incident Management’.
For an overview of online and offline security considerations applicable to open source investigations, see e.g., OHCHR, Berkeley Protocol, ‘Security’ Chapter, pages 33-41.
For risk management checklists, see e.g., International Electrotechnical Commission (IEC), What Security Topics Should Be Covered in Standards and Specifications for ‘a checklist for the combination of standards and specifications used in implementations of systems’, and the UN Global Pulse Risk, Harms and Benefits Assessment Tool (2019) minimum checklist for international development and humanitarian organisations to understand and minimise potential risk of harm to individual rights when collecting data.
For guidance on the development of a cyber incident response plan, see e.g., U.S. Department of Justice Cyber Security Unit, Best Practices for Victim Response and Reporting of Cyber Incidents, Version 2.0 (2018); see also e.g., NIST SP 800-30 Rev. 1 Guide for Conducting Risk Assessments (2012) and/or the NIST Cybersecurity Framework 2.0 (2024), which offers a taxonomy of high-level cybersecurity outcomes that can be used by any organisation to better understand, assess, prioritise, and communicate its cybersecurity efforts.
Paywalled resources
For internationally recognised principles, framework, and processes for managing risk, see e.g., International Organization for Standardization (ISO), ISO 31000:2018 - Risk Management—Guidelines (2021); and ISO/IEC 27001:2022, information security, cybersecurity, and privacy protection (2022), which also includes requirements for the assessment and treatment of information security risks tailored to an organisation’s particular needs.
For a model cyber security threat analysis, see e.g., A. Shostack, Threat Modeling: Designing for Security (2014), which refers to the STRIDE framework (see e.g., ‘STRIDE Chart,’ Microsoft Security Blog (2007)), identifies common cybersecurity needs—authentication, integrity, non-repudiation, confidentiality, availability, and authorization—and links them to six corresponding cybersecurity threat categories: spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege.
Legal Framework
See section 4.2.2.B. and section 4.2.2.C. on the factors relevant to an assessment of whether an interference with privacy is necessary and proportionate, and therefore justified.
See section 4.2.4.B. on the provisions applicable to EU connected data under the GDPR, in particular those discussed in the ‘Legal Bases for Data Processing’, ‘Notification Requirements’, and ‘Data Transfers’ subsections.
Applicable Ethical Principles Legal Awareness; Competency; Accuracy, Impartiality, and Objectivity; Consent.