Data has become essential to emergency planning and disaster operations. As a valuable asset when making informed decisions, data provides emergency managers with the opportunity to effectively respond to emergencies with decisive efficiency. However, data that emergency management agencies collect and store – such as data that capture travel movements, document structural damage, and provide information on business operational capabilities – need to be protected and archived in compliance with law and standards.
Evidence-based decision-making has made the ethical and legal challenges associated with managing data necessary. As technology advances, the amount of data collected, stored, and recalled in the name of crisis management can be substantial and must be handled in a manner that protects those in need. In disaster management, data can range from personal identifying information to geolocation tracking and resource allocation records. Ethical data practices include measures. The ethical dimensions of data management in disaster scenarios that protect individual privacy and secure critical decision-making data focus on critical principles like accountability, transparency, privacy, and fairness.
The Department of Homeland Security (DHS) maintains a data governance policy for information sharing in its DHS Data Management Directive, 103-1, which outlines that DHS data is to be catalogued and protected as an asset. Data governance policies uphold public trust, ensure regulatory compliance, and ultimately influence the success of disaster response and recovery operations.
Data Sensitivity in Crises
During a pandemic, natural disaster, or other fast-paced emergency, the pressure to act quickly often requires gathering large quantities of sensitive data, including:
- Personal identifying information – any data that can be used to identify an individual directly or indirectly, such as name, age, contact information, and private communications; and
- Sensitive personal information – any data that, whether released without authorization, lost, or compromised, can lead to substantial personal or professional harm, embarrassment, inconvenience, or unfairness to an individual.
DHS Privacy Office published its Handbook for Safeguarding Sensitive PII in 2017 to provide guidance for safeguarding personal data. Emergency management agencies must develop policies and procedures for collecting, storing, using, archiving, and destroying data in accordance with standards and regulations.
As part of the hazard mitigation planning process, emergency managers need to collect substantial amounts of data on repetitive loss (RL) properties to focus on risk-reduction efforts. The National Flood Insurance Program defines repetitive loss properties as:
any insurable building for which two or more claims of more than $1,000 were paid by the National Flood Insurance Program within any rolling ten-year period, since 1978. An RL property may or may not be currently insured by the program. Currently there are over 122,000 RL properties nationwide.
Federal policy determined that this data is confidential and difficult to secure due to federal law, which restricts the distribution of any information that can be used to identify property owners.
During the COVID-19 pandemic, for example, governments and health agencies needed and were required to track data from infections, contact tracing, and healthcare resources. These efforts had to be accomplished while respecting data privacy laws. In the United States, there are several privacy laws to consider, such as the Privacy Act of 1974 and the Health Insurance Portability and Accountability Act. Sometimes, even the European Union’s General Data Protection Regulation may impact storage and data management operations in the U.S. Reviewing data management processes during the COVID-19 response is an example of how ethical data management is vital to protect individuals’ privacy while ensuring the efficacy of response operations.
Ethical principles such as beneficence, or acting in the public’s best interests, must be weighed against the need to do no harm, or nonmaleficence. Sharing information during a disaster, such as the personal identifying information collected during the COVID-19 pandemic can save lives, but it also risks exposing sensitive personal or operational information. Determining the right balance between the public good, operational security, and individual rights is a key ethical challenge in disaster data management.
Accountability and Transparency
To inform response strategies, emergency management organizations must rapidly gather large amounts of data during disaster operations. In addition to beneficence and nonmaleficence, accountability and transparency are essential principles in ethical data practices – all of which are intertwined to create trust. Accountability requires that organizations involved in emergency operations and disaster assistance explain what personal data is being collected, why the data is collected, and how such personal data will be used.
For example, when an emergency management agency’s mobile application (app) collects location data during an evacuation, the agency must be transparent about the scope of data collected, such as whether it tracks the general movement of the population or individual evacuees via the app. This transparency helps to build public trust. Trustworthiness is foundational to ethical leadership. Governments and organizations must ensure that emergency management app use is voluntary and that their guidelines on privacy protections are transparent – for example, ensuring that data is anonymous and not centrally stored. The protection of such data is an essential responsibility of those who collect the data as well as anyone having access to the information collected.
Ethical Frameworks in Data Decision-Making
Structured ethical frameworks, such as utilitarianism (the greatest good for the greatest number) and deontological ethics (adherence to duties and rules), can guide emergency managers through moral dilemmas as they make critical decisions regarding data during a disaster. An emergency manager might face a decision where they must choose between sharing potentially sensitive personal data with other agencies to improve the crisis response or keeping that data private to honor individuals’ rights. In that scenario, utilitarianism may favor sharing data if it benefits more people, whereas deontological ethics might advocate for not sharing it to uphold privacy rights. However, ethics and regulation are not the same. When decision-makers confuse the two, they could delay or halt data-sharing efforts regardless of the circumstances. Understanding the limits of regulations highlights the need to develop a strategy for data management during all phases of the emergency management cycle.
Privacy and Confidentiality
The privacy of information collected during emergency operations is one of the most significant ethical concerns in data management. Even when personal information could significantly facilitate the disaster response, the people agencies are trying to help still retain their right to privacy. The ethical challenge lies in determining how to protect personal data yet share information that is necessary for the community’s safety and well-being.
Confidentiality requires that such information be shared only with those who have a legitimate need and for purposes that are clearly defined and limited to the crisis response. One approach to the ethical handling of data is referred to as “privacy by design” and emphasizes the importance of building privacy considerations into data systems from the outset. A key component of this approach is data minimization, which involves collecting only essential anonymized information to prevent the unauthorized release of any personal identifying information.
Fairness in Data Use
During disaster response and recovery operations, data should be used in ways that are fair. Emergency and business continuity managers must ensure that data-driven decisions do not disproportionately harm or disadvantage any population. This is particularly relevant when using algorithms and artificial intelligence (AI) systems with flawed or biased underlying inputs. For example, if disaster assistance funds are allocated based on an algorithm that uses historical data and that data reflects past injustices in resource allocation, certain communities might receive less assistance than others. This may include algorithms and AI platforms used to estimate or assess damages or losses. To ensure ethical data use in disaster management, audit algorithms to avoid bias, and use data in a way that promotes fair outcomes.
Data plays an invaluable role in disaster management. With the collection of such information to ensure evidence-based operations comes a great responsibility to protect data and dispose of it when it is no longer needed. As such, emergency managers increasingly face complex ethical dilemmas during the process of collection, usage, storage, and destruction of their community members’ personal information. By incorporating data management principles like accountability, transparency, privacy, fairness, and beneficence, they can more effectively and ethically manage that information. Adhering to ethical standards can help organizations build public trust, safeguard individuals’ rights, and ensure that the benefits of data-driven decision-making do not come at the cost of personal privacy or fair treatment. As the demand for evidence-based decision-making continues to grow, emergency management professionals must commit to ethical data practices that respect the needs of the community and the rights of individuals. In times of crisis, data can save lives, but it must be managed with care, responsibility, and respect for ethical principles.
Anthony S. Mangeri
Anthony S. Mangeri, MPA, CPM, CEM, is the chief operating officer and principal at the Mangeri Group, LLC, and president of the International Association of Emergency Managers’ (IAEM) Region 2. He currently serves on the IAEM-USA board of directors and is a board member of the Philadelphia InfraGard Members Alliance. Before the Mangeri Group, LLC, Anthony was the assistant vice president for Mitigation and Resilience at The Olson Group Ltd. Before that, he served as a town manager, where he navigated the community through the challenges of the COVID-19 pandemic, was responsible for local emergency preparedness, disaster recovery operations, and played a key role in the establishment of a municipal police department. Anthony also served as the New Jersey State Hazard Mitigation Officer for over a decade. During the response and recovery to the September 11, 2001, terrorist attacks, he was the operations chief at the New Jersey Emergency Operations Center, where he coordinated the state’s response efforts. Beyond his professional achievements, Anthony has committed over 35 years to serving as a volunteer firefighter and emergency medical technician. He holds a Master of Public Administration from Rutgers University and has completed a fellowship in Public Health Leadership in Emergency Response. As a Certified Professional Coach, Anthony continues to contribute his knowledge and expertise to the emergency management community.
- Anthony S. Mangerihttps://www.domprep.com/author/anthony-s-mangeri
- Anthony S. Mangerihttps://www.domprep.com/author/anthony-s-mangeri
- Anthony S. Mangerihttps://www.domprep.com/author/anthony-s-mangeri
- Anthony S. Mangerihttps://www.domprep.com/author/anthony-s-mangeri