In an increasingly data-driven world, organizations across sectors are recognizing the potential of non-traditional data—data generated from sources outside conventional databases, such as social media, satellite imagery, and mobile usage—to provide insights into societal trends and challenges. When harnessed thoughtfully, this data can improve decision-making and bolster public interest projects in areas as varied as disaster response, healthcare, and environmental protection. However, with these new data streams come heightened ethical, legal, and operational risks that organizations need to manage responsibly. That’s where due diligence comes in, helping to ensure that data initiatives are beneficial and ethical.

The report, Trust but Verify: A Guide to Conducting Due Diligence When Leveraging Non-Traditional Data in the Public Interest, co-authored by Sara Marcucci, Andrew J. Zahuranec, and Stefaan Verhulst, offers a comprehensive framework to guide organizations in responsible data partnerships. Whether you’re a public agency or a private enterprise, this report provides a six-step process to ensure due diligence and maintain accountability, integrity, and trust in data initiatives.

Why Non-Traditional Data Holds Untapped Value

Non-traditional data offers a level of insight and dynamism that is often missing from traditional data sources. For example:

1. Expanding Insights Beyond Conventional Boundaries: Mobile data, satellite imagery, and social media analytics open new windows into human behavior, environmental changes, and social trends that traditional data sources may not capture.

2. Achieving Real-Time Responsiveness: Non-traditional data often provides real-time or near-real-time updates, allowing organizations to respond quickly to shifting situations—whether that’s a natural disaster, a public health emergency, or economic fluctuations.

3. Improving Data Access in Sparse Environments: In regions with limited conventional data infrastructure, non-traditional data can fill essential gaps, offering a lifeline for more informed, locally relevant decision-making.

4. Validating and Enriching Traditional Data: By combining traditional and non-traditional data, organizations can cross-reference and validate their findings, reducing bias and enhancing accuracy for a more complete picture.

5. Enabling Targeted Resource Allocation: Non-traditional data analytics allow organizations to identify specific needs or opportunities with a high degree of precision, supporting efficient resource allocation. 

6. Navigating Complex Cross-Border Contexts: Non-traditional data can also help organizations address the challenges of operating in diverse regulatory environments, adapting strategies to remain compliant while respecting local norms and cultural differences.

The Critical Need for Due Diligence

As promising as non-traditional data may be, it also raises critical questions about security, bias, consent, and ethical considerations, especially when these data sources involve sensitive or personal information. Without a robust due diligence framework, organizations risk harming the very communities they seek to support.

1. Relevance to the Problem: Ensure that the non-traditional data is directly relevant to the issue or challenge you are addressing. It should provide meaningful insights or solutions.

2. Data Availability: Assess the availability of non-traditional data sources and map relevant organizations that might provide this data.

3. Data Quality and Reliability: Assess the quality and reliability of the data source. Is it accurate, up-to-date, and from a credible and trustworthy origin? Poor-quality data can lead to erroneous conclusions.

4. Individual Consent and Group Agency: Ensure that data is collected and used with the informed consent of individuals, while also establishing a social license to gain community acceptance and foster digital self-determination. Respect privacy and self/group-determination rights, especially for vulnerable populations.

5. Data Security: Implement robust security measures to safeguard the data against unauthorized access, breaches, or misuse.

6. Ethical Considerations: Consider the ethical implications of data collection and usage, especially when it involves vulnerable populations or sensitive personal information. Adhere to ethical standards and relevant frameworks.

7. Bias Mitigation: Evaluate the potential for bias in the data and employ strategies to identify and mitigate bias to ensure fairness and equity.

8. Legal and Regulatory Compliance: Ensure compliance with applicable laws and regulations, including data protection laws and regulations governing human rights.

Due diligence ensures that data practices are aligned with public interest and ethical standards, setting the stage for responsible collaboration between data providers and data users. Trust but Verify walks organizations through a structured approach to assess and mitigate risks, while fostering a culture of transparency and accountability in data partnerships.

Key Steps for Responsible Data Collaboration

Trust but Verify proposes a six-step due diligence process tailored for non-traditional data partnerships, particularly in public-interest projects. Here’s a closer look at each step:

1. Determining the Scope of Due Diligence
   The first step is to clearly define the scope of the data initiative, including identifying the data sources, partners, and potential risks involved. By clarifying these boundaries, organizations can target their efforts effectively, focusing on the most critical areas of data responsibility.

2. Internal Data Collection
   This step involves gathering critical information about the legal, ethical, and regulatory landscape in which the data initiative will operate. The goal is to understand contextual risk factors such as local data protection regulations, human rights records, and corruption tolerance. The due diligence team works closely with legal experts and consults various sources to build a comprehensive picture of the operating environment.

3. Risk Ranking and Red Flag Identification
   With the collected data in hand, the team assesses the potential benefits and risks of the data initiative, ranking each risk based on severity and identifying any "red flags" that require immediate attention. A structured risk-ranking framework can help prioritize issues, ensuring that high-risk factors are addressed before the project moves forward.

4. Additional Due Diligence for High-Risk Cases
   In situations where high risks are identified, Trust but Verify recommends applying an additional Due Diligence Diagnostic Tool, which guides organizations through a more in-depth investigation. This tool explores critical questions about the data's source, potential biases, security vulnerabilities, and regulatory compliance to decide whether a high-risk engagement is worth pursuing.

5. Approval Based on Risk Level
   Before proceeding, the due diligence findings undergo a final review by a Committee of Experts, who assess whether the identified risks have been sufficiently mitigated. This approval process provides an additional layer of oversight, ensuring that only projects meeting high standards of data responsibility move forward.

6. Post-Engagement Due Diligence
   Due diligence doesn’t end once a data initiative begins. Instead, ongoing monitoring and regular audits help ensure continued compliance with ethical, legal, and security standards. Engaging with data subjects throughout the project and promptly addressing any emerging risks are crucial to maintaining trust and accountability.

Building a Foundation of Trust

The due diligence process outlined in Trust but Verify is not a one-size-fits-all solution but a flexible guide that organizations can adapt to meet the specific needs and risks of each data project. Informed by real-world challenges in data governance, the report emphasizes the importance of tailoring due diligence practices to the unique regulatory, cultural, and political contexts in which organizations operate. This process builds a foundation of mutual trust, allowing data providers and users to work collaboratively toward the public interest.

For Whom is This Guide?

This guide is intended for private companies, non-profits, government agencies, and other organizations that collaborate across sectors and borders in data initiatives. Whether you're just starting with non-traditional data or have established data partnerships, Trust but Verify provides a roadmap for conducting due diligence with integrity and accountability.

The Path Forward

As organizations continue to leverage data to tackle pressing global issues, the importance of responsible data practices cannot be overstated. This report hopes to equip organizations with the tools to navigate the complexities of non-traditional data responsibly, enhancing their capacity to make data-driven decisions that are ethical, secure, and in the public interest. Through a strong due diligence framework, we can unlock the full potential of non-traditional data to create positive, lasting impacts on society.

To dive deeper into these best practices, access the full report Trust but Verify and learn how you can implement due diligence in your own non-traditional data initiatives for public interest.

Read the full report here: [Link to report]

--

We would like to thank Lisa Talia Moretti for her contribution on early versions of the Appendix A of this report: Additional Due Diligence Diagnostic Tool. 

Back to the Blog