What is the UNHCR Data Protection Policy?
The UNHCR Data Protection Policy (formally called the ‘Policy on the Protection of Personal Data of Persons of Concern’) sets out the principles and rules relating to how UNHCR processes the personal data of refugees, asylum-seekers and other persons of concern.
UNHCR adopted the Data Protection Policy out of recognition that UNHCR and partner organizations hold, manage and process a lot of information on individual refugees, asylum-seekers and other people to whom it provides protection and assistance. UNHCR also recognizes that the personal information of persons of concern is often highly sensitive.
The UNHCR Data Protection Policy accordingly seeks to protect the rights of individuals whose information it holds, and to ensure that the processing of personal data conforms to key data protection principles.
These principles help to ensure that UNHCR:
- Collects data for specific and legitimate purposes;
- Processes data only to the extent that is necessary;
- Records data accurately;
- Respects the rights of the individuals whose data is being processed;
- Maintains the confidentiality of the data at all times; and,
- Puts in place appropriate data security measures to protect the data.