Technical Competency
Confidentiality and Information Protection
Anchoring the Competency into Recruitment Processes
Step 1: Integrating it into existing frameworks and procedures
For those with no existing Competency Framework, this is relatively simple and is does not require integration or finding an equivalent within your own system. For those with Competency Frameworks, such as the UN, European Personnel Selection Office (EPSO) and other agencies and organisations, you can find a table below of associated values, behaviours or competencies within other frameworks to allow you to incorporate and test this competency within an equivalent in your existing system.
| Murad Code Technical Competency | UN System (Old Values and Competencies, New Values and Behaviours) | Other systems |
|---|---|---|
| Confidentiality and Information Protection |
Old: Integrity, Professionalism, Accountability
New: Integrity |
EPSO: Information Management
WHO: Setting An Example, Act Professionally and Ethically, Be Trustworthy Professionalism IOM: Integrity GBV Core: able to manage, share and apply GBV case data in safe and effective manner |
Step 2: Adding language into your vacancy announcement, job description and Terms of Reference
In order to anchor this technical competency within the recruitment process, and onwards into expectations in terms of job performance, it is important to include wording in your vacancy announcement, job description and terms of reference. Some model wording for this competency is included below.
In the job/position tasks and responsibilities section:
“Assess information risks (including evaluating contextual factors) and determine appropriate risk mitigation and protection measures to adequately address those risks in all relevant contexts.”
“Maintain strict confidentiality and safeguards survivor data in line with ethical and legal standards.”
“Develop protocols to inform approach to national laws which limit confidentiality or may allow access to information and when not to collect information if it cannot be handled confidentially.”
“Apply data minimisation principles: collect and retain only the information necessary for programme delivery, monitoring, and reporting.”
“Contact and communicate with survivors remotely or in person to uphold confidentiality, privacy and discretion.
“Maintain confidential and secure communications.”
“Ensure clear, accurate and updated record and tracking of informed consent related to survivor information.”
In the qualifications/experience section - what we are looking for?
“Experience handling sensitive information with discretion and upholding confidentiality standards.
“Strong knowledge of confidentiality, data protection, information security, digital safety, privacy risks, and secure communication practices.”
“Demonstrated experience in safely managing confidential sensitive data, including safeguarding files, beneficiary records, or health/protection information.”
“Familiarity with international data protection standards (e.g. GDPR, ICRC Professional Standards for Protection Work, Sphere Standards, or equivalent humanitarian data protection guidance).”
“Ability to apply data minimisation and informed consent principles in programme contexts.”
Step 3: Designing written tests or interview questions which assess this competency
One of the most useful ways of understanding a candidate’s competencies is to set either case scenarios or hypothetical examples to understand what they would do and how they would do it. You can also test technical knowledge through written assessments. These can all be tailored to the relevant field of work or specific job. A few broad examples are provided below, both as written tests and for interview questions.
Sample written test examples
Hypothetical (can be based on relevant context and job requirements):
One of your team returns from an in-country visit and has brought with them SCRSV survivor medical health and psycho-social counselling records from community-based humanitarian services. There is no record of survivor-consent to share this information with your organisation. What is your response?
You have been asked to lead a documentation exercise in an area where there is government violence against civilians, including CRSV. What measures do you design and implement in relation to secure communication and confidentiality around the work?
Technical:
Application Exercise: Share a copy of Principle 7.8 of the Murad Code and ask the candidate to reflect on how they would operationalise it in a practical situation (e.g. team training, field protocols, handling a breach).
What are the central elements of a discussion with a survivor about confidentiality and privacy?
Identify and explain how to manage three potential risks of poor handling of information when working with survivors.
Sample interview questions
Can you give an example of when you demonstrated responsibility when managing and protecting sensitive survivor-related information?
Give me an example of when you had to decide whether to share a survivor’s information. What steps did you take to make sure consent was informed and specific? OR describe a situation where someone asked you for information you were not permitted to share. How did you handle it?
Describe a situation where you had to balance organisational reporting requirements with protecting survivor confidentiality. What was your approach?