Primero

A web app for confidential case management and incident monitoring in social welfare, child protection, and gender based violence.

Website: https://www.primero.org/

Type of Digital Public Good

1. Is it relevant to one of the Sustainable Development Goals?

2. Does it use an appropriate open license?

Yes, this project is licensed under the following license(s):

3. Is ownership clearly defined?

Is the ownership of the project and everything that the project produces clearly defined and documented?

Yes

If yes - please link to the relevant copyright, trademarks, or ownership documentation for the project.

Not Applicable

4. Does the license of libraries/dependencies undermine the openess of the project?

Does this open project have mandatory dependencies (i.e. libraries, hardware) that create more restrictions than the original license?

No

If yes - are the open source components able to demonstrate independence from the closed component(s) and/or are there functional, open alternatives?

Not Applicable

If yes - please describe how the open source components are independent and/or list the open alternatives for the closed component:

Not Applicable

5. Is there documentation?

Does some documentation exist of the source code, use cases, and/or functional requirements. For software projects, this should be present as technical documentation that would allow a technical person unfamiliar with the project to launch and run the software. For data projects, this should be present as documentation that describes all the fields in the set, and provides context on how the data was collected and how it should be interpreted. For content, this should indicate any relevant compatible apps, software, hardware required to access the content and any instructions about how to use it.

Yes

If yes - please link to the relevant documentation:

6. Is non PII data accessible?

Does this project collect or use non-personally identifiable information (non-PII) data?

Yes

If yes - is there a mechanism for extracting or importing non-personally identifiable information (non-PII) from the system in a non-proprietary format?

Yes

If yes - describe the mechanism for extracting or importing non-personally identifiable information from the system in a non-proprietary format:

Not Applicable

7. Does the project adhere to privacy and other applicable international and domestic laws?

Has this project taken steps to ensure adherence with relevant privacy, domestic, and international laws? For example, the General Data Protection Regulation (GDPR) in the European Union or the Supplementary Act A/SA.1/01/10 on Personal Data Protection for the Economic Community of West African States (ECOWAS) (yes/no)

Unknown

If yes, please list some of relevant laws that the project complies with:

  • - GDPR
  • - Each domestic legal framework is distinct so this is managed on a case-by-case basis. Compliant with UNICEF and other UN Agency policy. Designed to foster rights-based approach to data management. Aligned with Responsible Data for Children https://www.rd4c.org

If yes, please describe the steps this project has taken to ensure adherence (include links to terms of service, privacy policy, or other relevant documentation):

Not Applicable

8. Does the project adhere to standards and best practices?

Does this project support standards? (i.e. Web Content Accessibility Guidelines (WCAG) 2.1 or other standards such as those listed on W3C)

Yes

Which standards does this project support (please list)

  • WCAG

Can you point to evidence of your support? (i.e. please link to your validator, open test suite, etc.)

  • Yes. We use Fortify on Demand, OWASP

Was this project built and developed according to or in adherence with any design, technical and/or sector best practices or principles? i.e. the Principles for Digital Development?

Yes

Which principles and best practices does this project support (please list)

  • the Principles for Digital Development/UNICEF Innovation Principles. (All)

9. Does the project do no harm?

Has this project taken steps to anticipate, prevent and do no harm?

On the whole, does this project take steps to ensure that it anticipates, prevents and does no harm?

Yes

Is there any additional information you would like to share about the mechanisms, processes or policies that this project uses to avoid doing harm?

Primero is linked to Responsible Data for Children, which focuses on empowering frontline workers to make good decisions about the gathering, storage and use of PII. Primero has built-in features to ensure privacy and accountability.
Primero is an extension of +20 years of interagency collaboration in the Protection sector, bringing together dozens of organizations around a community of practice based on do no harm. This includes the CPIMS and GBVIMS Steering Committees, the global standard bearers in information management for child protection and gender based violence. All processes, products, deployments etc are carefully regulated and monitoring for protective outcomes.

9.a. Data Privacy & Security

Does this project collect or store personally identifiable information (PII) data?

Yes

If yes - please list the types of data collected and/or stored by the project:

  • Child biodata
  • location data
  • unique IDs
  • DII
  • perpetrator data

If yes - does this project share this data with third parties?

Yes

Please describe the circumstances with which this project shares data with third parties. Please add links as relevant.

  • This app allows many service providers/protection actors to work on a common instance and exchange referrals and other data under strict information sharing protocols when in the best interest of the client and with their consent

If yes - does the project ensure the privacy and security of this data and has it taken steps to prevent adverse impacts resulting from its collection, storage and distribution.

Yes

If yes - please describe the steps, and include a link to the privacy policy and/or terms of service:

Data Breach SOP, Primero Board (interagency governance), linkages with RD4C.org, very stringent business processes including regular programme level audits. The terms of service are managed at the programme level, depending on lead agency, role of gov't., and other accountabilities.

9.b. Inappropriate & Illegal Content

Does this project collect, store or distribute content?

No

If yes - what kinds of content does this project, collect, store or distribute? (i.e. childrens books)

Not Applicable

If yes - does this project have policies that describe what is considered innappropriate content? (i.e. child sexual abuse materials)

No

If yes - please link to the relevant policy/guidelines/documentation.

Not Applicable

If yes - does this project have mechanisms for detecting and moderating innappropriate/illegal content?

No

If yes - please describe the mechanism for detecting, reporting and removing innapropriate/illegal content (Please include the average response time for assessment and/or action. Link to any policies or descriptions of how inappropriate content is handled):

Not Applicable

9.c. Protection from harassment

Does this project facilitate interactions with or between users or contributors?

Yes

If yes - does the project take steps to address the safety and security of underage users?

No

If yes - please describe the steps this project takes to address risk or prevent access by underage users:

  • n/a

If yes - does the project help users and contributors protect themselves against grief, abuse, and harassment?

No

If yes - please describe the steps taken to help users protect themselves.

  • n/a

Development & deployment countries

List of countries this project was developed in.

  • United States

List of countries this project is actively deployed in.

  • Sierra Leone
  • Jordan
  • Kenya
  • Burkina Faso
  • Lebanon
  • Tanzania
  • Iraq
  • Indonesia
  • Philippines
  • Nigeria
  • Cambodia