Distribution of Responsibilities

To facilitate collaboration, it is necessary to clarify each organisation’s rights, responsibilities, tasks, expectations, and decision-making powers in relation to the CIS. For example, while one organisation may host the CIS - making them the managing authority and data controller, responsible for things such as system maintenance, data security - in a collaborative setting, some of these responsibilities may be shared across organisations.

Guiding Questions

What does it mean to take responsibility for data in collaborative situations?
Who is responsible for notifying all parties concerned in case of a data breach?

Further Information

The exchange of information in the disaster relief sector has become very complex. There are many actors and many new actors, yet processes of exchanging information have not changed substantially and are often ad hoc and negotiated on a case-by-case basis. Often, there is more information than necessary while at the same time the relevant information that a particular stakeholder requires might not be available. Many parties argue that these processes of information sharing and exchange need to be better coordinated. The challenge lies in ‘creating an information infrastructure that is sufficiently flexible to manage the dynamic exchange of information among the participating entities in an inter-organizational system, but sufficiently ordered to ensure that the relevant information gets to the responsible parties in valid format and in time to support effective action’ (in Bjerge et al 2016: 3)

Within ecologies of mobile technology and CIS, the data controller, according to the General Data ProtectionRegulation (GDPR), Article 4 (7), is defined as the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.  The challenge in defining the controller or controllers lies in identifying all the responsible entities that could be engaged in disaster management. While in some cases, the controller could be easy to identify, in others, it could be a variety of authorities which could possibly become joint controllers or co-controllers (Jasmontaite and Dimitrova 2016).


In SecInCoRe project workshops, practitioners raised questions about trust and responsibility in a CIS that includes volunteer organisations. In particular, the fact that volunteers do not share similar training, responsibilities for the reliability and accuracy of data, and are not formally given authority could mean that some formal responders may question the extent to which the volunteers can be trusted.


Bjerge, B., Clark, N., Fisker, P., and Raju, E. (2016). Technology and Information Sharing in Disaster Relief. PLOS ONE, 11(9): 1–20 [DOI
Jasmontaite, L., and Dimitrova, D. (2017). Online Disaster Management: Applicability of the European Data Protection Framework and Its Key Principles. Journal of Contingencies and Crisis Management, 25(1): 23–30 [DOI

Related Key Terms