Introduction and Mechanics for a general workshop


This learning activity is about looking at risk assessment from the perspective of the data life cycle. Activists, organisations and movements all deal with data – from gathering/creating/collecting data to publishing information based on data.

There are two main approaches to the mechanics of this activity:

  • The general workshop is for a general digital security workshop, where the participants come from different organisations and/or don’t belong to any organisations.
  • The organisational workshop is meant for a specific group and its staff. The general context for this type of workshop is that different teams within an organisation come together to to do a risk assessment of their organisational data practice and processes.

The learning objectives and the general topics/themes covered in both approaches are the same, but the facilitation methodologies and techniques will need to be adjusted for two different kinds of workshop scenarios.

Learning objectives

Through this activity, the participants will be able to:

  • Understand risk and security considerations in each phase of the data life cycle.
  • Apply risk assessment frameworks to their personal and/or organisational security.

Who is this activity for?

This activity is meant to be for individual activists (in a general risk assessment or digital security workshop), or for a group (an organisation, network, collective) undergoing a risk assessment process. There are two mechanics and approaches for this activity, depending on whether it is a general workshop or a workshop for a specific group.

It can also be used as a diagnostic activity in order to prioritise which practices or tools to focus on for the rest of a digital security workshop.

Time required

This depends on the number of participants and the size of the group. In general, this activity takes a minimum of four hours.


  • Flip chart paper
  • Markers
  • Projector to present the data life cycle and the guide questions and for participant share-backs, if needed.

Mechanics for a general workshop

(This is for a general risk assessment or digital security workshop, where activists from different contexts come together in a training. The learning objectives remain the same but some of the training and facilitation tactics would differ from a workshop for a more established group of people.)

Phase 1: What do you publish?

In this part of the activity, the participants are asked: What do you publish as part of your work as an activist?

The point here is to start with the most obvious part of the data life cycle – processed data that is shared as information. This could be research reports, articles, blog posts, guides, books, websites, social media posts, etc.

This could be done in plenary, popcorn style. This is when the facilitator posts a question and asks for short and brief answers from the participants – like corn popping in a pan!

Phase 2: Presentation of the data life cycle and security considerations

The presentation is aimed at reminding the participants about the data management cycle. The key points for the presentation can be found here (see cycle-basics-presentation.odp ).

Phase 3: Reflection time about personal data life cycles

Group the participants according to what they publish. Ask them to choose a specific example of something that they have published (an article, a research report, a book, etc.), and ask them to form groups based on similar work.

Here, there will be time for each of them to track the data life cycle of that published output, and then time as a group to share their reflections.

Reflection time should be about 15 minutes. Then group discussion would take about 45 minutes.

The guide questions for individual reflection time will be the considerations in the presentation.

For the group work, each group member will share the data life cycle of their published work.

Phase 4: Share-back and security considerations

Instead of having each group report back, the trainer-facilitator asks each group questions that will surface what was discussed in the groups.

Here are some questions you may use to debrief on the reflection time and the group discussion:

  • What are the data storage devices that were most common in the group? What were the ones that were the only one used?
  • What were the differences and commonalities in access to the data storage in your group?
  • What about data processing? What tools were used in your group?
  • Did anyone in the group publish something that put them or someone they know at risk? What was it?
  • Has anyone in the group thought about archiving and deletion practice before today? If so, what were the practices around this?
  • Were there safety and security concerns at any part of your data life cycle? What are they?

Synthesize the activity

At the end of the group presentations and sharing, the trainer-facilitator can synthesise the activity by:

  • Pointing to key points made.
  • Asking participants for key insights from the activity.
  • Asking participants about changes in their data management practice that they learned about during the activity.
Continue to the activity's next page (Mechanics for an organisational workshop, Presentation & Further Reading)