When to Use
Do No Harm is not a specialist consideration, it applies to all M&E activities involving human participants. It becomes critical when:
- Asking questions about violence, abuse, trauma, sexual behaviour, or criminal activity
- Working with survivors of GBV, trafficking, torture, or conflict
- Collecting data in communities where disclosing programme participation could create safety risks
- Working in contexts where ethnic, political, or religious identities are a source of risk
- Conducting evaluations where findings could expose beneficiaries to retaliation, discrimination, or loss of services
The Do No Harm principle originates in medical ethics and humanitarian response, but it has been fully adopted into M&E standards by major humanitarian and development frameworks including the Core Humanitarian Standard (CHS), SPHERE, and the UN Evaluation Group's ethical guidelines.
How It Works
Step 1: Harm risk assessment at design stage
Before finalising data collection methods and instruments, conduct a structured harm risk assessment. For each planned data collection activity, ask: what harm could this cause, to whom, and under what conditions? Harm types include:
- Physical harm: identification of participants to armed actors, authorities, or community members who might target them
- Psychological harm: re-traumatisation through questions about past violence, loss, or abuse
- Social harm: disclosure of status (HIV, disability, income, migration) that triggers stigma or exclusion
- Economic harm: disruption of livelihoods or exclusion from services as a result of programme participation
Step 2: Design mitigation measures
For each identified harm risk, build in a mitigation measure. Common mitigations include:
- Removing identifiers from datasets before sharing
- Encrypting data on field devices and requiring password protection
- Conducting interviews in private spaces where third parties cannot overhear
- Training enumerators to skip sensitive questions if participants show distress
- Having a plan for what happens if a participant discloses imminent danger
Step 3: Build referral pathways
If data collection could surface disclosures of harm, past violence, ongoing abuse, suicidal ideation, medical emergencies, a referral pathway must be in place before the first interview is conducted. Referral pathways specify:
- Which disclosures trigger a referral
- What services are available and how to contact them
- What the enumerator should say when providing a referral
- Whether the disclosure must be reported (e.g., mandatory reporting for child protection)
Step 4: Train enumerators on harm recognition and response
Enumerators are the frontline of Do No Harm in field data collection. They must know: what signs of distress to look for, when to stop an interview, how to provide a referral, how to handle a disclosure, and how to document an incident.
Step 5: Apply Do No Harm to reporting and dissemination
Harm risk does not end when data collection ends. Evaluation reports, case studies, and programme communications can cause harm if they: identify participants in sensitive situations, publish photographs of vulnerable individuals without consent, or share findings in ways that expose communities to negative attention. Apply the same scrutiny to outputs as to data collection.
Key Components
- Harm risk assessment: structured review of potential harms from each planned data collection activity
- Mitigation measures: specific actions taken to reduce each identified harm risk
- Referral pathways: documented routes to support services for participants who disclose harm during data collection
- Enumerator protocols: training and procedures for recognising and responding to participant distress or disclosure
- Data security measures: encryption, access controls, and de-identification to prevent harmful data exposure
- Reporting safeguards: anonymisation, consent, and review processes for publications that feature participant information
- Incident reporting: mechanism for documenting harm incidents during data collection
Best Practices
Build referral pathways before data collection begins, not after. A referral pathway that does not exist when the first disclosure occurs is not a referral pathway. Map available services in the programme area before instrument design, and include referral contact details in enumerator field guides.
Apply Do No Harm to secondary data use. Using existing administrative data, health records, or beneficiary lists for M&E purposes carries harm risks from the original collection context. Review the original consent and purpose before repurposing data.
Recognise that asking questions is an intervention. Asking someone about their experience of violence, trauma, or hardship changes them, it can surface memories, cause distress, or raise expectations. The obligation to do no harm begins with the decision about what to ask, not just how to protect data afterwards.
Conduct harm risk assessments for reports, not just data collection. Stories, case studies, and impact reports are often the most visible outputs of an M&E system. The same participant whose data was collected privately could be identifiable in a published evaluation report. Review all outputs for identification risk before publication.
Distinguish Do No Harm from non-interference. Do No Harm does not mean avoiding difficult questions or refusing to document abuses. It means designing data collection and reporting in ways that protect participants while still generating honest, useful evidence. Sanitising findings to avoid discomfort is not Do No Harm, it is compromised reporting.
Common Mistakes
Treating Do No Harm as a consent form, not a design process. Getting participants to sign a consent form that mentions Do No Harm is not the same as implementing it. Do No Harm is an active design practice, risk assessment, mitigation planning, and operational protocols before a single enumerator enters the field.
Assuming sensitive data is only about violence. Harm risk is contextual. In some settings, disclosing income, land ownership, ethnicity, or political affiliation carries significant risk. The harm risk assessment must be tailored to the local context, not based on a generic checklist.
Having no plan for mandatory disclosures. Enumerators collecting data from children or in contexts with mandatory reporting laws must know in advance what to do if a participant discloses abuse. "We'll figure it out if it happens" is not acceptable.
Publishing identifiable programme beneficiaries without explicit consent. Success stories featuring named individuals, photographs, and personal circumstances require specific, informed consent, not just the general data consent form. Participants who consented to participate in monitoring did not consent to appearing in a donor communication.
Ignoring risks to enumerators. Do No Harm applies to M&E staff as well as participants. Enumerators working in conflict-affected areas, collecting sensitive data, or working with traumatised populations face their own risks. Secondary trauma, physical safety, and retaliation risk must be assessed and mitigated.
Related Topics
- Ethics in M&E, the broader ethical framework within which Do No Harm sits alongside informed consent, data privacy, and honest reporting
- Data Management, the technical systems for storing and protecting participant data securely
- Gender-Responsive M&E, applying Do No Harm with particular attention to gendered safety risks
- Accountability Mechanisms, feedback systems that help communities report harms caused by programmes or M&E activities
- Participatory Evaluation, an approach that gives participants more control over what data is collected and how it is used