In this first part of the session, you will begin by explaining the following to participants:
What is Documentation?
Documentation in this context refers to a systematic, organized approach for keeping a track of any incidents of abuse or harassment that occur in the course of our work – essentially, it is maintaining an archive of evidence.
What is an Incident?
An incident is anything that happens either online or offline that might constitute abuse or harassment – whether an event can be classified as an incident or not is highly dependent on the context and circumstances in which it happens, and the severity of its impact in relation to those. For example, if you receive an email that seems like a phishing attempt – and you’re used to receiving these every so often – that alone might not be significant enough to be an incident; however, if your organization is about to launch a major campaign, and you begin receiving an unusually large number of these emails, this would likely constitute an incident (and it should be documented). To provide another example, the same could be said if your organization is about to launch a major campaign and you begin receiving usually large numbers of Facebook friend requests from strangers.
What is a Documentation Journal?
A documentation journal is a place where you can keep records of incidents that occur, in an organized way that will help you save important information and evidence from each for later use or reference.
Why is Documentation Important?
Documentation can be useful for later reference when attempting to connect the dots between different incidents that took place during a specific timeframe, or that happened to several people in the same organization. Documentation can reveal patterns of abuse or other online attacks you may not have otherwise noticed, by presenting a collated body of evidence – these patterns can be helpful for identifying adversaries, or to draw connections between certain kinds of incidents and certain actions of yours or your organizations. When reporting incidents of abuse on social media platforms, for instance, evidence such as screenshots or profile names may be requested during an investigation.
Once you’ve finished reviewing the above points about documentation and why it is important, you can hand out to participants printed copies of the below Documentation Journal templates.
Mention to participants that these templates provide just one example of the kinds of information that could be important to gather when documenting incidents. They should feel free to add or remove columns and fields as they see fit when creating more specific formats contextualized to their work in the future.
There are two templates included here – one for documenting online incidents, and another for physical/offline incidents (begins next page):
|Summary of incident|
|Screenshot (filename or copy/pasted)|
|Description of screenshot content(s)|
|Summary of incident|
Most of the fields in these templates are relatively self-explanatory; however, you should still walkthrough each one for the group, describing briefly to what each one refers (in terms of what participants should be keeping track of for each).
Be sure to specifically highlight the Level of Risk field, as this field is highly subjective and less self-explanatory than the others. How different participants and/or organizations define levels of risk will be extremely specific to their context – it might be useful to pause at this point and ask participants for examples of incidents they would define as Low Risk, Medium Risk, or High Risk (for instance). Emphasize to participants that they should consider the potential impact of the incident (on either a personal or organizational level, or both) when defining risk in this context.
Optional: Either before or immediately following this session, go through the Gender-Based Risk Model exercise with participants. During that exercise, the group will have a more focused opportunity to define levels of risk for their own context – they can then apply those definitions of risk to their documentation journals.
Finally, another important field to highlight during this part of the session is Follow-up Actions. Essentially, a Follow-up Action is the next step that will be taken to address the current incident (such as filing a report on Facebook), or a measure that will be implemented to prevent the incident from happening again or to reduce its impact.
Optional: Either before or immediately following this session, go through the Organizational Security Plans and Protocols session with participants. During that exercise, the group will have a more focused opportunity to define security plans and protocols in response to certain known or potential risks – similar steps would be required when planning Follow-up Actions for incidents.
Ask participants to begin filling in their journal templates individually - give 10-15 minutes to fill in as much as they can. Although they can fill in the details of actual incidents that have occurred if they wish, participants can also use hypothetical examples for practice purposes.
Once they finish their first draft of the journal, ask them to get together in pairs and share the incidents they’ve recorded with their partner – for this step, pairing together participants from the same organization (if applicable) will be helpful. Each pair should ask questions of each other about the level of detail or thoroughness in their incident reports – in some cases, this may help a participant recall specific details they may not have remembered earlier. Note that some participants might not feel comfortable sharing their journal with others, so allow them to work individually if they so choose.
Remind participants that, to keep up regular maintenance of their documentation journals, they will need to find ways to “socialize” (or integrate) journal updating into existing routines. In the context of an organization, participants should think about whether there will be a specific person in charge of gathering information for the journal; alternatively, it may be easier or more agreeable to rotate the task among individuals or among teams. You should also mention here that it may be good idea, if someone within the organization is the subject of an incident, for someone other than themselves to document the incident.
Encourage participants to experiment with different workflows to make updating their documentation journals a more efficient process – there may be ways of automating certain processes, or they may find that certain fields in the templates included above are irrelevant for their context (which will save them unnecessary work.
Close the session by asking participants, now that they’ve had time to think about the importance of documenting incidents for their own contexts, if they have any key takeaways from the discussion or ideas to make journal maintenance and updating an easier process.