Data Privacy at MIGA
Introduction
The Multilateral Investment Guarantee Agency (“MIGA”) has adopted core privacy principles for its operations, aligned with global standards for personal data protection. MIGA’s Data Privacy Office actively works to protect and maintain the privacy, accuracy and security of the personal data that MIGA collects, handles or processes, and seeks to foster a culture that values privacy through awareness.
MIGA’s Approach to Personal Data Protection:
- reflects the principles established by the overarching World Bank Group (WBG) Personal Data Privacy Policy (the “Privacy Policy”), which applies to all personal data collected by MIGA on or after February 1, 2021;
- is underpinned by appropriate policies and procedures aimed at supporting effective identification and management of privacy risks across MIGA;
- is driven by a dedicated MIGA Data Privacy Office, which is responsible for implementing the Privacy Policy throughout MIGA, as well as advising staff and monitoring compliance.
Principles Governing Processing of Personal Data by MIGA
The core of the Privacy Policy is the seven principles governing MIGA’s processing of personal data. Personal data is information that identifies an individual (directly or indirectly). The seven principles are summarized below:
- Legitimate, Fair and Transparent: MIGA’s processing of personal data should be for a legitimate purpose and should be fair and transparent to the individual concerned (often called the data subject).
- Purpose Limitation and Data Minimization: Personal data collected by MIGA for one purpose may not be used for another purpose, except in accordance with the Privacy Policy; only the personal data needed to accomplish that purpose should be collected.
- Data Accuracy: Personal data should be collected, recorded, and maintained as accurately as possible.
- Storage Limitation: Personal data should be retained and disposed of according to applicable records retention and disposition schedules.
- Security: MIGA should use reasonable technical and organizational measures to avoid accidental destruction, loss, alteration, unauthorized disclosure of or access to personal data.
- Transfers of Personal Data: Personal data should only be transferred to third parties for legitimate purposes and with appropriate regard for protection of the personal data transferred.
- Accountability and Review: Adopting documentation, processes, and procedures appropriate to implement and oversee compliance with the Privacy Policy.
What Personal Data MIGA Processes and Why
For information regarding what personal data MIGA collects and why as part of its regular operations, please see MIGA’s Products and Services Website
For information regarding what personal data MIGA collects and why from visitors to the MIGA.org website, please see the MIGA's Virtual Use Statement.
How to Request Information on Your Personal Data Processed or Held by MIGA
As part of its data privacy framework, MIGA has established a mechanism for individuals to request information regarding their personal data processed or held by MIGA and, when appropriate, to seek redress, as further described here.
Current staff may submit requests using the webform available here.
If you are not currently a staff member of MIGA or another World Bank Group institution, you may submit such a request using the webform available here.
How to Contact the MIGA Data Privacy Office
All other questions related to MIGA’s data privacy framework can be directed to MIGA’s Data Privacy Office.