Because of the sensitive nature of working with vulnerable populations and sensitive issues, organizations should take care to minimize risk. Data minimization is the practice of limiting the collection of personal data to only that which is directly relevant to the analysis being undertaken. Data anonymization is the process of removing personally identifiable information from data sets. Note that it may be possible to re-identify data using publicly available data, contextual information, or other methods of data linkage, so you should follow an anonymization framework wherever possible, such as this one created by the UK Anonymisation Network.
Critical data is also at risk from a range of protection issues: malware, staff turnover, theft, confiscation, and even hardware failure. Care should be taken to encrypt data, to limit access, and to maintain encrypted back-ups in more than one physical location.
For more information about practical steps to take to protect data, see the resources curated by the Responsible Data Forum.