Data Sharing Agreement
I’ve been lucky to work beside Alex Leigh with a number of clients over the past few years and love working with him as our skills sets are complimentary. Recently I’ve received a lot of questions on Data Sharing Agreements and I thought that Alex would be the best person to shed some light on this topic. This is what he had to say:
What are data sharing agreements and where do they fit in a Data Governance framework? On first analysis, it’s not obvious that they do! However, they are relevant when we consider the scope of that framework.
The production, manipulation and use of data outside of our organisations are often forgotten when considering data quality. We focus on internal ingress points which are mostly controlled through our own stewards and producers.
This can be a dangerous assumption as external data is far more common than we might think. It fits into two distinct areas:
– Additional data sets. These are often paid-for datasets which augment or enrich what an organisation internally holds.
– Collaborative data sets. These are mostly found in areas of shared working with other organisations. Research data is the most common of these.
A data sharing agreement (DSA) can be thought of as a data ‘passport’ assuring the quality and integrity of the flow between external and internal organisations.
This all sounds promising until we realise there is no standard data sharing agreement. This isn’t surprising when you consider the breadth of any such document. It may have a very narrow focus on data quality or a wider one including security, frequency, single or two-way flow etc. So we can see a DSA must be aligned with the business value of the data being shared.
Regardless of the breadth, any successful DSA must include:
– Quality rules and tolerances. This covers off exactly what data we are sharing, what quality expectations (both schema and business rules) are we ‘signing up’ too and how that quality is being jointly measured.
– Accountability. The bedrock of any DSA! Who is accountable for the data and at what point – if any – does this change from the external to the internal organisation.
– Breach protocols. How is that accountability used in an operational environment when the quality rules are breached?
To meet these three criteria, any DSA needs an agreed measurement and management approach. Without this, it is nothing more than a worthless paper exercise.
Now we’ve established that creating and managing a DSA is an important consideration in any Data Governance framework, where do we start? We recommend two approaches; firstly see what is being used at the moment in your organisation. It may not be fit for purpose, but it will be a basis to build on.
Secondly, consider talking to your Data Protection Officer. While the DPO will be focused primarily on Data Privacy Impact Assessments, they will have experience of working with external organisations and their guidance will certainly support you in developing new DSA’s.
You may even be able to integrate the quality and associated criteria into existing documents and processes. This is an excellent example of where Data Governance can be in support of organisational capability. And that can only be a good thing!
In summary, a DSA is not a ‘quick thing’. It needs careful consideration both in terms of development and how it will operate in practice. Done properly though it will extend your Data Governance framework outside of your organisation potentially saving much time and frustration.