Organizations and communities are strengthened when there is collaboration of data. And that requires data sharing agreements (DSAs). An organization must achieve a culture of open and transparent data sharing. A DSA describes what data can be seen and how the data is kept confidential. The intent of a DSA is to specify the specific need and parameters of data sharing, including placing limits on the recipient for not further sharing data and information they receive. This blog post will cover what are the key drivers for DSAs, the need for various types of DSAs, what should be included in a DSA, and what is involved in creating a DSA process.
Done properly, DSAs extends the data governance framework outside of the organization potentially saving much time and frustration. A vital part of data governance is a DSA which is a formal agreement clearly outlining what information each organization will exchange and be able to access. A DSA assures the quality and integrity of the data flow between organizations. You need a tool or solution like the Data Cookbook to store the DSAs, and handle requests for a DSA including DSA reviews and approvals. You also need a regular review of DSAs. When a data request is submitted from an organization requesting information that necessitates a DSA then the request should be routed to the appropriate data steward. You need to clearly identify everyone’s responsibility around DSAs.
There are all types of DSAs, some with a narrow focus on data quality or those with wider focus on security, frequency, and flow (single or two-way). There are different types of DSAs depending on the type of data and who is requesting the data (internal vs. external). Make sure that the DSA is aligned with the organizational value of the data being shared. Look at your data requests and determine what DSA types are necessary.
What are the key drivers to have DSAs?
- Regulation or policy requiring them
- Security – in breach, need to discover rapidly where data comes from, goes to, and why
- Privacy – protection of personal information (what should be shared)
- Efficiency – clear processes on requests, routed to appropriate data steward, and knowledge base of previous DSAs
- Basic need – how does someone know what to program into a data feed, systems integration, or interface if not documented
A DSA should include the answers to these questions:
- Who is the requested/sender party?
- Who is the requesting/receiving party?
- What is the purpose (detailed purpose / benefit / need / requirement of the recipient for the requested data)?
- What is exactly the data being shared (get to the data element level)?
- What is the source data system(s) from which the data will be coming from?
- What is the destination data system(s) and/or use of the data (where will the data be going)?
- What is the method of sharing (describe the physical or technical way in which the data will be shared between organizations and if it is a one-way exchange or a bi-directional exchange)?
- What is the frequency of sharing (how often is the data to be delivered or refreshed)?
- What date does the agreement begin?
- What is the agreement termination date (important for when to review)?
- What is the selection criteria for the data records to be shared?
- What are the data quality expectations?
- How is the data quality measured?
- Who is accountable for the data and at what point, if any, does this change from one organization to another?
- What are the breach protocols (what happens if the quality rules are breached)?
- What is the contact information of the point person at the requestor organization?
- What is the contact information of the point person at the requesting organization?
And make sure the DSA includes the legal verbiage for the following:
- Ownership of data
- Protection of confidential data
- Prohibition on unauthorized use of data
- Return or destruction of data
- Reporting of misuse of data
What is involved in creating DSAs at an organization?
- Discuss the general idea, why they are necessary and the benefits. Document this information.
- Make some decisions on which types of DSAs you need.
- Create or finalize data policies regarding data and data sharing agreements. Place them in the data governance knowledge base.
- Write, edit, and finalize the language in the various DSA types. Get approval.
- Place definitions that are in DSAs into the data governance knowledge base.
- Create DSA templates and store them in the data governance knowledge base.
- Document the DSA process.
- Educate staff on the DSA process (how to request, templates, when needed, where stored, regular review, etc.).
- Create specific DSAs and get approval.
- Place completed DSAs in data governance knowledge base.
- Do regular review of the specific DSAs before DSA termination date.
We hope that his blog post helps you and your organization in creating and using data sharing agreements (DSA) which are an important part of a data governance initiative. If you would like additional resources regarding data policies check out our resources blog post.
IData has a solution, the Data Cookbook, that can aid the employees and the organization in its data governance, data intelligence, data stewardship and data quality initiatives. IData also has experts that can assist with data governance, reporting, integration and other technology services on an as needed basis. Feel free to contact us and let us know how we can assist.
Photo Credit:StockSnap_BTP3VRHYIY_dataclean_womantyping_BP #B1201