How to know that your data are safe and being used for purposes that you agree with.
As the volume and variety of data about people has increased, so too has the number of ideas about how those data might be used. Studies around the world have shown that many people want their data to be used for public benefit, but also that their support is conditional, and only given when risks like those related to privacy and commercial motives are addressed.
For organizations that are good and responsible stewards of data, the challenge can be finding ways to communicate their trustworthiness without providing an overwhelming amount of technical and legal details.
To address that challenge, our team recently published “Essential requirements for the governance and management of data trusts, data repositories, and other data collaborations” in the International Journal of Population Data Science. By design, the minimum specification requirements (“min specs”) outlined in our paper are specific enough to be meaningful without being so prescriptive that they cut off natural variation, adaptation, and innovation.
For example, Governance min spec 2b states: “The data trust, data repository, or data collaboration must have an accountable governance body that is answerable for its decisions.” and Data User min spec 4a requires “Data users must complete privacy and security training before they access data.” In total, we identified 15 min specs in five requirement categories: one min spec for Legal, five for Governance, four for Management, two for Data Users, and three for Stakeholder & Public Engagement.
Importantly, this was not just a thought exercise. Our team included representatives from 23 data focused organizations and initiatives who worked together to test and refine the min specs. We used what we learned to prepare a list with more than 70 public resources related to the min specs that can help organizations and data sharing initiatives learn from each other.
In testing the min specs, we found that despite large variety in the details of how our team members approached their responsibilities, the min specs showed that we had a lot in common in terms of what is perceived to be essential, and we believe the min specs will also be relevant for many other organizations and data sharing initiatives. Canada’s Digital Governance Council agrees and has developed and ratified the Canadian national standard 100-7: Operating model for responsible data stewardship based on the min specs.
So, the next time you find yourself uncertain about how an organization that collects your data is using or sharing it, you might present the organization with the 15 min specs and ask them how they address them. The more that members of the public ask for this kind of information, the more that organizations will pro-actively make it available. We believe that information about how the min specs are addressed will help build and maintain trust which can, in turn, lead to more public benefits being realized from data.
Alison Paprica, Adjunct Professor and Senior Fellow at the University of Toronto’s Institute for Health Policy, Management and Evaluation
Paprica, P. A., Crichlow, M., Curtis Maillet, D. ., Kesselring, S., Pow, C., Scarnecchia, T. P., Schull, M. J., Cartagena , R. G., Cumyn, A., Dostmohammad, S., Elliston, K. O., Greiver, M., Hawn Nelson, A., Hill, S. L., Isaranuwatchai, W., Loukipoudis, E., McDonald, J. T., McLaughlin, J. R., Rabinowitz, A., Razak, F., Verhulst, S. G., Verma, A. A., Victor, J. C., Young, A., Yu, J. and McGrail, K. (2023) “Essential requirements for the governance and management of data trusts, data repositories, and other data collaborations: A refined set of 15 minimum specification requirements based on the experience of 23 organizations and data sharing initiatives”, International Journal of Population Data Science, 8(4). doi: 10.23889/ijpds.v8i4.2142.