Data Sharing Agreements
Nicola Askham
DataIQ 100 2022 | Award Winning Data Governance Training | Consultant | Coaching | Data Governance Expert | D.A.T.A Founding Committee
I've been lucky to work beside Alex Leigh with a number of clients over the past few years and love working with him as our skills sets are complimentary. Recently I've received a lot of questions on Data Sharing Agreements and I thought that Alex would be the best person to shed some light on this topic. This is what he had to say:
What are data sharing agreements and where do they fit in a Data Governance framework? On first analysis, it’s not obvious that they do! However, they are relevant when we consider the scope of that framework.
The production, manipulation and use of data outside of our organisations are often forgotten when considering data quality. We focus on internal ingress points which are mostly controlled through our own stewards and producers.
This can be a dangerous assumption as external data is far more common than we might think. It fits into two distinct areas:
- Additional data sets. These are often paid-for datasets which augment or enrich what an organisation internally holds.
- Collaborative data sets. These are mostly found in areas of shared working with other organisations. Research data is the most common of these.
A data sharing agreement (DSA) can be thought of as a data ‘passport’ assuring the quality and integrity of the flow between external and internal organisations.
This all sounds promising until we realise there is no standard data sharing agreement. This isn’t surprising when you consider the breadth of any such document. It may have a very narrow focus on data quality or a wider one including security, frequency, single or two-way flow etc. So we can see a DSA must be aligned with the business value of the data being shared.
Regardless of the breadth, any successful DSA must include:
- Quality rules and tolerances. This covers off exactly what data we are sharing, what quality expectations (both schema and business rules) are we ‘signing up’ too and how that quality is being jointly measured.
- Accountability. The bedrock of any DSA! Who is accountable for the data and at what point – if any – does this change from the external to the internal organisation.
- Breach protocols. How is that accountability used in an operational environment when the quality rules are breached?
To meet these three criteria, any DSA needs an agreed measurement and management approach. Without this, it is nothing more than a worthless paper exercise.
Now we’ve established that creating and managing a DSA is an important consideration in any Data Governance framework, where do we start? We recommend two approaches; firstly see what is being used at the moment in your organisation. It may not be fit for purpose, but it will be a basis to build on.
Secondly, consider talking to your Data Protection Officer. While the DPO will be focused primarily on Data Privacy Impact Assessments, they will have experience of working with external organisations and their guidance will certainly support you in developing new DSA’s.
You may even be able to integrate the quality and associated criteria into existing documents and processes. This is an excellent example of where Data Governance can be in support of organisational capability. And that can only be a good thing!
In summary, a DSA is not a ‘quick thing’. It needs careful consideration both in terms of development and how it will operate in practice. Done properly though it will extend your Data Governance framework outside of your organisation potentially saving much time and frustration.
If you'd like to know more about how Alex and I can help your organisation implement Data Governance (and get DSA's in place) please get in touch here.
Originally published on www.nicolaaskham.com.
Senior Manager | Program Management | Digital Transformation | MBA (IIM L) & Engg. (IIT KGP)
4 年Thanks for sharing this, Nicola. Couple of thoughts running in my mind right now: 1. There might be large-scale programs which are currently running and the Service level agreements/SOW were already signed long back without any specific focus on DSAs with multiple external partners. Do we have an approach to mitigate the risks now? 2. Does the DPO roll-up to a Information Security arm in an organization? What are the best practices in this regard?
CEO at Anjana Data | Institutional Relations at DAMA Spain | Data Strategy, Data Management, Data Governance & DataOps
4 年Really interesting topic Nicola Askham! As you know, we have natively implemented our own vision of Data Sharing Agreements in Anjana Data but I think that our approach includes a much wider scope of what a DSA covers. I am going to write a specific post and will share it here ?? A DSA is the key element to bridge the gap between business and IT worlds for data sharing and consumption management.
Chief Data Officer - Bank Pictet & Cie (Europe) AG | Data Intelligence, Governance & Management | CFA | Finance
4 年Good summary to understand the importance of DSA...
Director - Data Office | CIMP in Data Governance | Data Strategy | Data Management | Keynote Speaker
4 年Thanks Nicola. It was a good read. I am currently working on building internal Data sharing agreement (between Data producers & Data consumers). These are our focus items: 1. Keep DSA separate from Service level agreements, which are IT specific and generally involves Elements like frequency, transfer time, method etc. SLA currently exists in the organization. 2. include business element in the DSAs like critical data elements being consumed, who owns it, where is it being consumed 3. The data quality aspects 4. Who should be accountable for in case there is a DQ breach.( escalation points etc.) Thoughts?
???? MIS Mentor | ??Data Science |?? Educator |??? YouTuber
4 年Thanks for sharing Nicola , very useful article ??