Towards trusted data sharing: guidance and case studies

Data sharing checklist

8. Develop the mechanisms for good governance and oversight, to enable trusted data sharing

  • What are the various stakeholders’ roles and responsibilities?


  • Who provides oversight?


  • How are regulatory and legal requirements addressed through the governance mechanisms? What are the liabilities?


  • What are the ethical issues that are raised and how can they be dealt with? Who is benefiting and who is taking on risks and liabilities? How can stakeholders relating to the data hold data-sharing participants to account?


  • What needs to be included in any data-sharing agreements? How are agreements enforced?


  • How is trust enabled?

Learning from the case studies:

Governance oversight by users, or by a third party accountable to the users, will help enable trust. Effective collaboration is a key part of this.

A people-centric governance programme, which reflects a collective understanding of rights, duties and data management processes, should be set up as early as possible, The governance programme should underpin all activities. This has been The Weather Company’s approach.

Organisations need to treat data as both asset and a liability, and understand its value.

Organisations need to have a strong ethical approach, as well as addressing legal and regulatory requirements. Grampian Data Safe Haven has been developed in response to stringent ethical and regulatory requirements.

Standardised terms and conditions should be used and respected where possible. A two-way agreement will be required with obligations and permissions on both sides. Even open data has terms and conditions.

Projects need clarity about the ownership rights on derivative work, which may include data cleaning, and an understanding of the chain of custody. Data agreements should specify when data remains the property of the owner or originator.