This paper is the culmination of an effort to identify frameworks that can be used to safely share and use data. It sets out frameworks for data sharing that consider the level of personal information in data, sensitivities associated with the use of the data itself, and sensitivities in use of outputs of analysis of data. These sensitivities are addressed by variable controls at appropriate points in the data life cycle.
The work identifies controls to ensure that data is treated appropriately along its entire life cycle. It is this, often unknown, life cycle that creates so much concern for data custodians and others involved in the data ecosystem, including data subjects themselves.
The controls identified in this paper are linked to demonstrated capability, assessable governance, and clear lines of authority at each phase of the data life cycle. These link the purpose of data sharing (the ‘why’) with the mode of data sharing (the ‘how’) and provide a method to ensure sufficient governance in the circumstances.