Sending data, receiving data, or both.
Refer to the guideline produced by the University of Toronto which provides a comprehensive overview of the benefits associated with data sharing and the context within which data sharing and data management challenges and obligations typically occur.
An inter-institutional or intra-institutional agreement to share data according to certain terms and conditions.
Data sharing agreements identify the parameters which govern the collection, transmission, storage, security, analysis, re-use, archiving, and destruction of data.
In situations where the researcher has legal or ethical obligations, or where a real risk exists if the data is inappropriately accessed or used.
Certain non-academic research activities (e.g., institutional reporting, quality assurance, program evaluation) might also present the possibility of high risks of privacy or security breaches as indicated by the Privacy and Security Assessment.
- Contact the University of Waterloo Privacy Officer to review your needs before requesting data from an academic department such as Institutional Analysis and Planning, Graduate Studies Office, or the Registrar’s Office.
The amount of detail to be provided should be commensurate with the nature of the data to be collected, the likelihood of a privacy breach, and the possible magnitude of harm which may occur to participants if their privacy rights were violated.
Gathering anonymous information may require minimum safeguards.
Gathering personally identifying and highly restricted health information should be subject to increased scrutiny and safeguards.
University of Waterloo requirements concerning human participant data security and storage are outlined in the Guideline on Research Participants’ Data Security.
For a data set to be “de-identified”, the University of Waterloo requires that de-identification meet, as a minimum, either the US Safe Harbor standards or expert determination method.
Whenever possible data sharing agreement terms should be contained within a master research agreement (e.g., clinical trial agreement).
When submitting an ethics application, include the portion of the research agreement which describes the data sharing arrangements which have been developed.
This agreement should be developed prior to submitting the ethics application.
Some research protocols involving human participant data submitted for ethics review may require a data management plan.
All ethics applications ask the researcher to describe how participant data will be secured and protected.
- Review the Privacy and Security Assessment to assess the privacy and security risks associated with specific data sets whether these include human participant data or not.
If you have any questions concerning your proposed data management plan, the Privacy Officer should be contacted prior to submitting an ethics application or while you are developing a research agreement to ensure that the proposed data management plan is appropriate to manage these identified risks. The Director of Information Security can also be consulted should you require clarification on the categorization of the data contained in the proposed data set.
Researchers MUST develop a data sharing agreement or include these items as part of a master research agreement when they are conducting:
- Multi-site clinical trials where compliance obligations require that the data management plan and agreements be explicitly detailed
- Any data sharing involving multiple institutions which have been assessed using the Privacy and Security Risk Assessment where the score is 8 or above
A copy of the risk assessment and data sharing agreement (or research agreement which spells out the data sharing agreement) is to accompany the ethics application.
When I should NOT share data even if the situation suggests that a data sharing agreement may be required?
Researchers should not share data when:
- The researcher does not hold intellectual property rights
- Participants have expressed a preference to not have their data used or shared for other activities or other research
- The data is embargoed or otherwise restricted under pre-existing agreements
- The data is involved in litigation
- If USA research:
If the Privacy and Security Assessment suggests that this proposed data exchange or sharing requires a data sharing agreement, the Office of Research can assist you in developing and negotiating a data management or data sharing agreement or incorporating these elements into your master research agreement.
Please contact Leslie Copp.