Protocol for Exchange and Shared Responsibility for Institutional Data

Audience:

Northwestern faculty and staff

Statement:

There are many cases where data is shared, particularly between enterprise application systems and Local Management Information Systems (LMIS). This will continue and will be driven by better systems and tools that further enable data sharing.

Once the custodians of the source and requesting systems reach an agreement to share data, it is important to document that instance of data sharing. It may also be important to document a mutual understanding of the particular parameters of a data sharing agreement, including the responsibilities and security needs associated with provisioning data to the requesting system. Such documentation will lend structure to the implementation and maintenance of the data sharing
agreement, and will assist in instances of personnel turnover. On the other hand, undocumented or ‘handshake’ agreements pose risks to the institution, particularly if sensitive or nonpublic data becomes available to unauthorized individuals or entities because the second system is not appropriately secured and/or is not implementing institutional policies regarding data access.

The purpose of the following example is to illustrate the range of issues to consider in documenting a data sharing agreement. It comprises a full set of recommendations for which the parties to a particular agreement will determine the extent and level of implementation.

The full document, Protocol for Exchange and Shared Responsibility for Institutional Data (pdf), is available for download.

Original Issue Date: