Data Sharing Process
Data Governance helps ensure the appropriateness of data sharing across the University, thus minimizing the risk of oversharing and/or misuse of university data.
For this reason, the Data Governance Office implemented a process to help manage the expectations of both data providers (Data Stewards and Data Custodians) and data requestors, and ensure that data sharing between university departments complies with university policies related to privacy and use of university data.
The Data Sharing Process requires a data requestor (university department requesting data from a university system or from another department) to submit a Data Sharing Agreement request to the Data Governance Office, for review of approval of the data sharing and usage and approval by Data Stewards. Data Sharing Agreements outline the terms and conditions governing the sharing of data between university departments.
In order to ensure appropriate data sharing across the University, the following expectations apply:
-
Data Requestors should provide a justification for the data they need, why the data is requested, how it will be used, and by whom (Department, individual staff members). The data requestor must limit the use of the data to the described purpose and must not use the data for other purposes without approval from the Data Governance Office and the respective Data Steward(s).
Data Requestors are also expected to handle the data received, in accordance with its sensitivity and in compliance with university policies and requirements for data protection (outlined in the university’s Data Management and Protection Standard).
For data characterized as regulated, additional security and privacy reGo to the Data Governance Center and click on the red Data Sharing Agreement button.quirements will apply.
-
Data Stewards should obtain all the necessary details related to the data they are requested to approve and share, prior to approving a data sharing request.
If any concerns arise, with regards to the data sharing request, and/or the use of the data requested, Data Stewards should communicate such concerns to the Data Governance Office [Send email to dgc@ gwu.edu] and the GW Privacy Office [Send email to privacy@ gwu.edu], and seek resolution.
-
Data Custodians should also obtain all the necessary details related to the data they are requested to share, along with copy of approval of the data sharing request, from the Data Governance Office, prior to sharing the requested data.
If any concerns arise, with regards to the data requested to be shared, and/or its use by the data requestor, Data Custodians should communicate such concerns to the Data Governance Office [Send email to dgc@ gwu.edu] and the GW Privacy Office [Send email to privacy@ gwu.edu], and seek resolution.
In order to make the process of requesting data more efficient, the University has built a Data Sharing Agreement workflow (located in Collibra), which streamlines the request process. This workflow routes data sharing requests, for review and approval, to the Data Governance Office and Data Stewards.
To create and submit a Data Sharing Agreement for approval, Data Requestors must follow the steps below:
Note: To minimize the time needed for review and approval of your Data Sharing request, make sure that your request is specific and provide all the necessary details and enough context, so that the reviewers have all of the information they need to understand the request and can determine its suitability.
- Go to the Data Governance Center and click on the red Data Sharing Agreement button
- Complete the Form. The following are the fields that need to be filled out:
- Name of Data Sharing Agreement
- Data Sharing Agreement Type
- Requesting application/project
- Name of Granting System (Banner, EAS, etc)
- Granting Approvers (Data Steward name and e-mail)
- What is the business justification for requesting the data?
- What data is being requested? (i.e. Enrollment Data, Finance Data, HR Data, etc.)
- Who is the intended audience?
- How will the data/services be used?
- How will the data be accessed?
- How often does the data need to be refreshed from the source?
- Requested Data - data field, table, view + (use/description)
- Is Data Shared outside of GWU?
- If data is shared outside of GWU please list who data is shared with?
- Submit the form by clicking on the Create DSA button. Status will be set to Candidate.
- The Request will be logged and sent to the Data Governance office. The data governance office will assign the data stewards and seek their approval and status will be changed to Approval Pending.
- The granting Data Steward approves or rejects the DSA. The decision must be unanimous if more than one approver is involved.
- The granting Data Steward approves or rejects the DSA. The decision must be unanimous if more than one approver is involved.
-
If the request is not approved, the Data Steward(s) determines whether the request is rejected due to insufficient information or due to the request being materially inappropriate. If the rejection is due to insufficient information, the Data Steward(s) should communicate this to the Requestor. The Requestor then repeats the process starting at step 1 to ensure all aspects of the DSA meet the needed requirements.
-
If the request is approved, the Data Governance office will assign an implementer (Data Custodian). Status is changed to In Progress and requester is notified.
-
Data Custodians work with Requestor to implement the method to share the data abiding with any special conditions documented by the Data Steward(s). Status is changed to Implemented.