Essential requirements for establishing and operating data trusts: practical guidance co-developed by representatives from fifteen canadian organizations and initiatives.

Abstract

IntroductionIncreasingly, the label “data trust” is being applied to repeatable mechanisms or approaches to sharing data in a timely, fair, safe, and equitable way. However, there is an absence of practical guidance regarding how to establish and operate a data trust.Aim and approachIn December 2019, the Canadian Institute for Health Information and the Vector Institute for Artificial Intelligence convened a working meeting of 19 people representing 15 Canadian organizations/initiatives involved in data sharing, most of which focus on public sector health data. The objective was to identify essential requirements for the establishment and operation of data trusts in the Canadian context. Preliminary requirements were discussed during the meeting and then refined as authors contributed to this manuscript.ResultsTwelve minimum specification requirements (“min specs”) for data trusts were identified. The foundational min spec is that data trusts must meet all legal requirements, including legal authority to collect, hold or share data. In addition, there was agreement that data trusts must have (i) an accountable governing body to ensure that the data trust achieves its stated purpose and is transparent, (ii) comprehensive data management including clear processes and qualified individuals responsible for the collection, storage, access, disclosure and use of data, (iii) training and accountability requirements for all data users and (iv) ongoing public and stakeholder engagement.ConclusionsPractical guidance for the establishment and operation of data trusts was articulated in the form of 12 min specs requirements. The 12 min specs are a starting point. Future work to refine and strengthen them with members of the public, companies, and additional research data stakeholders from within and outside of Canada, is recommended.