Want to know if your data are managed responsibly? Here are 15 questions to help you find out


As the volume and variety of data about people increases, so does the number of ideas about how data might be used. Studies show that many people want their data to be used for public benefit.

However, the research also shows that public support for use of data is conditional, and only given when risks such as those related to privacycommercial exploitation and artificial intelligence misuse are addressed.

It takes a lot of work for organizations to establish data governance and management practices that mitigate risks while also encouraging beneficial uses of data. So much so, that it can be challenging for responsible organizations to communicate their data trustworthiness without providing an overwhelming amount of technical and legal details.

To address this challenge our team undertook a multiyear project to identify, refine and publish a short list of essential requirements for responsible data stewardship.

Our 15 minimum specification requirements (min specs) are based on a review of the scientific literature and the practices of 23 different data-focused organizations and initiatives.

As part of our project, we compiled over 70 public resources, including examples of organizations that address the full list of min specs: ICES, the Hartford Data Collaborative and the New Brunswick Institute for Research, Data and Training.

Our hope is that information related to the min specs will help organizations and data-sharing initiatives share best practices and learn from each other to improve their governance and management of data.

Minimum specification requirements

We also think the min specs can help people know what to expect of responsible data stewards. To support people in using the min specs, we translated them into plain language questions that individuals can pose to the organizations that collect, use or share their data:


1) What laws, consent forms or other documents give you the authority to collect, use or share data?


2) Where do you publicly state the purpose behind your data-focused activities?

3) Which committee or group is accountable for important decisions such as who can use data and how they can use it?

4) How do you achieve transparency about your data holdings, data access policies and other information that people want to know about their data?

5) How do you acknowledge and respect Indigenous Data Sovereignty?

6) What measures are in place to ensure you adapt and respond to new threats and opportunities?


7) What policies, processes and procedures do you have to cover the entire data life cycle from collection through to use, sharing and destruction?

8) How do you address cybersecurity and data protection?

9) How do you identify and manage risks related to data?

10) What data documentation do you have to help people understand the data you hold?

Data users

11) Is there mandatory privacy and security training that data users must complete?

12) What are the consequences if data users do things they are not allowed to do with data?

Stakeholder and public engagement

13) How do you engage with stakeholders such as the organizations that provide you with data and the organizations that use the knowledge you generate?

14) How can members of the public be informed and get involved in the decisions you make about data?

15) What special measures do you have to engage and involve groups who have a special interest in your activities or decisions?

Transparent and trustworthy

These min spec questions can serve as a framework to improve data governance and management practices.

It is our hope that the more that members of the public request this kind of information, the more that organizations will proactively make it available or adapt their practices.

In this way, the min specs can help increase the transparency and trustworthiness of data holding organizations, which can, in turn, lead to more support for data being shared and used for public benefit.

Author Bios: P. Alison Paprica is Professor (adjunct) and Senior Fellow, Institute for Health Policy, Management and Evaluation, Dalla Lana School of Public Health at the University of Toronto, Amy Hawn Nelson is in the Research Faculty, Actionable Intelligence for Social Policy (AISP), at the University of Pennsylvania, Donna Curtis Maillet is Privacy Officer, New Brunswick Institute for Research, Data and Training, Research associate, Faculty of Law at the University of New Brunswick, Kimberlyn McGrail is Professor of Health Services and Policy Research at the University of British Columbia and Michael J. Schull is Professor, Department of Medicine at the University of Toronto