Essential requirements for establishing and operating data trusts: practical guidance based on a working meeting of fifteen Canadian organizations and initiatives
Introduction: Increasingly, the label data trust is being applied to repeatable mechanisms or approaches to sharing data in a timely, fair, safe and equitable way. However, there is a gap in terms of practical guidance about how to establish and operate a data trust. Aim and Approach: In December 2019, the Canadian Institute for Health Information and the Vector Institute for Artificial Intelligence convened a working meeting of 19 people representing 15 Canadian organizations/initiatives involved in data sharing, most of which focus on public sector health data. The objective was to identify essential requirements for the establishment and operation of data trusts. Preliminary findings were presented during the meeting then refined as participants and co-authors identified relevant literature and contributed to this manuscript. Results: Twelve (12) minimum specification requirements (min specs) for data trusts were identified. The foundational min spec is that data trusts must meet all legal requirements, including legal authority to collect, hold or share data. In addition, there was agreement that data trusts must have (i) an accountable governing body which ensures the data trust advances its stated purpose and is transparent, (ii) comprehensive data management including responsible parties and clear processes for the collection, storage, access, disclosure and use of data, (iii) training and accountability requirements for all data users and (iv) ongoing public and stakeholder engagement. Conclusion / Implications: Based on a review of the literature and advice from participants from 15 Canadian organizations/initiatives, practical guidance in the form of twelve min specs for data trusts were agreed on. Public engagement and continued exchange of insights and experience is recommended on this evolving topic.