Overview:
The Data Sharing Policy provides a unified framework for sharing data owned by the University of Majmaah. This policy helps achieve a balance between the benefits and risks associated with data sharing between entities in both the public and private sectors, and regulates the process of publishing open data, making public information available, and exchanging protected data, including personal data. This will lead to an increase in transparency, enhance integrity, and eliminate unnecessary secrecy regarding the activities of the university through organizing the exercise of the right to access or obtain public information.
Objectives:
This policy aims to regulate the process of sharing data, regardless of its form or nature, and to enhance integration between different governmental entities. It organizes the practices related to data sharing and obtaining data from its source in accordance with the regulations issued by the National Data Management Office in the documents "Data Management, Governance, and Protection of Personal Data Regulations" (Version 1.5 – January 2021) and "National Data Governance Policies" (Version 2 – 26/05/2021).
Key Principles of Data Sharing:
Data sharing is done in accordance with the following key principles:
-
Principle One: Promoting a Culture of Sharing
Data sharing aims to achieve integration and adopt the "once-only" principle to obtain data from correct sources, minimizing duplication, conflict, and multiple sources. If data is requested from a source other than its original source, the requesting party must obtain the approval of the data owner before sharing it. -
Principle Two: Legitimacy of Purpose
Data should only be shared for legitimate purposes based on a legal basis or a justified business need aimed at achieving a public benefit without causing harm to national interests, individual privacy, or any other harm. Exceptions are made for data and entities exempted by royal orders. -
Principle Three: Authorized Access
Entities involved in data sharing must have the proper authorization to access the data in accordance with the Data Classification Policy. Additionally, the individuals involved should have the knowledge, skills, and qualifications to handle the data being shared. -
Principle Four: Transparency
All entities participating in data sharing must make all necessary information available regarding the shared data, including the required data, its purpose, classification according to the Data Classification Policy, means of transmission, storage methods, protection measures, and disposal mechanisms. -
Principle Five: Shared Responsibility
All entities involved share responsibility in the data-sharing process. They are responsible for decisions regarding data sharing and processing, ensuring compliance with security controls outlined in the data-sharing agreement, and adhering to the relevant laws, regulations, and policies. -
Principle Six: Data Security
Entities involved in data sharing must implement appropriate security controls to protect the data and share it in a secure and trusted environment in accordance with the policies and regulations issued by the National Cybersecurity Authority. -
Principle Seven: Ethical Use
All entities involved must apply ethical practices during the data-sharing or exchange process to ensure its use with integrity, honesty, professionalism, and compliance with information security policies, as well as regulatory and legislative requirements.
Data Sharing Controls:
-
Legal Basis
-
Authorization
-
Type of Data
-
Pre-processing of Data
-
Means of Data Sharing
-
Use and Retention of Data
-
Duration of Data Sharing, Frequency of Sharing, and Termination of Sharing
-
Liability Provisions