Research Data Governance and Privacy

…the principle of openness in research - the principle of freedom of access by all interested persons to the underlying data, processes, and to the final results of research - is one of overriding importance.

Stanford Research Policy Handbook 1.4

Who We Are

The Research Data Governance and Privacy team helps develop policy and procedures aimed at creating a gold standard for data compliance, management and sharing. The unit provides guidance for research administrators, faculty and others, encouraging a culture of prospective planning for responsible data use across the research lifecycle.

A constellation of expert service providers is available to help researchers at Stanford navigate the data-related policies and expectations that apply to them and their data, for example, the NIH Data Management and Sharing Policy. The unit provides guidance for the Stanford research community in navigating today’s data tsunami and developing data management plans relevant to their research engagements.

Our Services

The unit provides subject matter expertise for research administrators, faculty and other stakeholders, with respect to controlled access mechanisms: 

  • Resources and assistance around data privacy and the Data Use Agreement (DUA) approval process

  • Third-party vendor data contracts

  • Compliance with laws and regulations associated with data such as HIPAA and GDPR

  • Coordinating reviews by research support offices such as Information Security Office, Contracts Office, Privacy Office, Global Engagement Review Program (GERP) and others

  • Navigating the DUA process

  • De-identification

These data agreements are required when the research is funded by the National Institutes of Health and often required or recommended in a wide variety of other research engagements. In the coming years, additional federal agencies are expected to propose and adopt policies and requirements related to data sharing for federally funded research. We partner with several offices across the Stanford campus such as the Office of Research Administration, Industrial Contracts Office and Research Management Group.

A Data Management and Sharing Plan is a two-page document applicable to National Institutes of Health proposals that describes how your research team intends to manage, preserve, and share the scientific data associated with the proposed work.

Resources for Managing Data

The majority of the inquiries from the Stanford research community to our team center around requests for resources in writing effective data management and sharing plans. The unit provides researcher access to tools and services to help ensure sensitive data is afforded privacy and protection and its management meets federal requirements:

  1.  DMP Tool 
    1. This platform helps researchers write effective data management plans, including NIH data management and sharing plans. Available for free, the DMP Tool includes templates, guidance, and links created by data management experts at Stanford and beyond.
  2. Assistance by Type of Research
    1. The first stop for researchers to start the DUA process typically hinges on who the research sponsor is. Below are the most common research funding scenarios and the offices to contact for assistance in the Data Use Agreement approval journey:
      1. Nonprofit and government sponsored research: Go to the Office of Research Administration (ORA)
      2. Industry sponsored clinical trials: Contact the Research Management Group (RMG)
      3. Industry sponsored research agreements other than clinical trials are handled by the Industrial Contracts Office (ICO)
      4. The Office of Research Administration has a dedicated DUA team that straddles both the ORA and ICO. That team handles data agreements for profits and nonprofits alike.
  3. Stanford DMP Service

    1. This Stanford DMP Service provides a single point of entry for getting assistance in writing data management and sharing plans and, when necessary, referring questions to other services available on campus. These include those within the libraries, the Quantitative Sciences Unit (QSU), and the Stanford Program on Rigor and Reproducibility (SPORR).

    2. Learn More about the DMP Service: Email stanford-dmp@lists.stanford.edu or complete this form.

Scott Edmiston

Our Team

Scott Edmiston

Research Data Governance and Privacy Director

scotted@stanford.edu

Learn More

Explore more details about the NIH data management requirements and tips for writing an effective Data Management Plan. Visit Six Things You Need to Know About the NIH Data Management and Sharing Policy.

Six Essentials of an Effective Data Management Plan

While a specific format is not required for a Data Management and Sharing Plan, the following six elements should be addressed. The Stanford DMP Service recommends describing each of them in discrete sections. Individual centers, offices, and calls for proposals may also have specific requirements about how these elements should be addressed such as the use of specific repositories for secondary uses.

Data Types

A description of the types and estimated amount of scientific data that will result from NIH-funded or conducted research, which scientific data will be preserved and shared, and the rationale for these decisions.

Related Tools, Software and/or Code

Whether specialized tools are needed to access or process shared data to support replication or reuse. The names of the needed tools and software should be listed.

Data Standards

An explanation of what standards will be applied to the scientific data and associated metadata to be collected. These include data formats, data identifiers, definitions, unique identifiers, and other data documentation.

Data Preservation, Access, and Associated Timelines

An indication of the timelines for data preservation and access.

Data Sharing Agreements, Licenses, and Other Use Limitations

NIH encourages the broadest use of scientific data resulting from the research it funds or conducts. This sharing should be consistent with privacy, security, informed consent, and proprietary issues.

Oversight of Data Management

Information on who is responsible for data along the various stages of a research project – data collection, transfer, processing, publication, and final disposition (i.e., deposit into a repository for appropriate secondary uses). This will also include appropriate planning for individual roles and responsibilities across the data lifecycle.

More About NIH Data Sharing Recommendations

While there is no specific requirement to share data, NIH expects researchers to plan for appropriate secondary uses and for researchers to maximize those opportunities. NIH says the research community should “maximize the appropriate sharing of scientific data generated from NIH-funded or conducted research, consistent with privacy, security, informed consent, and proprietary issues.” 

This should be done where appropriate and subject to considerations associated with privacy, security and Ethical, Legal, and Social Implications (ELSI). The policy does not state that all data needs to be shared openly. However, if restrictions are placed on data sharing, researchers need to outline them in the Data Management and Sharing Plan. 

Created: 10/21/22

Updated: 08/13/24