The Infocomm Media Development Authority (IMDA) and Personal Data Protection Commission (PDPC) just announced the first comprehensive Trusted Data Sharing Framework to facilitate trusted data sharing between organisations.
The trusted use of data is the foundation of a vibrant Digital Economy, and trusted data flows have the potential to deliver tremendous benefits to both organisations and consumers. For organisations, it facilitates more effective information exchanges, and enables shared data assets to support the development of innovative solutions, to customise services and processes for different market segments. For consumers, their willingness to share their data with organisations reflects the amount of confidence they have in an organisation’s ability to use and safeguard data. The intent of the Framework is that with stronger safeguards and clarity on regulatory compliance, consumers will be more ready to share their data and consequently benefit from more personalised goods and services.
While organisations have begun to recognise the value of data, they face the following challenges in sharing their data assets:
- A lack of guidance, methodologies and systemic approaches for data sharing;
- Establishing trust with partners when sharing data;
- Ensuring compliance with regulations such as the Personal Data Protection Act (PDPA);
- Valuing the data assets they currently have; and
- Addressing concerns that data sharing could result in a loss of business competitiveness or exposure of trade secrets.
This can impact their ability to maximise the use of data to develop and bring innovative products and services to market.
To address these challenges, the Framework helps organisations to establish a set of baseline practices by providing a common ‘data-sharing language’ and suggesting a systematic approach to the broad considerations for establishing trusted data sharing partnerships. It incorporates content from existing PDPC guides on personal data anonymisation and sharing; new materials such as a guide to data valuation for data sharing; and sample legal templates to enable contractual data sharing. When using the Framework, organisations will also be guided through the regulatory considerations, and the contractual, technical and operational safeguards needed in a data sharing arrangement.
The Framework can help uplift practice norms – enabling better, trusted data flows for the Digital Economy both within the local ecosystem and globally. They can also empower emerging technologies such as Artificial Intelligence (AI) by incorporating accountability, transparency and human-centricity by-design right from the beginning.
Building on prior guides and in collaboration with industry stakeholders, the IMDA and PDPC developed the Trusted Data Sharing Framework to create a common “datasharing language” that organisations can use during their data sharing journey.
The Framework provides a baseline systemic approach, guides and examples on data sharing concepts, tools and resources. It embeds trust elements throughout the process and lowers barriers to data sharing, while ensuring that personal data remain protected and used responsibly. Reasons for organisations to share or obtain data assets can include: achieving cost reductions across the business process; income generation; and if the data could be used as a public or sectoral good. Furthermore, it outlines key considerations in four main areas when establishing trusted data partnerships.
- Data Sharing Strategy informs organisations on data sharing requisites, including addressing data sharing potential and value, and the types of arrangements that can be used. Based on the potential business need or use case that has been identified, organisations can then take stock of their available data assets, and consider which data sharing models would be most appropriate
- Legal and Regulatory Considerations guide organisations to think through key areas for regulatory compliance for data sharing – such as legal, sectoral or regulatory obligations. They could consider using reference sample legal templates as a baseline to draft their data sharing arrangement or seek further aid from the right authorities.
- Technical and Organisation Considerations help organisations understand broad technical considerations and decide on the technical delivery mode which would be most fit-for-purpose for their use case, requirements and data sharing arrangements.
- Operationalizing Data Sharing highlights that building trust requires organisations to consider processes beyond transfer of data, such as how shared data is handled, used and disposed. Examples include ensuring transparency and accountability during and after data exchange, or how they can use the data received responsibly for secondary purpose in accordance to the agreed contract. (Source:IMDA)