Datatrust Governance and Policies: Questions, Concerns and Bright Ideas.

A running list of open issues for governing a datatrust.

  1. What is the datatrust? What is its purpose?
  2. Who builds the datatrust technology? Who gets to use it?
  3. Who holds the data?
  4. What is our privacy policy?

  5. Who runs the datatrust and how?
  6. The Community.
  7. The Board.
  8. The Staff.

  9. How is the datatrust funded?
  10. How do we monitor datatrust health?
  11. Can the datatrust change its mission? Does it have a living will?


All nonprofit organizations have a board of directors, by-laws, institutional documents and policies that declare how decisions are made, what processes are followed, and where responsibilities and rights reside.

We at the Common Data Project believe that we have to have all of the above and more.

Our goal is to build a datatrust, a new data store that allows for the safe and secure release of sensitive, valuable, personal information to the public. We want:

  • To be driven by the public's need for data, rather than any need for profit;
  • To be an impartial, nonpartisan source of data, with information that may be useful for a diverse range of uses in a diverse range of domains.

As a new institution, we want to be innovative, both with the technology that goes into the datatrust and the policies that govern the datatrust. It’s not enough to be just a nonprofit, and expect the glow of that halo to sanctify what we do. It’s not enough to say, “Trust us, we promise!” We know trust is earned, and the first step is to declare simply and clearly what decisions we have made, what decisions remain, and how those outstanding issues will be resolved.

There are 10 pages of detailed questions and ideas in this document. Here's a short summary of our overall strategy.

  1. Make a clear and enforceable promise around privacy.
  2. Keep the datatrust simple. We will never be all things to all people. The functions it does have will be small enough to be managed and monitored easily by a small staff, the user community, and the board.
  3. Have many decision-makers. It's more important that we do the right thing than that we do them quickly. We will create a system of checks and balances, in which authority to maintain and monitor the datatrust will be entrusted to several, separate parties, including the staff, the user community, and the board.
  4. Monitor, report and review, regularly. We will regularly review what we're monitoring and how we're doing it. Release results to the public.
  5. Provide an escape valve. Develop explicit, enforceable policies on what the datatrust can and can't do with the data. Prepare a "living will" to safely dispose of the data if the organization can no longer meet its obligations to its user community and the general public.