Governing the Datatrust: Answering the question, "Why should I trust you with my data?"

Progress on defining the datatrust is accelerating--we can almost smell it![pullquote]For a refresher, the datatrust is an online service that will allow organizations to open sensitive data to the public and provide researchers, policymakers and application developers with a way to directly query the data, all without compromising individual privacy. Read more.[/pullquote]For the past two years, we've been working on figuring out exactly what the datatrust will be, not just in technical terms, but also in policy terms.[pullquote]We've been thinking through what promises the datatrust will make, how those promises will be enforced, and how best we can build a datatrust that is governed, not by the whim of a dictator, but by a healthy synergy between the user community, the staff, and the board.[/pullquote]The policies we're writing and the infrastructure we're building are still a work in progress.  But for an overview of the decisions we've made and outstanding issues, take a look at "Datatrust Governance and Policies: Questions, Concerns, and Bright Ideas".Here's a short summary of our overall strategy.

1. Make a clear and enforceable promise around privacy.
2. Keep the datatrust simple. We will never be all things to all people. The functions it does have will be small enough to be managed and monitored easily by a small staff, the user community, and the board.
3. Have many decision-makers. It's more important that we do the right thing than that we do them quickly. We will create a system of checks and balances, in which authority to maintain and monitor the datatrust will be entrusted to several, separate parties, including the staff, the user community, and the board.
4. Monitor, report and review, regularly. We will regularly review what we're monitoring and how we're doing it. Release results to the public.
5. Provide an escape valve. Develop explicit, enforceable policies on what the datatrust can and can't do with the data. Prepare a "living will" to safely dispose of the data if the organization can no longer meet its obligations to its user community and the general public.

We definitely have a lot of work to do, but it's exciting to be narrowing down the issues.  We'd love to hear what you think!P.S. You can read more about the technical progress we're making on the datatrust by visiting our Projects page.