Data Sharing Policy and Procedures

Definitions

  • Data: A collection of facts in its raw or unorganized form such as numbers, letters, still images, video, audio recordings, or emojis.
  • Applicant: Any government entity or private entity or individual who submits a data sharing request.
  • The Source: The government entity responsible for establishing technical standards, data validation, and retention.
  • The Appointed Party: The Appointed Party based on data sharing according to authorization from the Source Party.
  • The requesting party: Which government entity receives the data sharing request.
  • Data Sharing Parties: Any party involved in the data sharing process, including the applicant and the party from which the sharing is requested.
  • Data Sharing Agreement: Standard agreement signed between two parties to define the roles and responsibilities of the parties according to the controls.
  • Data Sharing Control Template: A standard template that defines controls and roles and responsibilities when sharing data between government agencies.
  • The Authority: The Saudi Data and Artificial Intelligence Authority.
  • Office: National Data Management Office.
  • Office: Office of Data Management in the Government Entity.
  • Government Integration Channel: A secure channel for sharing data between government agencies to achieve integration.
  • Data Market: A platform aimed at automating data sharing processes between government entities.
  • Metadata: detailed information describing the data and its properties of use.

      • Goal

      The purpose of the data sharing policy is to promote data sharing to achieve integration between government entities and obtain data from its sources. This policy is in line with national policies for data and artificial intelligence.

      Scope

      These provisions apply to all data generated by the University, regardless of whether it is shared with government agencies or private or individual entities, whatever the source, form, or nature of the data.

      No provisions of this policy apply in cases where the requesting party is a government entity and the request is for security or judicial purposes.

      Key Principles of Data Sharing

      • Enhancing participation culture: The university shares key data to achieve integration, adopting a "single-view" data principle.
    • Purpose Legitimacy: Data is shared for legitimate purposes and according to a practical system or need that achieves public interest without harming national or individual interests.
    • Authorized Access: All parties involved have the right to view and use the data according to their permissions.
    • Transparency: All parties commit to providing all necessary information about data sharing, methods of transfer, storage, and protection.
    • Shared Responsibility: All parties are responsible for participation decisions and ensuring security controls according to agreements and policies.
    • Data Security: Implementing appropriate security controls to share data in a safe and reliable environment.Ethical Use: Adhering to ethical practices during data sharing and ensuring fairness and integrity.

      • The steps required to carry out the data sharing process

      • First: The applicant submits a data sharing request to the University Data Management Office via the relevant authority if the request is from a government authority.
    • Secondly: The University Data Management Office refers the request to the relevant Business Data Representative to evaluate and process the request.
    • Thirdly: The specialist verifies the level of data classification required and follows the classification policy according to need.
    • Fourthly: The relevant official completes the participation if all principles of data sharing are met.
    • Fifth: If one of the principles is not met, the competent authority must reject the request, stating the observations and providing an opportunity for amendment.
    • Sixth: After fulfilling the principles, the specialist obtains approval from a business data representative to complete the participation.
      • seventh: specifies the competent person to determine the appropriate controls and must agree on them between all parties involved.
    • eighth: After agreeing on the controls, the data sharing agreement is detailed and signed by all parties in the agreement.
    • Ninth: Can the University Data Management Office share the required data with the student party after signing the agreement.