Skip to main content

Governance Policies

Data governance involves managing data access and availability effectively.

When it comes to data deposited in the Synapse platform, access control features are implemented to ensure secure management. Data sharing settings are determined through sharing agreements established between Sage Bionetworks and research teams. Data remains private until the project teams agree to release it.

Phases of Data Sharing for Gray Foundation

Data sharing occurs in three distinct phases:

Private Phase

During this phase, data is exclusively accessible to the Contributor and individuals designated by the Contributor. This configuration serves as the default setting unless specified otherwise by the grant. For instance, certain pilot projects may start directly in the Collaborative Sharing Phase.

Collaborative Sharing Phase

In the Collaborative Sharing Phase, curated data becomes accessible to investigators within the network.

Public Sharing Phase

In the Public Sharing Phase, data is made available to the broader research community while maintaining appropriate controls.

Process for Contributing Teams

Significant governance activities occur even before data is generated or deposited into Synapse. Through the initial Governance Working Group, negotiations with each institution, and detailed data sharing plans requested from data contributors, the Data Coordination Center (DCC) collects the necessary agreements and information to tailor governance measures. These efforts address several key questions, such as:

  • What are the relevant policies based on the territorial origins of the data? (For example, data from Europe falls under the jurisdiction of GDPR.)
  • What are the relevant policies based on the institutional origins of the data?
  • What conditions are specified according to the preferences of data contributors?
  • Does the data contain sensitive information?
  • What were the patient consents obtained for this human data?
  • Is the data provided in a de-identified format according to HIPAA guidelines for human data?

When will I interact with Governance?

You might interact with our governance team:

  • At the inception, negotiating data transfer agreements
  • At upload of data or clinical data, if there's questions about PHI or patient consents
  • Before data release, if anonymous reviewer access is required
  • At data release, where certain features might be need to be put in place regarding the data Governance Roles

For Data Re-users

For researchers hoping to understand governance so that they can re-use the data, please see data access.