I’ve written before about Data Trusts, how they might help, different options, and considerations for trustees. I even made an audio version of this in a podcast episode. All of this builds on the work of others, especially Digital Public.
One of the questions people are asking often is ‘how do you set one up?’ One part of my answer involves lawyers and your legal team. However, before you talk with them, you need to know what you want, which also depends on your context. While this is by no means exhaustive, here are a few questions in different sections to start you thinking.
Here a tiny bit of context is likely helpful, but focus on what legal jurisdiction the Trust will be governed. Also, think about dates – start dates and even potentially dates when the Trust will be dissolved.
While this might seem the easiest part, it often the most difficult as it is important to be extremely clear and also narrow. It’s good to remember, the purpose should also be transparent.
What is the problem you are trying to solve? Be extremely specific – sharing data is not specific enough. Does the Trust hold data or provide access to data through it? What can the data be used for? Is the data updated? If so, by whom? How? Do stakeholders need to ask permission to take any specific actions? If so, which ones? What can not it not be used for? Which stakeholders can have access to the data? What is the criteria for a stakeholder? What are the consequences of bad behaviour?
It can be helpful to consider what could go wrong, what the risks are so that you can clarify the purpose better. So perhaps conduct a pre-mortem, think about abuses of trusts, potential harms to the beneficiaries, or what is uncertain. Does the trust need to state if a stakeholder may store a copy of the data in their system?
Depending on the type of data (asset) in the Trust, you may need to specify if different actions can be done with different types of data. However, this adds complexity so you may decide to keep your purpose narrow and deal only with one type of data.
This is simply, who is ‘giving’ the asset to the trust to manage. So in the humanitarian example, this could be “Individuals, grouped by household if applicable, affected by the disaster and receiving humanitarian aid in xxx location.” Location should be very clearly defined.
Who governs the Trust? How many trustees are there? Who makes decisions about the asset? Who has fiduciary responsibility to ensure the Trust is fulfilling its purpose? Are they paid? Is at least one of the trustees a beneficiaries or beneficiary representative? And so on.
The most essential part here is to be extremely clear on trustees powers, rights, roles, and responsibilities. Err on the side of specificity rather than general or broad. Do the hard work up front.
Who benefits? This could be something like “Individuals affected by the disaster and receiving humanitarian in XXX location.” However it could include certain stakeholders. The part is to be extremely clear.
In a Data Trust, obviously the asset is data. However, it is vital to clarify which data. Again, be specific. It’s also helpful to clarify which data is always sensitive, locally sensitive, and not considered sensitive. Create a table of data fields with definitions. Be specific. Be extremely clear. Do the hard work.