Data Governance Toolkit: Data Sharing Agreement

Governance of data partnerships requires that both parties build upon their existing program-level data governance policies to determine how to govern shared data jointly. Since individual agency data governance is rarely designed to adequately address the requirements of cross-agency data sharing via a data partnership, DaSy recommends that a formal (written) data sharing agreement be developed any time two or more agencies agree to share personally identifiable information (PII) data.

Family Educational Rights and Privacy Act (FERPA) regulations require that data agreements be developed when PII is being shared except under particular exceptions at 34 CFR 99.31 and 99.35 (related to mandatory elements, audits, and evaluations). Generally, a data sharing agreement includes:

What is the difference between a data sharing agreement and a data partnership management plan?

A data sharing agreement is a legal document establishing the authority for agencies to share personally identifiable information and requiring all agencies follow FERPA regulations. Data sharing agreements set policy between two partners. Ideally, a data sharing agreement includes language outlining leadership responsibility for its review and revision.

A data partnership management plan describes agreed to procedures and practices to implement the overall purposes of the data partnership. Unlike a data sharing agreement, a data partnership management plan is not a legally binding document and therefore should be flexible to support practice changes that do not require signatures.A data partnership management plan may reference legal authority established through a data sharing agreement.
  • Overarching goals for sharing the data
  • Authority to share the data
  • Duration of the agreement
  • Provisions for review and revision of the agreement
  • Responsibility and provisions for
    • retention and destruction of the data
    • security and access of the data
    • data quality
  • Other state and federal privacy laws that apply
  • Signatory spaces for partner approval of the agreement

Part C and Part B 619 programs should review existing data governance documentation, such as memoranda of understanding, data sharing agreements, and agency-developed policies regarding data sharing. Existing policies might need to be revised with specific references or provisions related to new or updated data partnerships.

DaSy collaborated with the Privacy Technical Assistance Center (PTAC) to adapt its Data Sharing Agreement Checklist for IDEA Part C and Part B 619 Agencies and Programs. The document summarizes the requirements for written data sharing agreements under the audit or evaluation exception that is specified in FERPA and that also applies to IDEA.

Access the Data Sharing Agreement Checklist for IDEA Part C and Part B 619 Agencies and Programs.