Appendix D: Data Governance & Data Management

Discussion Topics and Questions for the DGSC

D.1 Purpose & Process

  • How can the DGSC build trust in RWSC work, both in the quality of the data and the reliability of its data handling systems and processes?

  • How can the DGSC encourage “more open” data, recognizing that not all data in the catalog or data ecosystem may qualify as open/public but rewarding contributors for making data as open as possible, e.g. sharing metadata or setting short embargo periods?

  • If the RWSC publishes data guidelines or standards, does the RWSC want to keep track of how those are applied or cited? For example, will the RWSC be comfortable with people using and citing an RWSC data protocol in work unrelated to the Science Plan.

  • Who makes decisions about providing access to sensitive or restricted datasets?

  • Where will code, models and other analytic methods be documented and shared among collaborators?

D.2 Managing Risks & Consequences

The DGSC should discuss how to evaluate, avoid, and mitigate risks around data for RWSC-supported projects, and in doing so consider creating model templates for other offshore wind and wildlife projects. The DGSC could develop a Risk Register, or a list of things that could go wrong when sharing data and what to do if that happens. For example, departures of key technical staff at data partners could mean the data catalog loses access to datasets or servers or that poorly documented data becomes unusable because of a loss of institutional knowledge. If data are unintentionally released due to a security breach, or used for an unapproved purpose, that may be a reputational issue for the RWSC. An inappropriate release could be due to a lack of capacity or a simple mistake by a researcher, such as not understanding a requirement to get prior approval before re-using data in a new journal article.

D.3 Using Contracts And Licenses To Control Authorized Uses & Users

Limiting how data can be used and who can see it can make data contributors comfortable sharing data. This requires not only that contracts specify allowed data uses and users but also that the parties have the capacity to uphold the use restrictions. While Memoranda of Agreement and Understanding (MOAs and MOUs) may talk about high level data purposes, licensing agreements and contracts can be much more specific about:

  • Exactly who can access the data: any researcher working on a project at a specific institution, a named individual, or anyone authorized by the data holder

  • Time periods for access

  • Shareable data products, such as maps or summary analyses, that synthesize data without sharing the underlying datasets. These can be specified in the contract, or they could require approval from the contributor before being released, or be required to include a certain level of anonymization

  • Data retention: where data can be stored, for how long

  • Ownership and attribution of data products

D.4 Data Sharing & Access

A key role for the DGSC will be in promoting open and public data as well as supporting controlled access to restricted or sensitive data. In some instances, the DGSC may need to support the RWSC in creating access-restricted data pools or other data collaboratives to protect sensitive data and create essential data products. All of these activities will benefit from policies and guidance developed by the DGSC. The following data categories and use cases discuss considerations for the DGSC in developing sharing policies and tools.

D.4.1 Open and Public Data

Open data is free to access by anyone, with no use restrictions, while public data may be accessible to anyone but have use restrictions or fees for certain levels of use. 1 Data published by the Integrated Ocean Observing System (IOOS) and many other datasets released by government agencies fall in this category. Open data does not include restricted data held by public agencies, such as compliance reports that may contain trade secrets (see the Limited Access category). Governance considerations around open and public data include:

  • Monitoring data location and access. As websites and information architecture change, so do URLs and links to data. Unless data has a persistent identifier, such as a Digital Object Identifier (DOI), it may be hard to find and reuse in the future. How will the RWSC keep track of core public datasets to make sure they remain accessible?

  • Data retention. States and the federal government have document retention policies that cover datasets as well. While many scientific datasets are held in perpetuity, or for 70 years (per National Archives standards), not all datasets are. Are there key datasets that RWSC may need to take on if they are scheduled for deletion?

  • Provenance. Provenance is “the documentation of where a piece of data comes from and the processes and methodology by which it was produced.”2 Documentation can vary for public datasets, making provenance unclear and introducing uncertainties in combining them with other datasets. What does the RWSC need to do to secure provenance for public data for its analyses?

D.4.2 Limited access data controlled by partners

This data is one of RWSC’s greatest assets, as it may not be public or open but partners may choose to share it for the purpose of Science Plan goals. Examples include: site assessment data generated by consultants for energy companies that is not published in an Final Environmental Impact Statement (FEIS) or Construction and Operations Plan (COP), observations from state wildlife agencies that need obfuscation to protect sensitive resources, or research data shared pre-publication by an academic institution. RWSC partners can use the Science Plan to identify where they have relevant data and provide a data description, if not full metadata, about what they would be willing to share, under what conditions. The DGSC could then work with potential data contributors on data governance for the datasets, including:

  • Data storage: Where will the data be stored? Will the partner hold it on their systems or does the RWSC need to arrange for secure hosting?

  • Defining access restrictions: This may include data being made available only to specific, named researchers; no external access but researchers can submit queries and receive modeled results; access that is unlocked at a certain time or expires after a certain time (Figure 2); download limitations; keeping access logs, etc.

  • Data documentation: Will the partner provide descriptive metadata or collection protocols? How should data be cited?

  • Derived work: What are the acceptable products that use the data?

  • Consequences for data misuse: For some data types, especially Personally Identifiable Information (PII), there can be legal and financial implications for disclosure.

Figure D.1: Sensitivity of data collected by the offshore wind industry and their consultants across the regulatory phases.

D.4.3 Data funded or otherwise ‘controlled’ by the RWSC

When the RWSC funds data collection or analysis there is an opportunity to set terms for data sharing. The RWSC could add data licensing and sharing language to funding agreements in addition to any requirements from a funding source, such as a foundation that mandates open data. Some RWSC partners already apply data disclosure requirements to contracts with developers or consultants and the DGSC may want to review these documents for guidance. It will be important for the RWSC to clearly communicate with grantees how data are expected to be collected, stored, and provided to the RWSC for the grant purposes, as well as what will happen to the data afterwards. Similarly, once the RWSC receives data from grantees, the RWSC will need to apply those access and preservation rules and store the data accordingly.

D.4.4 Data pools and other data collaboratives

To support specific analyses using sensitive data, the DGSC could recommend data sharing patterns 3 and commercial data compliance platforms or private repositories with managed access. This might include site assessment or construction data collected by developers and consultants. The DGSC may also set minimum documentation requirements for data products, where there cannot be public access to the underlying data but the methods and data parameters can be described. This allows the RWSC to leverage its trusted role to enable research and monitoring that may not be possible otherwise.

  1. For example, NCEI’s Climate Data Online provides data for free (open) and charges a fee for ordering specific, large datasets (public, but not open). Images may be publicly discoverable but have Creative Commons licenses requiring attribution or restricting commercial use.↩︎

  2. “Data Provenance | Australian Research Data Commons | ARDC,” Https://Ardc.Edu.Au/ (blog), May 14, 2022, https://ardc.edu.au/resource/data-provenance/.↩︎

  3. Sage Bioneworks offers one example of an organization managing pools of sensitive data. They make their tools for biomedical research data collaborative platforms and programs open and discuss their governance framework in Mangravite et al (2020) Mechanisms to Govern Responsible Sharing of Open Data: A Progress Report. https://sage-bionetworks.github.io/governanceGreenPaper/v/3c2a648b892d8c672a3043c4bacda65505947921/↩︎