Skip to content

CommonAccord/responsible-data-use-policy

 
 

Repository files navigation

Contributors Forks Stargazers Issues MIT License


Logo

Responsible Data Science Policy

This project is an open source compliance framework containing policies, procedures, supporting artifacts, and documentation.

Its goal is to enable organizations to more effectively implement and communicate their commitments and controls related to responsible data use and data science.

🏠 Policy Homepage
💌 Release Announcement
🐛 Report Bugs or Request Features

WHY?

Data science is hard. Figuring out how to integrate data science into your risk management and compliance frameworks is even harder. Employees, customers, investors, and regulators, however, don’t care if it’s not easy; they just want to know that you have a responsible plan to make it happen. That’s why we’re open-sourcing a Responsible Data Science Policy framework to help organizations get started on this journey.

This framework has been developed to respond to a perceived market need for better internal risk management and external trust-building, especially as data science topics emerge in conversations with customers, regulators, investors, or the broader public. The framework is designed around principles, listed in the policy, that have been chosen to produce technical, legal, and ethical results that both internal and external stakeholders can agree to. As such, this framework is not the most legally conservative or financially aggressive; it makes a number of assumptions and compromises that organizations should carefully consider prior to adoption.

Furthermore, this framework is not intended to provide sufficient controls to meet any specific law or regulation. While many of the elements of this policy are necessary for compliance with laws such as GDPR or CCPA or standards such as SOC2/TSC, this policy alone is not sufficient for such compliance. Organizations should carefully consider how this policy fits into their overall legal and contractual requirements prior to adoption, ensuring that any relevant sections, e.g., related to consent or notice, are conformant.

HOW DOES IT WORK?

This policy framework is designed to be flexible and adaptable. That is, it can both cover a wide range of organizations and it can change with those organizations over time. In order to accomplish this, the policy is designed around a parent procedure that routes specific use cases or projects through two types of sub-procedures. Prescriptive sub-procedures give data science teams guardrails and a path for low-friction compliance. Adjudicative sub-procedures centralize decision-making with an individual or group like a risk committee. Organizations can mix and match prescriptive and adjudicative sub-procedures to meet their needs.

The diagram below helps visualize the structure of the framework. Policy Framework Diagram

WHERE CAN I GET IT?

This policy framework is available under a Creative Commons BY-4.0 license. You can download the entire framework as a ZIP file from this repository or the policy homepage.

Framework Contents

The framework contains the following files:

  • Help and Reference Material
    • Design and Implementation Guide
  • Responsible Data Science Policy and Procedure Templates
    • Responsible Data Science Policy
    • Concepts and Techniques Inventory
    • Parent Procedure
    • Adjudicative Sub-Procedure Template
    • Prescriptive Sub-Procedure Template
  • Sample Artifacts
    • Data Science Proposal Form
    • Data Science Review Form
    • Data Science Release Form
    • Proposal Review Log
    • Policy Exception Log
  • Diagrams
    • Responsible Data Science Policy – Conceptual Design (PNG, SVG)
    • Responsible Data Science Policy – Example Procedure Flow (PNG, SVG)

HOW CAN I GET HELP?

You can email us or use the Issues page on GitHub! Whether you have helpful feedback or want to work together customizing and implementing within your organization, we’d love to talk.

If you want to stay informed as we improve or correct this policy framework, please sign up for our mailing list dedicated to this policy. You won't receive communication about anything else.

(back to top)

About

Responsible Data Use Policy

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published