Ethics, Security and Privacy Governance and Operations Council

NIH Data Commons Ethics, Security and Privacy Governance and

Operations Council

Objective and Scope of Activities

NIH Data Commons Ethics, Security and Privacy Governance and Operations Council (ESPGOC) is responsible for recommending policies for the Data Commons Pilot Phase Consortium (Data Commons)1. Those policies will provide guidance to the Data Commons regarding compliance with study participant privacy, ethical mandates, and data security requirements. The ESPGOC reports to the Commons Consortium Coordinating Committee, or C4.The C4 group is primarily composed of Data Commons Pilot Phase Consortium awardees or their representatives.

Purpose and Duties

ESPGOC will develop recommended guidance related to data use, access, transmission and storage for the for implementation in the Data Commons. Such guidance will assist institutions, individuals, and researchers to access, use, share, collaborate, and contribute data, information assets, and tools in furtherance and support of collaborative scientific research while respecting privacy, security, and ethical requirements. ESPGOC will ensure that approaches are consistent with participant's original consent, are consistent with applicable Federal laws, regulations, and NIH policies, and reflect a desire to foster innovation and collaboration within the scientific community through the use of data and technology. ESPGOC will also consider the integrity of data, respect for study participants' privacy, and promote the ethical use of data from a study participant.


The Council shall have a Chair and Co-chair from the membership to be determined by the members of the Data Commons research ethics, privacy, and security working group. The Council shall consist of [enter final number] members who possess the requisite experience and are highly qualified in their fields. Advisors/Consultants will be invited to provide comment as appropriate to their subject matter.

Members shall serve for no less than two (2) years.

To conduct business, a quorum of the majority of members shall be required.

Advisors/Consultants will be invited to comment on an ad hoc basis and will be asked to serve for a two (2) year term.

A list of members and their business addresses, the Council\'s functions, dates and places of meeting, and a summary of the Council\'s activities and recommendations or minutes of the Council's meetings shall be published.

Council Members

  1. Human Subjects' Expert (from the newly developed NHLBI Central IRB)

  2. Data Steward/Gatekeeper

  3. Ethics and Privacy Expert (ELSI)

  4. Security Expert

  5. NIH OD Policy group

  6. Consortium Steering Council Member

  7. NHLBI

  8. NHGRI


  10. KC6 Member


  • Technology Advisor (Infrastructure Builder-representative from Fullstack)

  • Citizen Scientist (someone with an engagement within the citizen science community)

  • Information Scientist

  • Legal Expert (ad hoc)

  • Data User/Researcher (such as Rare Disease, Computational Biologist, or other Domain Expert).


The Council shall provide guidance on topics of concern that are put forth either from the Data Commons Consortium members, NIH, individual groups (KCs), or that the Council identifies themselves.  The ESPGOC lead by the Chair (or their delegate) shall have an intake and curation process to collect and prioritize needs. However, to start, ESPGOC will prioritize the topics identified by the Data Commons Consortium or this Council as critical to the technical implementation of the Data Commons. Policies regarding ethics, security, and privacy and access to data, maintenance of data integrity, user authorization and ensuring appropriate use of data will receive the highest priority at this time.  However, the priorities of ESPGOC shall align with the priorities of the Data Commons Community (users, developers, institutions, data depositors) to ensure that research innovation and collaboration are accomplished and that barriers to innovation are addressed.

Once requirements for guidance have been identified and prioritized, ESPGOC will meet to address topics and prioritize the need to provide detailed guidance to the Data Commons for implementation.

As a result of discussion, the Council shall provide a summary document of recommended requirements and related implementation processes to the C4 group. Each recommendation will contain the following information:

  1. need or problem the guidance seeks to remedy;

  2. draft of the requirements to address need;

  3. associated implementation information.

Upon approval of a final guidance document from C4 members, the ESPGOC Chair/co-Chair will communicate to the Commons Consortium for implementation.

Frequency of Meetings

The Council Chair and Co-chair shall call the meetings [monthly/quarterly] for the first two years, to support implementation needs for the Data Commons, or at least three (3) times a year. Additional meetings may be convened as the need arises.


There will be a repository of ESPGOC documentation which will store an applicable work product such as recommended guidance, notes, memos, etc.

Initial implementation steps:

  1. Review and approval from the C4 members

    • Determine honorarium. If so, how paid. Logistics regarding payment, contracting, agreements. Team Copper? Some other vehicle related to the Commons?

    • Determine process for selection of Chair/Co-Chair. Develop pool of candidates.

    • Determine how other costs such as travel is handled. Team Copper? Ask C4

  2. Decide membership recruitment process

    • Develop pool of candidates and who has input into the pool

    • Who recruits? C4? KC6?

Recommended Policy Topics so far

Data Classification (FISMA/FIPS)




Data access levels (eg: Study Metadata, Aggregate Statistics and Individual-level Data)

User Agreement

1: Data commons is a shared virtual space where scientists can work with the digital objects of biomedical research such as data and analytical tools. The NIH Data Commons Pilot will test ways to store, access, and share biomedical data and associated tools in the cloud so that they are FAIR. The goal of the NIH Data Commons is to accelerate new biomedical discoveries by providing a cloud-based platform where investigators can store, share, access, and compute on digital objects (data, software, etc.) generated from biomedical research and perform novel scientific research including hypothesis generation, discovery, and validation.