6  Principle: Sharing of Restricted Access Species Data Should be Through Negotiated Legal Agreement

RASD is not publicly available and often has many restrictions around its use. Because of this, it is best practice to let two overarching principles guide the mechanism by which RASD is shared:

Most data custodians currently make use of standard form data licence agreements when sharing data. The difference between the two types of agreements is:

  1. Standard Form Data Licence Agreement – This is a license used between most data custodians and repositories, which uses standard (non-negotiable) terms and conditions to stipulate management of data including to control end user use of data.
  2. Negotiated Legal Agreement – for the purposes of this framework, this is a legal agreement between data custodians and Approved Data Requestors, the terms of which are negotiated by the parties.

It is recognised that data custodians with existing processes that do not involve negotiated legal agreements may require time to transition but will ideally be working towards implementing a new process.

6.2 What Happens if a Breach Occurs?

Breaches vary in seriousness. Some breaches may occur inadvertently and have at most, minor consequences (or potential consequences). Others may be more serious – for example they may result from the deliberate actions or negligence of the data recipient, and/or have significant actual or potential consequences. It is the responsibility of data custodians and users to familiarise themselves with any relevant breach reporting requirements in their jurisdiction, and for custodians to determine what constitutes a serious breach.

Data requestors that have been assessed consistently with the principles of this framework as Approved Data Requestors may, on occasion, breach the conditions of their negotiated legal agreement for data use. Breaches should be dealt with by the data custodian responsible for the agreement consistent with the conditions of the agreement.

Where serious or multiple breaches occur, it is in the interests of data custodians to warn other data custodians of known offenders and take this into consideration in approving new data requests. In the case of a current negotiated legal agreement, the agreement should be cancelled immediately.

An appeals process should be set up by the data custodian for approved data requestors to appeal any breaches or rejections of data access requests.

6.3 New data Acquisition and New Licence Agreements

Data custodians operating consistent with and referencing this framework are committing to improve RASD access in future. A critical component of this should be to aim for future creation or acquisition of data to be consistent with the principles of this framework.

Data custodians should work towards new data acquisition or third-party data access negotiated to consistent with the Principle: Sharing of Restricted Access Species Data Should be Through a Negotiated Legal Agreement and the suggestions in Supplement 2: What Legal Clauses Should be Included in a Restricted Access Species Data Negotiated Licence Agreement? are recommended as best practice. This is to ensure transparency about data access and flow.