Create a bespoke document in minutes, or upload and review your own.
Get your first 2 documents free
Your data doesn't train Genie's AI
You keep IP ownership of your information
Data Sharing Agreement
I need a data sharing agreement that outlines the terms for sharing anonymized customer data between our company and a third-party analytics provider, ensuring compliance with New Zealand's privacy laws and specifying data security measures, data usage limitations, and a termination clause with a 30-day notice period.
What is a Data Sharing Agreement?
A Data Sharing Agreement is a legally binding contract that establishes the terms and conditions under which organisations can share, access, and use data between parties, ensuring compliance with the Privacy Act 2020 and related information privacy principles. This formal document outlines critical elements including the purpose of data sharing, types of information being shared, security measures, confidentiality requirements, and the specific responsibilities of each party involved in the data exchange process.
Under the oversight of the Privacy Commissioner, these agreements must address key considerations such as data breach notification protocols, storage requirements, retention periods, and permitted uses of shared information. The agreement typically incorporates provisions for secure data transfer methods, access controls, and regular compliance audits, while also defining how personal information will be protected in accordance with the Privacy Act's information privacy principles. For organisations operating in regulated sectors, these agreements serve as essential risk management tools, demonstrating commitment to data protection and providing a clear framework for responsible information sharing practices.
When should you use a Data Sharing Agreement?
Consider implementing a Data Sharing Agreement when your organization needs to exchange sensitive information with external parties, particularly if handling personal data regulated under the Privacy Act 2020. You'll find this document essential when collaborating with research institutions, partnering with service providers, engaging in joint ventures, or sharing customer databases with third-party processors. It becomes especially crucial when dealing with health information, financial records, or demographic data that requires careful handling and protection.
This agreement proves invaluable when you're establishing long-term data exchange relationships, participating in cross-agency initiatives, or developing integrated digital services that involve multiple stakeholders. You should prioritize creating these agreements when sharing information across different regulatory jurisdictions, working with cloud service providers, or engaging in data-driven projects that require clear governance frameworks. Having these agreements in place before commencing data sharing activities not only ensures compliance with privacy principles but also provides your organization with clear protocols for handling data breaches, managing access controls, and maintaining audit trails for regulatory oversight.
What are the different types of Data Sharing Agreement?
While Data Sharing Agreements in New Zealand maintain a consistent legal foundation under the Privacy Act 2020, they can vary significantly based on the context, industry requirements, and specific data-sharing scenarios. The structure and content of these agreements typically adapt to reflect different relationship types, data sensitivity levels, and operational requirements, while always maintaining compliance with fundamental privacy principles and information security standards.
- Bilateral Exchange Agreements: Used for two-way data sharing between equal partners, featuring balanced obligations and reciprocal access rights.
- Research Collaboration Agreements: Specifically designed for academic or scientific research, incorporating additional safeguards for sensitive data and ethical research requirements.
- Government Agency Agreements: Tailored for public sector information sharing, with enhanced accountability measures and specific provisions for official information handling.
- Commercial Data Processing Agreements: Focused on business-to-business relationships, particularly when handling customer data or integrating with third-party service providers.
- Multi-Party Data Sharing Frameworks: Complex agreements governing data sharing among multiple organizations, often used in industry consortiums or large-scale collaborative projects.
When selecting or customizing your agreement type, consider factors such as data sensitivity, sharing frequency, regulatory requirements, and specific industry standards. The right variation should align with your operational needs while providing comprehensive protection for all parties involved in the data exchange process.
Who should typically use a Data Sharing Agreement?
The primary stakeholders in a Data Sharing Agreement typically represent organizations exchanging information under the Privacy Act 2020, with each party holding distinct responsibilities and obligations in the data-sharing relationship. Understanding these roles is crucial for ensuring effective implementation and compliance with privacy principles.
- Data Provider (Disclosing Party): The organization that owns or controls the original data and authorizes its sharing, responsible for ensuring the legal basis for disclosure and maintaining appropriate security measures during transfer.
- Data Recipient (Receiving Party): The organization receiving and processing the shared data, obligated to handle information according to agreed terms and implement specified security protocols.
- Privacy Officer: Required under New Zealand law, this role oversees compliance with privacy principles and manages data-sharing procedures within each organization.
- Legal Representatives: Lawyers or legal advisors who review and negotiate agreement terms, ensuring alignment with privacy law requirements and organizational interests.
- IT Security Managers: Technical staff responsible for implementing security measures and maintaining data protection standards specified in the agreement.
- Authorized Users: Specified individuals within recipient organizations who are permitted to access and use the shared data under defined conditions.
Successful implementation of a Data Sharing Agreement depends on clear communication and coordination between all parties, with each understanding their specific obligations and accountability measures under New Zealand's privacy framework.
How do you write a Data Sharing Agreement?
Creating an effective Data Sharing Agreement requires careful attention to New Zealand's privacy legislation and information sharing principles. Utilizing a custom-generated template from a reputable provider like Ƶ can significantly simplify the process and minimize the chance of mistakes, ensuring accuracy and compliance with legal requirements. Begin by clearly identifying all parties and establishing the specific purpose and scope of data sharing.
- Define Data Parameters: Clearly specify the types of data being shared, including personal information classifications under the Privacy Act 2020, permitted uses, and any restrictions on data handling.
- Security Measures: Detail comprehensive security protocols, including encryption requirements, access controls, and specific measures for protecting sensitive information during transfer and storage.
- Compliance Framework: Incorporate explicit references to relevant privacy principles, breach notification procedures, and regulatory requirements under New Zealand law.
- Operational Procedures: Outline practical processes for data transfer, storage, retention periods, and disposal methods.
- Risk Management: Include provisions for regular security audits, incident response procedures, and clear allocation of liability between parties.
- Term and Termination: Specify agreement duration, renewal conditions, and processes for secure data deletion upon termination.
Before finalizing, ensure the agreement undergoes thorough legal review to confirm compliance with privacy legislation and incorporate mechanisms for regular updates to address evolving data protection requirements and technological changes.
What should be included in a Data Sharing Agreement?
A comprehensive Data Sharing Agreement must incorporate specific elements to ensure compliance with New Zealand's Privacy Act 2020 and related regulations. Ƶ takes the guesswork out of this process by providing legally sound, custom-generated legal documents, ensuring all mandatory elements are correctly included and minimizing drafting errors. The following checklist outlines essential components required for legal validity and practical effectiveness:
- Identification of Parties: Full legal names, addresses, and registration details of all participating organizations, including designated privacy officers and key contact personnel.
- Purpose and Scope: Clear articulation of the data sharing objectives, specific uses permitted, and any limitations or restrictions on data utilization.
- Data Specifications: Detailed description of data types, categories, formats, and classification levels, including personal information definitions under privacy principles.
- Legal Basis for Sharing: Explicit reference to the statutory authority or legitimate basis for data sharing under New Zealand law.
- Security Measures: Comprehensive security protocols, including encryption standards, access controls, and data protection mechanisms.
- Privacy Compliance: Specific measures ensuring adherence to privacy principles, including data minimization and purpose limitation.
- Transfer Protocols: Detailed procedures for secure data transmission, including approved methods and verification processes.
- Breach Management: Mandatory notification procedures, incident response protocols, and remediation responsibilities.
- Data Retention: Specific timeframes for data storage, archival requirements, and secure disposal procedures.
- Access Rights: Clear definition of authorized users, access levels, and authentication requirements.
- Liability Allocation: Distribution of responsibilities and indemnification provisions between parties.
- Term and Termination: Agreement duration, renewal conditions, and data handling requirements upon termination.
- Dispute Resolution: Specific procedures for handling disagreements, including jurisdiction and governing law clauses.
Regular review and updates of these elements ensure the agreement remains current with evolving data protection requirements and technological advancements, maintaining its effectiveness and enforceability within New Zealand's legal framework.
What's the difference between a Data Sharing Agreement and a Data Processing Agreement?
A Data Sharing Agreement is often confused with a Data Processing Agreement, but these documents serve distinct purposes under New Zealand's privacy framework. While both documents deal with data handling, their scope, obligations, and legal implications differ significantly. Understanding these differences is crucial for selecting the appropriate agreement for your specific situation.
- Primary Purpose: Data Sharing Agreements focus on the transfer and mutual use of data between independent parties, while Data Processing Agreements specifically govern how one party processes data on behalf of another.
- Relationship Structure: Data Sharing typically involves equal partners exchanging information for mutual benefit, whereas Processing Agreements establish a controller-processor relationship with clear hierarchical responsibilities.
- Scope of Activities: Sharing Agreements cover broader data exchange and usage rights, while Processing Agreements detail specific processing activities, methods, and limitations.
- Privacy Act Compliance: Processing Agreements have specific requirements under the Privacy Act 2020 for processor obligations, while Sharing Agreements focus more on mutual responsibilities and safeguards.
- Security Requirements: Processing Agreements typically include more stringent technical security specifications for data handling, while Sharing Agreements emphasize mutual protection standards.
- Liability Distribution: Processing Agreements place primary responsibility on the processor for data handling, whereas Sharing Agreements usually distribute liability more evenly between parties.
When implementing data management strategies, organizations must carefully consider whether their relationship involves data sharing between equal partners or the processing of data by one party on behalf of another, as this distinction determines which agreement type is most appropriate under New Zealand law.
Download our whitepaper on the future of AI in Legal
ұԾ’s Security Promise
Genie is the safest place to draft. Here’s how we prioritise your privacy and security.
Your documents are private:
We do not train on your data; ұԾ’s AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
Our bank-grade security infrastructure undergoes regular external audits
We are ISO27001 certified, so your data is secure
Organizational security
You retain IP ownership of your documents
You have full control over your data and who gets to see it
Innovation in privacy:
Genie partnered with the Computational Privacy Department at Imperial College London
Together, we ran a £1 million research project on privacy and anonymity in legal contracts
Want to know more?
Visit our for more details and real-time security updates.
Read our Privacy Policy.