The Council on Governmental Relations (COGR), representing nearly 200 leading research institutions, submitted a response to the NIH's Draft Supplemental Information for Data Management and Sharing (NOT-OD-22-131). The COGR commends the NIH for its flexible and principle-based approach to protecting research participant privacy when sharing data, emphasizing the importance of considering both scientific advancement and participant confidentiality. COGR supports the NIH’s use of operational principles as guidance rather than regulatory mandates and concurs with the need for proactive data protection assessments, robust informed consent, and justifiable exceptions to data sharing, provided that clear criteria and greater specificity are articulated.
COGR offers constructive feedback on several draft best practices and principles, recommending, for instance, more explicit definitions of access controls, contextualized consent processes reflecting all applicable legal and regulatory requirements, and explicit acknowledgment of situations where stringent additional protections may not be necessary. Moreover, COGR advises that institutional certifications for data sharing agreements should remain negotiable rather than mandatory, given varying contexts and liabilities. The response calls for enhanced agency roles in evaluating data identifiability, particularly through expert panels as outlined in the Common Rule, and suggests practical NIH investment in funded data repositories to ensure sustainable access controls. Throughout, COGR emphasizes collaboration between agencies, institutions, and researchers to achieve robust, privacy-respecting data sharing frameworks that align with both scientific and participant expectations.
