data governance

Data Governance for Domestic Violence Systems

Data governance in domestic violence systems is not only about technical controls. It is about safety, rights, and power. This page offers a conceptual framework for how agencies and cross-sector partners can approach data governance when working with sensitive information.

Guiding Principles

Safety first: Data practices must reduce, not increase, risk to survivors, staff, or communities.
Minimum necessary: Collect and share only what is truly needed for a defined purpose.
Transparency: Be clear about what is being collected, why, and how it is used.
Consent & choice: Wherever possible, incorporate survivor choice and meaningful consent.
Accountability: Governance must define who is responsible for what decisions and outcomes.
Equity: Monitor for differential impacts across communities and adjust practices accordingly.

Data Classification (Conceptual)

Many systems use tiers or categories to distinguish between types of data and their required protections. The following example can be adapted to local law and policy:

Level 1 – Public / Open

Aggregated statistics already published.
Publicly available program descriptions, addresses, and contacts.
Policy documents and public reports.

Level 2 – Operational / Internal

Internal performance indicators and dashboards.
Non-identifying operational notes and planning documents.
Staff training records and process documentation.

Level 3 – Confidential / Case-Linked

Case notes, assessments, and service histories.
Identifying details of survivors, children, or alleged perpetrators.
Legal files and court-related documents tied to specific people.

Level 4 – Restricted / Highly Sensitive

High-risk safety plans or location details for hidden addresses.
Information about immigration status where disclosure could cause harm.
Data related to witness protection or specialized law enforcement units.

Role-Based Access & Oversight

Governance structures should define who can see which levels of data, under what conditions, and with what oversight:

Separate access for front-line workers, supervisors, executives, analysts, and external partners.
Documented approval processes for any cross-agency or cross-system data access.
Regular audits or reviews of access logs and sharing decisions.

Data Sharing Between Agencies

Multi-agency initiatives require more than goodwill; they require formal agreements. Typical components include:

Purpose and scope of sharing (what problem is the data addressing?).
Legal authorities and policy references permitting or limiting sharing.
Technical safeguards (encryption, secure transfer, retention limits).
Process for consent, notification, or exceptions (e.g., imminent risk).
Procedures for responding to breaches, misuse, or disputes.

Templates and examples should always be reviewed by internal legal counsel, privacy officers, and, where appropriate, ethics boards or community advisory groups.

Analytics, Evaluation & Research

Governance should clearly distinguish between operational data use (supporting day-to-day services) and analytic or research use (supporting system learning and accountability).

Prefer aggregated or de-identified data whenever possible.
Use data-sharing agreements and research protocols with clear boundaries.
Include community representation in oversight of analytic projects.

Minimum Governance Artifacts

At a minimum, multi-agency initiatives should maintain:

A shared data classification and retention policy.
Documented roles and responsibilities for data decisions.
Incident and breach response procedures.
A regular schedule for reviewing governance documents and practices.

Data governance is an ongoing practice, not a one-time document. Each agency and partnership must revisit its structures as laws, technologies, and community expectations evolve.