1. Core Principles of Data Sharing

Principle 1: Promoting a Culture of Data Sharing
All government entities are required to share key data they produce in order to foster integration among entities, ensure access to data from its original sources, and minimize duplication, conflict, and fragmentation of sources. In cases where data is requested from an entity other than its primary source, the requested entity must obtain prior approval from the primary (originating) entity before sharing the data with the requesting party.

Principle 2: Legitimacy of Purpose
Data must be shared for legitimate purposes grounded in legal authority or justified operational needs aimed at serving the public interest—without causing harm to national interests, institutional activities, individual privacy, or environmental integrity. Exceptions apply to data or entities explicitly excluded by royal decrees.

Principle 3: Authorized Access
All parties involved in data sharing must be authorized to access, obtain, and use the data. This may include undergoing security screening depending on the sensitivity and nature of the data, in addition to possessing the necessary knowledge, skills, and qualifications to handle the shared data properly.

Principle 4: Transparency
All parties participating in the data sharing process must disclose all essential information regarding the data exchange, including the data being requested, the purpose of its collection, the transmission methods, storage procedures, security controls applied, and data disposal mechanisms.

Principle 5: Shared Responsibility
All parties involved in the data sharing process share joint responsibility for decisions related to data sharing and processing, ensuring adherence to the defined purposes, and applying the security controls outlined in the Data Sharing Agreement, in accordance with applicable laws, regulations, and policies.

Principle 6: Data Security
All parties involved must implement appropriate security controls to safeguard data and ensure that sharing occurs within a secure and trusted environment, in line with relevant laws and regulations, and as mandated by the National Cybersecurity Authority.

Principle 7: Ethical Use
All parties involved in data sharing must uphold ethical practices throughout the sharing process to ensure data is used fairly, honestly, respectfully, and with integrity. Compliance with information security policies or regulatory requirements alone is not sufficient—ethical considerations must also be observed.

2. Data Sharing Procedure

1. The applicant—whether a government or private entity or an individual—shall submit a data sharing request to the Data Management Office at Jouf University. If the applicant is a government entity, the request must be submitted through the Data Management Office of the applicant’s organization.
2. The university’s Data Management Office will forward the request to the Business Data Representative, who in turn assigns it to a Business Data Specialist for evaluation and processing.
3. The Business Data Specialist shall verify the classification level of the requested data:
   • a. If no classification level is specified, the Data Management Office must classify the data in accordance with the Data Classification Policy.
   • b. If the data is classified as “Public,” the Business Data Specialist may share the data without further evaluation, in accordance with the core principles of data sharing.
   • c. If the data is classified as “Restricted,” “Confidential,” or “Highly Confidential,” the request must be assessed according to the core principles of data sharing.
4. The Business Data Specialist at the Data Management Office shall proceed with the data sharing process only if all core data sharing principles have been fully satisfied.
5. If one or more of the data sharing principles are not fulfilled, the Business Data Specialist must refrain from proceeding with the sharing process. The request must be returned to the applicant along with comments and an opportunity to address the unmet principles.
6. Once all data sharing principles are fulfilled, the Business Data Specialist shall obtain the approval of the Business Data Representative to proceed with data sharing.
7. The Business Data Specialist shall determine the appropriate controls to ensure compliance with the data sharing principles and achievement of their intended objectives. These controls must be mutually agreed upon by the university’s Business Data Specialist, the applicant, and all other participating parties.
8. Upon agreement on the data sharing controls, the Business Data Specialist shall document them in detail within the Data Sharing Agreement. All participating parties must sign the agreement.
9. The university’s Data Management Office may proceed with sharing the requested data once the Data Sharing Agreement is signed by all parties.