Ti	=
/0.0.sec	=	Document Field Document Value
Title.Ti	=	Title
Title.sec	=	Responsible Data Science Policy (“{DefT.Policy}”)
DocID.Ti	=	Document ID
Version.Ti	=	Version
LastUpdate.Ti	=	Last Updated (date)
LastReview.Ti	=	Last Reviewed (date)
ResponsibleBody.Ti	=	Responsible Body
Title.	=	[G/Z/Base]
DocID.	=	[G/Z/Base]
Version.	=	[G/Z/Base]
LastUpdate.	=	[G/Z/Base]
LastReview.	=	[G/Z/Base]
ResponsibleBody.	=	[G/Z/Base]
Introduction.Ti	=	Introduction
Principle.Ti	=	PRINCIPLES
Principle.0.sec	=	{Principles.Three/Four} principles guide the responsible use of data and models by {Organization.Name.Full} (“{DefT.Organization}”). When the policy or related procedures are unclear, these Principles can be used to guide decisions.
Principle.1.sec	=	Principle 1: The {_Organization} should continuously identify and understand risks arising from its data science activities, regardless of whether the harm might be external or internal.
Principle.2.sec	=	Principle 2: The {_Organization} should use data science to contribute positively to the people, processes, and performance of the {_Organization}.
Principle.3.sec	=	Principle 3: Whenever reasonably possible, the {_Organization} should manage risks arising from its data science activities, such as through risk avoidance, reduction, or offset, regardless of whether the harm might be external or internal.
Note	=	Optional
Principle.4.sec	=	Principle 4: Whenever reasonably possible, the {_Organization} should use data science to contribute positively to people, societies, and environments more broadly.
Principle.	=	[G/Z/ol/s4]
Purpose.Ti	=	PURPOSE
Purpose.sec	=	The {_Organization} desires that its data science activities be conducted in a responsible manner that aligns with the Principles above. The objective of this {_Policy} is to ensure that the {_Organization} works to achieve these Principles from a technical, legal, and ethical perspective by establishing the standards, restrictions, and procedures that govern data science activities within the {_Organization}.
Purpose.	=	[G/Z/Base]
Scope.Ti	=	SCOPE
Scope.0.sec	=	This {_Policy} applies to:
Scope.1.sec	=	All data science activities, including those commonly described as statistical analysis, business intelligence, analytics, machine learning, artificial intelligence, or any other similar activities (collectively, “{DefT.Data_Science}”)
Scope.2.sec	=	All {employees/employees_and_contractors} that manage or perform {_Data_Science} (“{DefT.Personnel}”)
Scope.3.sec	=	All data that is used by {_Organization} in the context of {_Data_Science} (“{DefT.Covered_Data}”)
Scope.4.sec	=	All models that are used by {_Organization} in the context of {_Data_Science} (“{DefT.Covered_Models}”), whether used on a continual basis or not
Scope.	=	[G/Z/ol/s4]
Procedure.Ti	=	PROCEDURES
Procedure.0.sec	=	{PolicyOwner.Name.Full} is responsible for establishing a parent Procedure and one or more Sub-Procedures to govern the process of executing on this {_Policy}. Two types of Sub-Procedures are supported under this {_Policy}.
Procedure.1.Ti	=	Prescriptive Sub-Procedure
Procedure.1.0.sec	=	A Prescriptive Procedure defines the following:
Procedure.1.1.sec	=	Clear criteria regarding the transparency, use, provenance, and general nature of {_Covered_Data} and {_Covered_Models}
Procedure.1.2.sec	=	Minimum standard of transformation for attributes or {_Data_Subjects}
Procedure.1.3.sec	=	Minimum acceptance criteria for release, such as differential privacy metrics
Procedure.1.00.sec	=	When these standards and restrictions can be met, projects can generally proceed with little to no additional review.
Procedure.1.	=	[G/Z/ol/s3]
Procedure.2.Ti	=	Adjudicative Sub-Procedure
Procedure.2.0.sec	=	An Adjudicative Procedure utilizes the following:
ReadersNote	=	"Submitter" is defined but not used in this Policy.
Procedure.2.1.sec	=	A Data Science Proposal Form, to be completed by the requesting party (“{DefT.Submitter}”)
Procedure.2.2.sec	=	A Data Science Adjudicator (“{DefT.Adjudicator}”) responsible for evaluating such Data Science Proposals
Procedure.2.00.1.sec	=	Submitters complete Data Science Proposal Forms, which are then sent to the responsible {_Adjudicator} for review. The {_Adjudicator}, which may be an individual or a larger group such as a committee or board, may reject the proposal, request further information or modification, or approve the proposal upon review.
Procedure.2.00.2.sec	=	{PolicyOwner.Name.Full} is responsible for the establishment of one or more adjudicators, who must possess relevant experience and qualifications to support the assessment of technical, legal, and ethical considerations. {PolicyOwner.Name.Full} may create a single {_Adjudicator} to review all Proposals or may create multiple {_Adjudicators} to address one-time or recurring use cases such as industry, regulation, or geography.
Procedure.2.00.	=	[G/Z/paras/s2]
Procedure.2.	=	[G/Z/ol/s2]
Procedure.	=	[G/Z/ol/s2]
Conform.Ti	=	REGULATIONS AND STANDARDS
Conform.0.sec	=	This {_Policy} contemplates and is intended to be compatible with the following regulations and standards, but is not intended to fully address all requirements of them:
Conform.1.sec	=	General Data Protection Regulation (GDPR), EU 2016/679.
Conform.2.sec	=	California Consumer Privacy Act of 2018 (CCPA), AB-375 or as otherwise codified and amended under the California Civil Code.
Note	=	Optional 3rd section.
Conform.3.sec	=	list other regulations and standards
Note	=	Optional extro.
Conform.00.sec	=	Additional information on related regulations and standards can be found at {PolicyKnowledgeBase.Hyperlink}.
Conform.	=	[G/Z/ol-bullet/s3]
Responsible.Ti	=	RESPONSIBILITY
Responsible.sec	=	{PolicyOwner.Name.Full} is responsible for developing and maintaining this {_Policy}. The initial {_Policy} and all subsequent updates must be approved in writing by {PolicyApprover.Name.Full}. {PolicyOwner.Name.Full} is responsible for monitoring technical, legal, and ethical trends related to this {_Policy} and must review the {_Policy} in its entirety at least once per {PolicyReviewInterval.Period}.
Responsible.	=	[G/Z/Base]
Guidance.Ti	=	GUIDANCE
Guidance.1.sec	=	{_Personnel} may contact {PolicyOwner.Name.Full} with questions, comments, or concerns regarding this {_Policy} and related Procedures at {PolicyOwner.ContactInfo.cl}.
Note	=	Optional sentence on Additional information:
Guidance.2.sec	=	Additional information on data handling can be found at {PolicyKnowledgeBase.Hyperlink}.
Guidance.	=	[G/Z/para/s2]
Comply.Ti	=	COMPLIANCE
Comply.1.sec	=	{PolicyOwner.Name.Full} is responsible for verifying compliance with this {_Policy} and related Procedures in a manner of their choosing, including, but not limited to, hiring or contracting people or implementing processes or technology.
Comply.2.sec	=	For {_Covered_Data} and {_Covered_Models} that are used on a continual basis or released into continuously-operating software, {PolicyOwner.Name.Full} is responsible for implementing an audit strategy to verify ongoing compliance, such as by contracting third-party auditors. {_Covered_Data} and {_Covered_Models} should be audited at least once per {PolicyReviewInterval.Period}.
Comply.	=	[G/Z/ol-none/s2]
Exception.Ti	=	EXCEPTIONS
Exception.sec	=	Any and all exceptions to this {_Policy} and related Procedures must be approved in writing by {PolicyExceptionApprover.Name.Full}. Such exceptions, including supporting justification, must be documented in {PolicyExceptionLog.Hyperlink}.
Exception.	=	[G/Z/Base]
Violate.Ti	=	VIOLATION
Violate.sec	=	{_Personnel} found to be in violation of this {_Policy} or related Procedures are subject to disciplinary action as outlined in the {DisciplinaryPolicy.Hyperlink}. Additionally, given the nature of risks related to {_Covered_Data}, {_Personnel} in violation of this {_Policy} or related Procedures may be subject to additional action, including, but not limited to, termination of employment.
Violate.	=	[G/Z/Base]
Restriction.Ti	=	Standards and Restrictions
Transparent.Ti	=	TRANSPARENCY
ReadersNote	=	"be noticed of" ???
Transparent.1.sec	=	{_Data_Science} should be transparent in its intention. If the {_Data_Subject} is an individual, they must {consent to/be noticed of} {_Organization}’s specified purpose and potential use of their data. If the {_Data_Subject} is not an individual, then the Data Owner should {consent_to/be_noticed_of} {_Organization}’s purpose and potential use of their {_Covered_Data}. {PolicyOwner.Name.Full} is responsible for ensuring that such {consent/notice} is sufficiently documented.
Transparent.2.sec	=	{PolicyOwner.Name.Full} is responsible for ensuring that the {_Organization} can establish when {_Data_Science} occurs, who is performing the activities, what {_Covered_Data} or {_Covered_Models} are being used, and how the activities being performed relate to a permissible purpose.
Transparent.3.sec	=	If the {_Organization} desires to use {_Covered_Data} for a purpose other than specified to the {_Data_Subject} or Data Owner, {consent/notice} must be {obtained/provided} prior to performing activities.
Transparent.	=	[G/Z/ol-none/s3]
DataUse.Ti	=	DATA USE
DataUse.0.sec	=	{_Covered_Data} must only be used, disclosed, or otherwise made available for the specified purposes, except as:
DataUse.1.sec	=	● Consented to in writing by the {_Data_Subject} and, if applicable, by the Data Owner, or
DataUse.2.sec	=	● Required by law, regulation, or court order, or similar governmental compulsion.
DataUse.	=	[G/Z/ol-bullet/s2]
Provenance.Ti	=	PROVENANCE
Provenance.sec	=	{_Data_Science} should establish and maintain clear provenance for {_Covered_Data} and {_Covered_Models}. {PolicyOwner.Name.Full} is responsible for ensuring that Procedures exist to determine and document such provenance. Provenance is required to establish facts related to technical, legal, or ethical risk assessments, including information such as the means of collection or the {_Data_Subject}/Data Owner.
Provenance.	=	[G/Z/Base]
Ethic.Ti	=	ETHICS
Ethic.sec	=	The {_Organization} desires to avoid activities that are either unfair or unethical in their means or ends. The {_Organization} acknowledges that {_Data_Science} can meet legal standards and requirements while still involving unfair or ethically-undesirable processes or outcomes such as bias. {PolicyOwner.Name.Full} is responsible for ensuring that Procedures exist to identify, understand, and manage ethical concerns in a manner consistent with other risks.
Ethic.	=	[G/Z/Base]
SupplyChain.Ti	=	SUPPLY CHAIN
SupplyChain.sec	=	Whenever reasonably possible, the {_Organization} should align standards, restrictions, and procedures under this {_Policy} with the standards, restrictions, and procedures of its supply chain. {PolicyOwner.Name.Full} is responsible for working with {Contracting/ProcurementOwner.Name.Full} to monitor and manage towards this goal.
SupplyChain.	=	[G/Z/Base]
Concept.Ti	=	CONCEPTS AND TECHNIQUES
ReadersNote	=	"found in this policy under" is now Policy.
Concept.sec	=	{PolicyOwner.Name.Full} is responsible for researching and documenting concepts, especially those related to privacy and fairness acceptance criteria, and techniques, especially those explicitly prohibited or approved from a privacy or explainability perspective. Whenever reasonably possible, the {_Organization} should align the technical concepts and techniques used under this {_Policy} with leading standards and research in privacy and fairness generally. Such documentation can be found in this {_Policy} under the Concepts and Techniques Inventory.
Concept.	=	[G/Z/Base]
	=	[G/responsible-data-use-policy/PrOb/RDSP/Outline.md]
CodersNote	=	Defined Terms:
_Policy	=	Policy
_Organization	=	Organization
_Data_Subject	=	Data Subject
_Data_Subjects	=	Data Subjects
_Data_Science	=	Data Science
_Personnel	=	Personnel
_Covered_Data	=	Covered Data
_Covered_Models	=	Covered Models
_Submitter	=	Submitter
_Adjudicator	=	Adjudicator
_Adjudicators	=	Adjudicators
Def.Policy	=	{_Policy}
Def.Organization	=	{_Organization}
Def.Data_Science	=	{_Data_Science}
Def.Data_Subject	=	{_Data_Subject}
Def.Personnel	=	{_Personnel}
Def.Covered_Data	=	{_Covered_Data}
Def.Covered_Models	=	{_Covered_Models}
Def.Submitter	=	{_Submitter}
Def.Adjudicator	=	{_Adjudicator}
CodersNote	=	Dummy Params
Principles.Three/Four	=	Principles.Three/Four
Organization.Name.Full	=	Organization.Name.Full
employees/employees_and_contractors	=	employees/employees and contractors
PolicyOwner.Name.Full	=	PolicyOwner.Name.Full
PolicyKnowledgeBase.Hyperlink	=	PolicyKnowledgeBase.Hyperlink
PolicyApprover.Name.Full	=	PolicyApprover.Name.Full
PolicyReviewInterval.Period	=	PolicyReviewInterval.Period
PolicyOwner.ContactInfo.cl	=	PolicyOwner.ContactInfo.cl
PolicyExceptionApprover.Name.Full	=	PolicyExceptionApprover.Name.Full
PolicyExceptionLog.Hyperlink	=	PolicyExceptionLog.Hyperlink
DisciplinaryPolicy.Hyperlink	=	DisciplinaryPolicy.Hyperlink
consent to/be noticed of	=	consent to/be noticed of
consent_to/be_noticed_of	=	consent_to/be_noticed_of
consent/notice	=	consent/notice
obtained/provided	=	obtained/provided
Contracting/ProcurementOwner.Name.Full	=	Contracting/ProcurementOwner.Name.Full