Data Access Committee Terms of Reference

DATA ACCESS COMMITTEE (DAC)

TERMS OF REFERENCE

CF Airway Metagenomics and Clinical Metadata Resource Version 0.1 — Draft for Review

1. Purpose

The Data Access Committee (DAC) is established to oversee controlled and responsible access to the CF Airway Metagenomics Dataset (“the Dataset”). The DAC ensures that data sharing aligns with participant consent, ethics approvals, privacy and security requirements, and the scientific objectives of the project.

The DAC is specifically responsible for preventing inappropriate use of the data, including any analysis involving human genomic sequences that may inadvertently appear in the Dataset.

2. Functions

The DAC will:

Assess and decide on data access applications, including determining appropriate access tiers.
Ensure that all use of the Dataset complies with:
- the Data Access Policy,
- ethics approvals,
- relevant legislation and institutional governance,
- the explicit prohibition on human genomic research.
Evaluate risks of re-identification based on proposed data combinations, metadata sensitivity, and longitudinal analyses.
Oversee the implementation and enforcement of Data Use Agreements (DUAs).
Manage reports of incidental human DNA, including requiring immediate deletion and confirmation of removal.
Review compliance issues and investigate breaches, recommending corrective actions where necessary.
Maintain records of approved, declined, and ongoing data access requests.
Review and update policies and procedures, ensuring alignment with evolving ethical, legal, and technological standards.
Enhance transparency, including (at the Committee’s discretion) maintaining a public list of approved projects.

3. Authority

The DAC is authorised to:

Approve, decline, or request modifications to data access applications.
Impose conditions on data use, including limiting access to specific data tiers.
Revoke data access in cases of non-compliance.
Escalate significant issues to the Human Research Ethics Committee (HREC), institutional leadership, or other oversight bodies.

4. Membership

4.1 Composition

The DAC will consist of 4–7 members appointed by the project leadership. Membership should collectively cover expertise in:

Microbial and metagenomic research
Bioinformatics and data governance
Clinical cystic fibrosis practice or respiratory medicine
Research ethics and/or legal frameworks
Community or consumer perspectives

4.2 Chair

A Chair will be appointed to:

Lead meetings;
Coordinate decision processes;
Serve as the primary contact for complex or escalated matters.

4.3 Term of Appointment

Members are typically appointed for a renewable two-year term.

4.4 Conflict of Interest

Members must declare any conflict of interest (CoI) regarding:

Applicants,
Research proposals,
Institutional collaborations, or
Commercial interests.

Members with a CoI must recuse themselves from the relevant decision.

5. Meetings and Decision-Making

5.1 Meeting Frequency

The DAC will meet once per quarter
Additional meetings may be convened for time-sensitive requests.

5.2 Quorum

A minimum of three members, including the Chair or acting Chair, is required for decisions.

5.3 Decision-Making Process

Decisions are typically made by consensus.
If consensus cannot be reached, a majority vote is taken.
Dissenting opinions may be recorded when relevant.

5.4 Out-of-Session Decisions

The Chair may call for asynchronous review (email or secure portal) for straightforward applications. Outcomes will be ratified at the next meeting.

5.5 Documentation

Minutes will record attendance, decisions, actions, and any conditions placed on approvals.
All documents will be stored securely in accordance with institutional data governance requirements.

6. Application Review Criteria

The DAC will consider the following:

Scientific merit and clarity of the proposed research.
Eligibility of the applicant and their institution.
Ethics approval or exemption status.
Proposed data security measures.
Consistency with participant consent and legal obligations.
Risk of re-identification, especially if longitudinal or sensitive metadata is requested.
Compliance with the prohibition on human DNA analysis, including the applicant’s planned host-removal and screening procedures.
Feasibility of the project in relation to the data requested.
Potential overlap or conflict with ongoing internal analyses (reviewed only to manage embargo periods, not to restrict valid research).

7. Human DNA Detection and Response

If a data user reports incidental human sequences:

The DAC will review the report and confirm compliance with deletion procedures.
The DAC may request additional evidence (e.g., logs, pipeline output).
The DAC will ensure that any human sequences in the EGA archive are removed

8. Compliance and Breach Management

8.1 Monitoring

The DAC may:

Request periodic updates from users,
Audit compliance with DUAs,
Review outputs (e.g., publications) for adherence to policy.

8.2 Breach Response

Breaches may include:

Attempted re-identification;
Unauthorised redistribution of data;
Human DNA analysis;
Poor data security practices;
Misrepresentation in an application.

The DAC may respond by:

Issuing warnings;
Requiring mandatory corrective actions;
Revoking access;
Notifying institutional ethics committees or governing authorities.

9. Transparency and Reporting

The DAC will maintain records of:

Committee membership;
Policy versions;
Decisions and rationales;
Annual summaries of activity.

A public registry of approved projects may be maintained (without sensitive details).

10. Review of Terms of Reference

These Terms of Reference will be reviewed every two years or earlier if required by:

Changes to ethics approvals;
New legal or regulatory requirements;
Introduction of new data types;
Evolving best practices in genomics data governance.

11. Contact

All DAC-related correspondence should be directed to: robert.edwards@flinders.edu.au