Princess Nourah bint Abdulrahman University seeks to regulate the sharing of its data internally and externally in a secure and controlled manner, ensuring privacy protection, compliance with national regulations, and the enhancement of operational quality, efficiency, and institutional integration.
 
Data Sharing Guiding Principles:
1. Promoting a Culture of Data Sharing
All University entities shall share the core data they produce in accordance with the provisions of this policy, in order to enhance the utilization of data and achieve integration among internal and external entities.

2. Once-Only Principle
The University shall implement procedures to collect data once, with the ability to share and reuse it in a manner that does not conflict with applicable regulations, thereby reducing duplication, inconsistency, and multiple data sources, and ensuring data integration, currency, and quality.

3. Purpose Legitimacy
Data shall be shared for legitimate purposes based on a legal basis or a justified operational need, without causing harm to national interests, the activities of entities, individuals’ privacy, or environmental safety. The use of shared data by the requesting party shall be limited strictly to the purposes specified in the data-sharing request.

4. Authorized Use
All parties involved in the data-sharing process shall have the appropriate authorization to access, obtain, and use the data. Authorized individuals shall be identified after completing the necessary procedures to verify their reliability, where required, in accordance with the nature, classification level, and sensitivity of the data, as stipulated in the Data Classification Policy.

5. Transparency
All necessary information related to the data-sharing request shall be made available to all parties involved, including clarification of the requested data, its classification levels as stipulated in the Data Classification Policy, the purpose of the request, methods of storage, security controls applied for protection, and the mechanisms for data disposal.

6. Shared Accountability
All parties involved in the data-sharing process shall bear joint responsibility for decisions related to data sharing, in accordance with the roles and responsibilities outlined in the Data Sharing Agreement or the applicable controls, as appropriate, to ensure that data is processed in line with the specified purposes.

7. Data Security
All parties involved in the data-sharing process shall implement appropriate security controls to protect data and ensure its sharing within a secure and trusted environment, in accordance with regulatory requirements and the controls issued by the National Cybersecurity Authority.

8. Ethical Use
All parties involved in the data-sharing process shall adhere to ethical practices to ensure that data is used responsibly, fairly, with integrity and trustworthiness, in addition to complying with relevant regulatory requirements