Globally, the volume of private and personal digital data has massively increased, accompanied by rapid expansion in the generation and use of digital health data. These technological advances promise increased opportunity for data-driven and evidence-based health programme design, management and assessment; but also increased risk to individuals of data misuse or data breach of their sensitive personal data, especially given how easily digital data can be accessed, copied and transferred on electronic platforms if the appropriate controls are not implemented. This is particularly pertinent in low-income and middle-income countries (LMICs), where vulnerable populations are more likely to be at a disadvantage in negotiating digital privacy and confidentiality given the intersectional nature of the digital divide. The potential benefits of strengthening health systems and improving health outcomes through the digital health environment thus come with a concomitant need to implement strong data governance structures and ensure the ethical use and reuse of individuals’ data collected through digital health programmes. We present a framework for data governance to reduce the risks of health data breach or misuse in digital health programmes in LMICS. We define and describe four key domains for data governance and appropriate data stewardship, covering ethical oversight and informed consent processes, data protection through data access controls, sustainability of ethical data use and application of relevant legislation. We discuss key components of each domain with a focus on their relevance to vulnerable populations in LMICs and examples of data governance issues arising within the LMIC context.