A collection of five principles will guide the sharing and release of data held by public sector agencies while a new legislative framework is developed.
The government today released ‘Sharing Data Safely’: A set of guidelines created by the Office of the National Data Commissioner (ONDC) in collaboration with the Australian Bureau of Statistics.
“There is a growing imperative for public sector data to be used more effectively to improve government service delivery and solve complex policy issues that can’t be addressed when data remains in siloes across government,” a best practice guide (PDF) to applying the principles states. “However, for many data custodians, there may be barriers to sharing data easily.”
Those barriers can include concerns around heightened scrutiny or a decision to apply “unnecessary protections to the data” that may reduce its usefulness.
The five principles are:
1. Projects: Data is shared for an appropriate purpose that delivers a public benefit.
2. People: The user has the appropriate authority to access the data.
3. Settings: The environment in which the data is shared minimises the risk of unauthorised use or disclosure.
4. Data: Appropriate and proportionate protections are applied to the data.
5. Output: The output from the data sharing arrangement is appropriately safeguarded before any further sharing or release.
The principles are based on the ‘Five Safes’ framework developed by the UK’s Office of National Statistics.
“The Principles enable a privacy-by-design approach to data sharing by balancing the benefits of using government data with a range of risk-management controls and treatments (particularly those managing disclosure risks),” states the best practices guide. “By focusing on controls and benefits, instead of merely reducing the level of detail in the data to be shared, the Principles can assist with maximising the usefulness of the data.”
“For example, an agency may be unwilling to share a dataset publicly because of the risk of identifying the individuals who provided the data,” the document adds. “However, the same agency may be comfortable with sharing that dataset with only basic data protections in place, such as the removal of names and addresses, as long as it is only accessed by authorised researchers in a secure environment. Alternatively, an aggregated form of the same data which does not identify any individual person or entity may be made available on a website for public use.”
“The new guidelines we have prepared will help to deliver that confidence by ensuring a more uniform and consistent approach to data sharing across the Australian Public Service,” human services and digital transformation minister Michael Keenan said. “The guidelines also recognise that privacy and data use are not mutually exclusive: in fact, we can strengthen privacy by better using and analysing the data we have.”
The government in 2016 rushed to try to create a new criminal offence after the Department of Health released a collection of supposedly anonymised data, elements of which researchers were able to reidentify. (The government’s legislative efforts on that front are currently stalled.)
The five principles are an interim measure while work continues on developing a Data Sharing and Release Act (DS&R Act), according Keenan.
The government in May last year revealed its intention to legislate a new data-sharing framework and create the ONDC as part of a $65 million, four-year open data push that formed part of its response to a Productivity Commission inquiry.
In July 2018, a public consultation on the DS&R Act began. The act will cover all data relating to individuals, businesses and other entities gathered and generated internally by Commonwealth entities.