This is a list of considerations for data custodians who have been approached for their data to be included in a data integration project for statistical or research purposes.
1. In Principle approval
✔ Is your project in Scope of the Commonwealth arrangements?
✔ Does the public benefit outweigh the privacy imposition of the project?
✔ Do you have authorisation to release the data for the purpose of the project?
✔ Is the purpose consistent with departmental policies and purposes?
✔ Have you completed the risk assessment in conjunction with other data custodians?
✔ Are you satisfied that this project does not present an unacceptably high systemic risk to public trust in the Australian Government and its institutions?
✔ Do you require an accredited Integrating Authority to manage the project?
✔ Have you specified any special conditions to be met as part of your project approval?
✔ Do you give in principle approval for this project to proceed to the next stage?
2. Final approval
✔ Are you satisfied with the arrangements provided by the integrating authority for security of the data (e.g. data transfer, access, use, storage and destruction or retention)?
✔ Have you considered how confidentiality and privacy will be protected?
- How will the separation principle be applied (if applicable)?
- How will data be de-identified and/or confidentialised?
- What conditions will data users be expected to comply with (e.g. signing confidentiality undertakings, review of research results before publication)?
- What are the consequences if there is a misuse of data or breach of privacy?
✔ Have all necessary authorisations been received (e.g. Ethics committee approval, privacy impact assessment, departmental authorisation, consent of the data provider, Public Interest Determination).
✔ Have you entered into a project agreement with the integrating authority (and all other data custodians)?
3. Project delivery
✔ Has data been extracted and delivered to the integrating authority according to project agreements