A checklist for data custodians

This is a list of considerations for data custodians who have been approached for their data to be included in a data integration project for statistical or research purposes.

1.  In Principle approval

✔ Is your project in Scope of the Commonwealth arrangements?

✔  Does the public benefit outweigh the privacy imposition of the project?

✔  Do you have authorisation to release the data for the purpose of the project?

✔ Is the purpose consistent with departmental policies and purposes?

✔ Have you completed the risk assessment in conjunction with other data custodians?

✔  Are you satisfied that this project does not present an unacceptably high systemic risk to public trust in the Australian Government and its institutions?

✔  Do you require an accredited Integrating Authority to manage the project?

✔  Do you require any further assessments to be undertaken prior to signing project agreements (e.g. ethics committee approval or privacy impact assessment)?

✔  Have you specified any special conditions to be met as part of your project approval?

✔  Do you give in principle approval for this project to proceed to the next stage?

2.  Final approval

✔  Are you satisfied with the arrangements provided by the integrating authority for security of the data (e.g. data transfer, access, use, storage and destruction or retention)?

✔  Have you considered how confidentiality and privacy will be protected?

  • How will the separation principle be applied (if applicable)?
  • How will data be de-identified and/or confidentialised?
  • What conditions will data users be expected to comply with (e.g. signing confidentiality undertakings, review of research results before publication)?
  • What are the consequences if there is a misuse of data or breach of privacy?

✔  Have all necessary authorisations been received (e.g. Ethics committee approval, privacy impact assessment, departmental authorisation, consent of the data provider, Public Interest Determination).

✔ Have you entered into a project agreement with the integrating authority (and all other data custodians)?

3.  Project delivery

✔  Has data been extracted and delivered to the integrating authority according to project agreements

✔ Have you provided metadata and information about the quality of the data to assist the integrating authority and data users understand the source data.