Data Commissioner releases five-point data sharing rules for gov agencies

The Federal Government has released a set of best practice guidelines for sharing and releasing agency data – an effort to ensure the continued exchange and use of valuable data stocks.

The new guidelines will serve as an interim measure until the legislation of the government’s Data Sharing and Release Act, which is currently being drafted.

Minister for Human Services and Digital Transformation Michael Keenan said the new digital governance code will deliver for public sector agencies “a more consistent and comprehensive approach to data sharing."

The interim guidelines were developed by the office of the National Data Commissioner (ONDC), which was established last year by the Government with the overarching goal of simplifying and codifying a data sharing framework for Commonwealth agencies.

In drafting the guidelines, commissioner Deborah Anton said the ONDC sought a balance between realising the benefits of an open data sharing regime whilst reducing the potential for misuse and loss of digital records.

“Making data public online is an excellent way to unlock its potential – anyone can use it and recombine it with their own information. This can be a boon to researchers, business and the government, but the flip-side of these benefits is the risk that anyone can misuse the data by attempting to identify individuals,” Anton said in a statement.

According to Minister Keenan, an overt cautiousness “has often resulted in agencies adopting a default position of always saying ‘no’ to requests for data to be shared, even when the privacy of individuals could easily be protected, or the benefits to wider community were significant.”

A complex web of “more than 500 different rules, laws and regulations" have restricted the potential use of government data to improve citizen services.

The ONDC has therefore sought to condense and simplify these regulations into a ‘Five-Safes framework’ – an approach developed by the UK’s Office of National Statistics – governed by five Data Sharing Principles:

  1. Projects: Data is shared for an appropriate purpose that delivers a public benefit.
  2. People: The user has the appropriate authority to access the data.
  3. Settings: The environment in which the data is shared minimises the risk of unauthorised use or disclosure.
  4. Data: Appropriate and proportionate protections are applied to the data.
  5. Output: The output from the data sharing arrangement is appropriately safeguarded before any further sharing or release.

In defining these five core Principles, the ONDC sought to enable a “privacy-by-design approach to data sharing … balancing the benefits of using government data with a range of risk-management controls and treatments (particularly those managing disclosure risks).”

“By focusing on controls and benefits, instead of merely reducing the level of detail in the data to be shared, the Principles can assist with maximising the usefulness of the data,” the Government said in its final Data Sharing Principles guide.

Cyber breach incidents are a growing concern for government agencies and industry, with notifiable breach incidents increasing every quarter since the introduction of Notifiable Data Breach (NDB) reporting last year – a scheme requiring Australian state and federal governments and industry to report suspected breach events.

More than 800 separate breach incidents have been recorded since the scheme’s introduction in February 2018.

Further information on the new Data Sharing Principles can be accessed here.