ADEPT Principles
ADEPT PRINCIPLES are fundamental to the creation of an institutional environment in which the economic and social value of data exchange is recognised and enhanced. These principles encompass four key areas, being accountability, transparency, enablement and authorisation:
- there are clear roles and responsibilities for all parties involved in the exchange of data.
- data is responsibly and transparently exchanged within and between agencies to inform policy development and the continuous improvement of services.
- data from different sources is able to be exchanged and used appropriately.
- provisos of data privacy, confidentiality, security and intellectual property are respected and protected.
ADEPT ESSENTIAL AND RECOMMENDED OBLIGATIONS extend these principles into a pragmatic and coherent framework that addresses the need for transparency and consistency in the governance and administration of the data exchange continuum – from data request to data integration – across the Tasmanian Government, without the imposition of new governance structures or institutional arrangements.
ADEPT ESSENTIAL OBLIGATIONS are identified as mandatory elements of the framework: obligatory actions that must be complied with in order to protect the interests of all parties responsible for the ethical release and use of data within and across Tasmanian Government agencies.
ADEPT RECOMMENDED OBLIGATIONS are identified as discretionary yet highly recommended actions that will assist and enable agencies to fulfil their obligations, through the establishment of more rigorous and effective complementary activities.
The principles and obligations that comprise the ADEPT framework extend preliminary work undertaken through the Australian Bureau of Statistics and the Statistical Policy Committee, informed by the work of the Australian Government’s Cross Portfolio Statistical Integration Committee in defining High Level Principles for Data Integration Involving Commonwealth Data for Statistical and Research Purposes.
ADEPT Principle 1: Collaborative Accountability
There are clear roles and responsibilities for all parties involved in the exchange of data
An understanding of the obligations and expectations of all parties is necessary for the secure and efficient exchange of data. Clearly articulated roles and responsibilities not only foster a culture of collaboration, they also stimulate trusted use of data within and across agency boundaries.
The governance of all phases of data exchange and subsequent forms of data use must always be respectful of rights and enforce relevant obligations and accountabilities.
Essential
Explicit statements of intent
Requesting agencies define Statements of Intent (documentation of objective and proposed data use) and abide by these and any Conditions of Release, including acknowledgement of data quality limitations.
Fair appraisal of requests
Source agencies commit to an objective evaluation of data requests and consider all options to ensure appropriate levels of confidentiality and security are maintained when responding to complex requests for data.
Exchange by default
Source agencies release data where public value is demonstrated and agreed unless a clear legislative or regulatory imperative precludes such release.
Safeguarded and ethical use
All parties take steps to responsibly protect data holdings from misuse and unauthorised access, use, modification or disclosure, implementing levels of security proportionate to the subject data.
Agreed retention and disposal
All parties ensure conditions for data storage, retention, future reuse and eventual disposal are agreed prior to the exchange of data.
Pragmatic oversight
Definitive authority for consent or refusal to release data is accorded to Heads of Agency (or nominated delegates), who exercise fair judgement in reconciling expectations and requests for data exchange with relevant, organisation-specific legislative and regulatory considerations.
Recommended
Assign responsibility
Agencies delegate senior executive responsibility for the assessment and management of complex intra and inter-agency data requests.
Provide a contact point
Agencies establish an internal contact point (data exchange agent) to manage streamlined internal processes for the review and assessment of data requests for intra and inter-agency exchange of data.
Educate and inform
A whole-of- government ADEPT communications strategy is devised and implemented.
ADEPT Principle 2: Enabled Exchange
Data from different sources is able to be exchanged and used appropriately
Formal and rigorous governance structures are crucial for instilling confidence in the data exchange process and for ensuring legislative compliance. Ongoing monitoring and evaluation are essential to continuously improve underpinning structures.
Apart from using data in its original state, exchanged data may be manipulated or enhanced in various ways, including integration with other data. The integration of data from different source agencies raises higher level privacy concerns, including the increased risk of potential misuse. Requests for data that will or may be matched, linked or integrated with other data should be granted to those who have an authorised business requirement for the data, provided that all legal, policy and administrative obligations have been considered and met.
Essential
Negotiate with respect
Requesting agencies respect and address the privacy and ethical concerns of the source agency at all stages of the data exchange process.
Formal agreements for data exchange and integration
Agencies enter into formal agreements to support rigorous processes for the exchange and use of data in stand-alone projects or ongoing programs of data matching/linkage/integration, as recommended and consistent with ADEPT Procedures.
Lawful integration processes
Agencies abide by ADEPT Procedures and ensure that data exchange/matching/linkage/integration activities comply with all relevant legislation and regulation.
Evaluate and validate
Agencies implement ongoing internal processes to monitor and evaluate the intent and efficacy of data exchange/matching/linkage/integration activities. Where activities are evaluated as no longer necessary or inappropriately conducted, such activities are suspended or completely ceased.
Recommended
Proactive future strategies
Agencies collaborate to establish inter-agency ADEPT governance structures and supportive mechanisms that will enable streamlined, secure processes for data exchange/matching/linkage/integration activities.
Develop data descriptions
Source agencies provide clear data descriptions (metadata) that enable other agencies to evaluate ‘fitness-for- purpose’, including data format, caveats and information about data quality including, but not limited to, reliability, period of collection, completeness, coverage and accuracy.
Improve collection of consent
Agencies review procedures to obtain consent at the time of collection for the use or disclosure of data that includes personal information for both primary and identified secondary purposes to improve service delivery and value creation in the public interest, in accordance with Personal Information Protection Principle 2(1)(a) OR 2(1)(b). Purposes may include data exchange/matching/linkage/integration if and where necessary.
ADEPT Principle 4: Transparent Procedures
Data is responsibly and transparently exchanged within and between agencies to inform policy development and the continuous improvement of services
An administrative environment that facilitates the transparent exchange of data is of paramount importance. To maximise opportunities for data reuse, attention to data quality essentials (such as accuracy, relevancy, coverage and completeness) is encouraged, extending across the complete data lifecycle. As most datasets are not perfect, it is essential that agencies are able to assess ‘fitness-for-purpose’ and reconcile issues relating to quality or limitations of use before any exchange takes place.
Essential
Create public value
Statements of Intent must demonstrate benefits that contribute to the welfare or wellbeing of the general public, reflecting a balance between compliance, service delivery and value creation that outweighs any risks to privacy and confidentiality.
No cost of exchange
Agencies release data free of charge (notwithstanding contradictory pre-existing agreements) unless significant costs are associated with the actual exchange process or irreconcilable legislative provisions apply.
Appropriate levels of security
Data is exchanged in an environment that enables easy access and retrieval at the same time ensuring levels of security commensurate with the type and format of data to be exchanged and perceived level of risk.
Secure file transfer service
Agencies investigate available options to exchange data through a secure file transfer service.
Ethical compliance
Agencies use data lawfully and only for those purposes specified in approved Statements of Intent.
Quality assurance
Agencies partake in an annual review of data matching/linkage/integration systems and activities as part of a transparent whole-of- government risk management and reporting framework.
Recommended
Timely exchange of data
Source agencies endeavour to supply data as efficiently as possible and within agreed timeframes.
Pragmatic use of standards
Agencies progressively adopt the use of agreed data standards and processes that optimise quality and interoperability, and allow common requests to be serviced efficiently.
Maintain a register
Agencies maintain an auditable register of all data exchange projects and ongoing programs.