ADEPT Principles

ADEPT PRINCIPLES are fundamental to the creation of an institutional environment in which the economic and social value of data exchange is recognised and enhanced. These principles encompass four key areas, being accountability, transparency, enablement and authorisation:

  1. there are clear roles and responsibilities for all parties involved in the exchange of data.
  2. data is responsibly and transparently exchanged within and between agencies to inform policy development and the continuous improvement of services.
  3. data from different sources is able to be exchanged and used appropriately.
  4. provisos of data privacy, confidentiality, security and intellectual property are respected and protected.

ADEPT ESSENTIAL AND RECOMMENDED OBLIGATIONS extend these principles into a pragmatic and coherent framework that addresses the need for transparency and consistency in the governance and administration of the data exchange continuum – from data request to data integration – across the Tasmanian Government, without the imposition of new governance structures or institutional arrangements.

ADEPT ESSENTIAL OBLIGATIONS are identified as mandatory elements of the framework: obligatory actions that must be complied with in order to protect the interests of all parties responsible for the ethical release and use of data within and across Tasmanian Government agencies.

ADEPT RECOMMENDED OBLIGATIONS are identified as discretionary yet highly recommended actions that will assist and enable agencies to fulfil their obligations, through the establishment of more rigorous and effective complementary activities.

The principles and obligations that comprise the ADEPT framework extend preliminary work undertaken through the Australian Bureau of Statistics and the Statistical Policy Committee, informed by the work of the Australian Government’s Cross Portfolio Statistical Integration Committee in defining High Level Principles for Data Integration Involving Commonwealth Data for Statistical and Research Purposes.

ADEPT Principle 1: Collaborative Accountability

There are clear roles and responsibilities for all parties involved in the exchange of data

An understanding of the obligations and expectations of all parties is necessary for the secure and efficient exchange of data. Clearly articulated roles and responsibilities not only foster a culture of collaboration, they also stimulate trusted use of data within and across agency boundaries.

The governance of all phases of data exchange and subsequent forms of data use must always be respectful of rights and enforce relevant obligations and accountabilities.

Essential

Explicit statements of intent

Requesting agencies define Statements of Intent (documentation of objective and proposed data use) and abide by these and any Conditions of Release, including acknowledgement of data quality limitations.

Fair appraisal of requests

Source agencies commit to an objective evaluation of data requests and consider all options to ensure appropriate levels of confidentiality and security are maintained when responding to complex requests for data.

Exchange by default

Source agencies release data where public value is demonstrated and agreed unless a clear legislative or regulatory imperative precludes such release.

Safeguarded and ethical use

All parties take steps to responsibly protect data holdings from misuse and unauthorised access, use, modification or disclosure, implementing levels of security proportionate to the subject data.

Agreed retention and disposal

All parties ensure conditions for data storage, retention, future reuse and eventual disposal are agreed prior to the exchange of data.

Pragmatic oversight

Definitive authority for consent or refusal to release data is accorded to Heads of Agency (or nominated delegates), who exercise fair judgement in reconciling expectations and requests for data exchange with relevant, organisation-specific legislative and regulatory considerations.

Recommended

Assign responsibility

Agencies delegate senior executive responsibility for the assessment and management of complex intra and inter-agency data requests.

Provide a contact point

Agencies establish an internal contact point (data exchange agent) to manage streamlined internal processes for the review and assessment of data requests for intra and inter-agency exchange of data.

Educate and inform

A whole-of- government ADEPT communications strategy is devised and implemented.

ADEPT Principle 2: Enabled Exchange

Data from different sources is able to be exchanged and used appropriately

Formal and rigorous governance structures are crucial for instilling confidence in the data exchange process and for ensuring legislative compliance. Ongoing monitoring and evaluation are essential to continuously improve underpinning structures.

Apart from using data in its original state, exchanged data may be manipulated or enhanced in various ways, including integration with other data. The integration of data from different source agencies raises higher level privacy concerns, including the increased risk of potential misuse. Requests for data that will or may be matched, linked or integrated with other data should be granted to those who have an authorised business requirement for the data, provided that all legal, policy and administrative obligations have been considered and met.

Essential

Negotiate with respect

Requesting agencies respect and address the privacy and ethical concerns of the source agency at all stages of the data exchange process.

Formal agreements for data exchange and integration

Agencies enter into formal agreements to support rigorous processes for the exchange and use of data in stand-alone projects or ongoing programs of data matching/linkage/integration, as recommended and consistent with ADEPT Procedures.

Lawful integration processes

Agencies abide by ADEPT Procedures and ensure that data exchange/matching/linkage/integration activities comply with all relevant legislation and regulation.

Evaluate and validate

Agencies implement ongoing internal processes to monitor and evaluate the intent and efficacy of data exchange/matching/linkage/integration activities. Where activities are evaluated as no longer necessary or inappropriately conducted, such activities are suspended or completely ceased.

Recommended

Proactive future strategies

Agencies collaborate to establish inter-agency ADEPT governance structures and supportive mechanisms that will enable streamlined, secure processes for data exchange/matching/linkage/integration activities.

Develop data descriptions

Source agencies provide clear data descriptions (metadata) that enable other agencies to evaluate ‘fitness-for- purpose’, including data format, caveats and information about data quality including, but not limited to, reliability, period of collection, completeness, coverage and accuracy.

Improve collection of consent

Agencies review procedures to obtain consent at the time of collection for the use or disclosure of data that includes personal information for both primary and identified secondary purposes to improve service delivery and value creation in the public interest, in accordance with Personal Information Protection Principle 2(1)(a) OR 2(1)(b). Purposes may include data exchange/matching/linkage/integration if and where necessary.

ADEPT Principle 3: Safe Authorisation

Provisos of data privacy, confidentiality, security and intellectual property are respected and protected

A great deal of data considered essential for population-based research and policy decisions contains personal and often sensitive information about individuals and individual organisations, so it is critical that due consideration is given to issues of privacy and security. The Personal Information Protection Act 2004 (the Act) regulates the collection, maintenance, use and disclosure of personal information about individuals; responsibility for the application of those provisions is vested in all Tasmanian Government agencies. Additional restrictions around the management and use of data from specific datasets may also be set out in other legislation.

While the Act protects individuals’ personal and sensitive information, it is also intended to provide for the enablement of more coherent data sharing and efficient ways for individuals to deal with the Tasmanian Government, and for the improved delivery of information and public services to the people of Tasmania.

Essential

Authorised release

Agencies must have authorisation to release identifiable data to other agencies, through either legislation or by consent of the individual (or individual organisation) to whom the data relates. Before any data integration project is approved, the agencies involved must ensure that the project complies with all relevant legislation or regulation.

Authorise the public interest

Any exchange of data for use in research or statistical analysis in the public interest must abide by ADEPT Procedures to ensure that the intended data use and disclosure complies with provisions of Personal Information Protection Principle 2(1)(c).

Authorised integration

Agencies agree to nominate and appoint an individual or individuals to oversee sound conduct of the data integration process of any project or program from start to finish, consistent with the level of risk identified and assessed through ADEPT Procedures.

De-identify before disclosure

Data that includes personal or sensitive information which is subject to a request for disclosure to another agency for unconsented, secondary and/or unanticipated data integration is released only after the subject data has been de-identified in accordance with ADEPT Procedures.

Recommended

Detect inconsistencies

Agencies establish rigorous processes to avoid, detect and remedy inconsistencies in meeting ethical concerns and legislative obligations governing the exchange, use, disclosure and disposal of data.

Streamlined programs

Data integration projects involving the same data, procedures and intended use, may be combined, approved and managed as a single program.

ADEPT Principle 4: Transparent Procedures

Data is responsibly and transparently exchanged within and between agencies to inform policy development and the continuous improvement of services

An administrative environment that facilitates the transparent exchange of data is of paramount importance. To maximise opportunities for data reuse, attention to data quality essentials (such as accuracy, relevancy, coverage and completeness) is encouraged, extending across the complete data lifecycle. As most datasets are not perfect, it is essential that agencies are able to assess ‘fitness-for-purpose’ and reconcile issues relating to quality or limitations of use before any exchange takes place.

Essential

Create public value

Statements of Intent must demonstrate benefits that contribute to the welfare or wellbeing of the general public, reflecting a balance between compliance, service delivery and value creation that outweighs any risks to privacy and confidentiality.

No cost of exchange

Agencies release data free of charge (notwithstanding contradictory pre-existing agreements) unless significant costs are associated with the actual exchange process or irreconcilable legislative provisions apply.

Appropriate levels of security

Data is exchanged in an environment that enables easy access and retrieval at the same time ensuring levels of security commensurate with the type and format of data to be exchanged and perceived level of risk.

Secure file transfer service

Agencies investigate available options to exchange data through a secure file transfer service.

Ethical compliance

Agencies use data lawfully and only for those purposes specified in approved Statements of Intent.

Quality assurance

Agencies partake in an annual review of data matching/linkage/integration systems and activities as part of a transparent whole-of- government risk management and reporting framework.

Recommended

Timely exchange of data

Source agencies endeavour to supply data as efficiently as possible and within agreed timeframes.

Pragmatic use of standards

Agencies progressively adopt the use of agreed data standards and processes that optimise quality and interoperability, and allow common requests to be serviced efficiently.

Maintain a register

Agencies maintain an auditable register of all data exchange projects and ongoing programs.