High Level Principles for Data Integration - Principle Two - Custodian's Accountability

From Data.gov.au
Jump to: navigation, search

High Level Principles for Data Integration series

Agencies responsible for source data used in statistical data integration remain individually accountable for their security and confidentiality.

This principle ensures that data custodians recognise their continued accountability for their data within integrated datasets and establish adequate controls over the use of personal or other sensitive data in data integration projects.

Each responsible agency for source data:

  • must agree mechanisms to achieve adequate control and manage risk appropriate to their own situation. For some these mechanisms may include the use of particular institutional arrangements with trusted institutions, the use of specified standards and audits against those standards, and the potential application of sanctions.
  • will need to agree the nature of valid uses that can be made of the integrated datasets and the approval mechanism to be applied to applications to use the datasets, as well as any control mechanisms to be applied to such use.
  • will need to manage the potential increase in identifiability of data for which they are responsible when it is used in conjunction with data from other sources. It will need to agree mechanisms by which it can assure itself that outputs from the statistical data integration are not likely to enable the identification of individuals or businesses.
  • will need to agree the final content of any new data integration proposal, or any material change to an existing data integration proposal as part of the approval process. They must be kept informed of, and agree, more minor proposed changes to existing proposals.

Where an agency does not agree to the use of its source data in a statistical integration proposal, that data will not be included. For example this might occur if the proposal threatens the integrity of the administrative data.