|2. Integrating Authorities|
An essential pillar of establishing a safe and effective environment for data integration involving Commonwealth data is the nomination of an agency as the authorised integrating authority for each statistical data integration proposal. The integrating authority will be responsible for the sound conduct of the data integration project and may work with other agencies to achieve components of the project, for example it might use another agency to undertake linkage or to support dissemination. The integrating authority has overall responsibility to ensure that risks have been assessed, managed and mitigated throughout the duration of the project, including regular reviews of ongoing projects.
As described by Principle 3 in the High Level Principles, the integrating authority will ensure appropriate governance is in place for the data integration project including: using an open approval process; documenting the proposal; considering the privacy impacts, examining the expected costs and benefits of the proposal and considering the access arrangements and dissemination plans. The integrating authority will be responsible for the ongoing management of the integrated data, ensuring it is kept secure, confidential and fit for the purposes for which it was approved.
Integrating authorities are responsible for the implementation of the data integration project, and the management of the integrated datasets throughout their life cycle, ensuring full compliance with commitments made as part of the project approval, and in line with a set of guidelines to be developed as a priority by 2012.
A key requirement of integrating authorities is that, to the extent that the data they deal with involves identifiable information, they be in a position to comply with the requirements of the Privacy Act 1988 (in regards to information about individuals) and secrecy provisions generally (in regards to information with respect to the affairs of any third party, corporate or individual). This may require either the consent of the individual to the particular use or disclosure for Privacy Act 1988 purposes, or an overriding public interest test certified in accordance with the relevant secrecy provision.
Integrating authorities will only be established at the initiative of an interested agency. Such agencies may wish to involve their respective Ministers in the course of preparing a proposal for accreditation to the Board. An integrating authority could also be established administratively within a Department or other agency, that is, it would be part of an agency subject to the provisions of the Privacy Act 1988.
For data integration proposals considered by custodians to pose a high systemic risk, nomination of an authorised and accredited integrating authority is required. An accreditation process will be established through the Board to enable the endorsement of authorised and accredited integrating authorities with the capacity to deal with high risk data integration projects or families of projects involving Commonwealth data.
Data integration projects involving Commonwealth data for statistical and research purposes judged to pose a high systemic risk will need to be undertaken with particular care to help mitigate this risk. This will require a high level of relevant expertise, a strong understanding of, and capability for, maintaining security, as well as a consistently high standard of behaviour by all employees based on a strong culture, and set of values. To ensure effective use of specialist skills and infrastructure, the number of accredited integrating authorities is expected to be relatively limited.
An accreditation process including interim arrangements will be proposed through cross government consultation. It is expected that interim arrangements will be proposed for discussion and endorsement by the Board in early 2011 with final arrangements agreed early 2012.
Return to Contents Page