Public Trust in Data Sharing (AU0006)
Action Plan: Australia National Action Plan 2016-2018
Action Plan Cycle: 2016
Lead Institution: Department of the Prime Minister and Cabinet (firstname.lastname@example.org), Australian Bureau of Statistics and Office of the Australian Information Commissioner (email@example.com) Other
Support Institution(s): Attorney General’s Department, Treasury, Fair Work Ombudsman, Australian Institute of Health and Welfare, Department of Social Services, Department of Industry, Innovation and Science and Department of Health, Department of Human Services, Australian Taxation Office and Australian Federal Police, state and territory governments; Non-government organisations (including Australian Open; Government Partnership Network, Open Data Institute Queensland, Open Knowledge Foundation, Electronic Frontiers Australia, Australian Privacy Foundation, other privacy groups, digital rights organisations), library associations and the public
Policy AreasCapacity Building, Civic Space, Fiscal Transparency, Open Data, Public Participation
Objective and description: Australia will build public trust around data sharing and release. We will do this by actively engaging with the public regarding how open data is being used to better communicate the benefits and understand public concerns, and we will improve privacy risk management capability across government. Status Quo: In an increasingly complex and interconnected world, effective policy responses require investment in joined-up data that can provide a strong evidence-base for policy decisions. However, as the volume of data and technical capability to use it increases, we need to better inform the public about the risks and benefits of data sharing and release, and address public views and concerns, including attitudes towards privacy. It is essential that people’s privacy and personal information is protected in using and sharing data. In some cases it is not appropriate to publish or share certain datasets. The Privacy Act 1988 (Privacy Act) underpins the open data agenda and helps build public trust in data-sharing activities, but there is a need to improve capacity within government agencies to manage privacy risks when releasing data. In October 2016 the Government introduced separate pieces of legislation to amend the Privacy Act to: make it an offence to deliberately re-identify personal information from open government data;8 and introduce mandatory data breach notification provisions requiring Australian Government agencies, private sector organisations and certain other entities regulated by the Privacy Act that suffer data breaches to notify individuals whose personal information has been compromised. Data literacy across the APS is also critical. In August 2016, the Department of the Prime Minister and Cabinet released Data Skills and Capability in the Australian Public Service10 to help build skills and knowledge in publishing, linking and sharing public data. The Government will also improve whole-of-government de-identification processes by releasing guidance on publishing sensitive data. The Productivity Commission’s inquiry into data availability and use will also consider privacy safeguards and consumer rights over their data. The Government will respond to the recommendations in the Productivity Commission’s report and continue to work with the public to grow the social licence for data to empower citizens and increase transparency over government activities. Ambition: To build trust about the use of integrated data and actively respond to public concerns about data sharing. To comply with international best practice on open data principles and participate in global fora on data. Relevance: This commitment will advance the OGP values of transparency and public participation by: providing greater transparency on how government is using the data it collects and protecting personal information; enabling the public to engage with government and raise issues of concern; enabling experts outside of government to inform public debate; and providing more targeted and effective policy, service delivery and program evaluation. COMMITMENT DETAILS: OGP Grand Challenge: Improving Public Services Increasing Public Integrity; Timeframes December 2016 – July 2018; Lead agency: Department of the Prime Minister and Cabinet (firstname.lastname@example.org), Australian Bureau of Statistics and Office of the Australian Information Commissioner (email@example.com); Other actors involved. Government: Attorney General’s Department, Treasury, Fair Work Ombudsman, Australian Institute of Health and Welfare, Department of Social Services, Department of Industry, Innovation and Science and Department of Health, Department of Human Services, Australian Taxation Office and Australian Federal Police, state and territory governments. Non-government Non-government organisations (including Australian Open Government Partnership Network, Open Data Institute Queensland, Open Knowledge Foundation, Electronic Frontiers Australia, Australian Privacy Foundation, other privacy groups, digital rights organisations), library associations and the public.
IRM Midterm Status Summary
6. Build and maintain public trust to address concerns about data sharing and release
Australia will build public trust around data sharing and release.
We will do this by actively engaging with the public regarding how open data is being used to better communicate the benefits and understand public concerns, and we will improve privacy risk management capability across government.
- Develop an ongoing and collaborative conversation with the public about the risks and benefits of data sharing and integration:
- Establish an expert panel to advise government and to help communicate: value and utility of data sharing and integration; how government is using the data it collects; and how government is protecting personal information.
- Develop and implement a public engagement process to demonstrate public-value examples and enable an ongoing dialogue with the public.
- Improve privacy and personal information protections in using and sharing data:
- Publicly release a process for government agencies to determine whether sensitive data can be made sufficiently confidential to enable open publication
- Work with the Office of the Australian Information Commissioner to improve privacy risk management capability across the Australian Public Service.
- Respond to the Productivity Commission’s recommendations on consumer rights and safeguards for data.
- Comply with international best practice on open data principles and participate in global fora on data:
- Adopt the International Open Data Charter and develop a high-level public statement with public consultation.
- Participate in the International Open Data Stewards Group.
Responsible institution: Department of the Prime Minister and Cabinet, Australian Bureau of Statistics and Office of the Australian Information Commissioner
Supporting institution(s): See the National Action plan for a full list.
Start date: December 2016 End date: July 2018
Editorial Note: This is a partial version of the commitment text. For the full commitment text, see the Australia National Action Plan available at https://www.opengovpartnership.org/wp-content/uploads/2001/01/Australia_NAP_2016-2018_0.pdf.
Context and Objectives
This commitment represents a number of steps to build and maintain public trust in the way government shares the information it has collected. It seeks to raise awareness of the benefits to data sharing and protections against misuse, increase those protections and adopt internationally recognised principles for openness.
The Productivity Commission, in its Data Availability and Use Report, identified the need to build and retain public trust in how data is managed and used as key to achieving the many potential benefits of data use. A survey conducted by the Office of the Australian Information Commissioner (OAIC) in 2013 found that nearly half of Australians surveyed are uncomfortable with government agencies sharing personal information about them with other government agencies, or using their information for research, service development or policy development purposes.
As the Commission reported, that lack of trust may arise due to a lack of understanding of how data collection and use is regulated. Consent to the collection and use of personal information may be provided without clear understanding of the terms and conditions of that consent and a lack of control over what happens to personal information after it has been provided. There have also been several high-profile examples in the public sector involving cybersecurity breaches or the re-identification of anonymised data based on matching with non-sensitive publicly available information. The lack of accountability for misuse or inadequate protection of personal information, asymmetries of access to sensitive information or an understanding of its implications, and the general complexity of the data landscape may all contribute to eroding trust.
In its Data Availability and Use Report, the Productivity Commission found that ‘[c]omprehensive reform of Australia’s data infrastructure is needed’, including enhancement of consumer rights, improving the safeguards in place, increasing transparency and effective management of risk. The Commission made a number of recommendations which relate to the rights of consumers and safeguards for data. These included the right of consumers to access and use their data; legislative reform to introduce a comprehensive risk-based approach by government agencies to the sharing and release of government data ; and the need to engage with the community, including forums for consultation to address community concerns about increased use of data.
The milestones include a number of specific elements, such as the establishment of expert panel, releasing processes, responding to recommendations or adopting the charter. However, other elements, such as working with the OAIC or participating in the Steward’s Group, are more subjective. Overall, therefore, this commitment is of medium specificity.
Milestone 6.1: Establishing an expert panel and a public engagement process will potentially increase public access to information on how government is using the data it collects and generates. By providing advice to government, and enabling an ongoing dialogue, the forums will improve the opportunities for the public to inform themselves on government information sharing practices. However, the commitment does not provide any indication of whether these forums will be able to influence decisions or reforms in this area. The relationship between the expert panel and existing governance arrangements for data integration projects within the public service, for example the Secretaries Data Group and Deputy Secretaries Data Group, is also not clear.
Milestone 6.2: Providing a process for government agencies to determine whether sensitive data can be made sufficiently confidential to enable open publication is intended to increase the open publication of data which has been anonymised or de-identified. Similarly, improving privacy risk management capability should encourage disclosure where there is a low risk of sensitive information being inappropriately disclosed or used. This could in turn increase the quantity of information disclosed to the public. Its impact on increasing trust in government’s collection and use of information, however, will depend on the transparency of the process as well as its implementation and enforcement. The extent of any additional information being made available is therefore uncertain, but is expected to be moderate.
This milestone also commits the government to respond to the Productivity Commission’s recommendations on consumer rights and safeguards for data. The Productivity Commission’s recommendations are wide ranging and call for a comprehensive reform of Australia’s data infrastructure. They are also intended to increase the amount of government information made public, either entirely or indirectly via a limited user group who can be trusted to de-identify any public use or release.
Milestone 6.3: Adopting the International Open Data Charter represents an international commitment to making data openly available. The Open Data Charter is a collaboration between government and experts working to embed a culture and practice of openness in government. Adopting the charter involves agreeing to six principles for opening up data. Institutions adopting the charter should also ‘participate actively with recognised external accountability and impact evaluation mechanisms in regard to open data’. Therefore, adopting the charter provides an additional basis for public criticism of government action or inaction on its open data commitments. In itself, however, it does not provide a redress mechanism leading to more accountability for government officials and while it may increase the usability of data released, it may have only a limited impact on increasing access to government information.
Some concerns were raised in interviews and open forums in the preparation of this report over the Productivity Commission’s recommendations and whether they adequately reflected individual privacy interests when balanced against the benefits of extending the availability and use of data. The availability of resources within government agencies to improve their risk management capability and to enforce privacy and other requirements was also raised. Interviewees considered this a more significant hurdle than release of processes or OAIC guidance, with questions over whether budget announcements of a public sector modernisation fund would be sufficient. The government needed to be committed to establishing a consultation process that does more than seek to promote government initiatives in this area. Comments at the Sydney and Melbourne Open Forums also suggested that recent data linkage projects at the Commonwealth, States and Territories and their impact on public trust should also be considered as part of the commitment.
Milestone 6.1: This milestone was delayed and not started after the first year of implementation. The time needed to properly respond to the many issues raised by the recommendations (see milestone 6.2 below) contributed to the delay in progressing establishment of an expert panel and developing the public engagement process as originally planned. PM&C indicated that a consultation process on the response was under way with several roundtables having been held with business groups and civil society organisations, but this was not directly addressing this milestone. This milestone was therefore not started as at the reporting date.
Milestone 6.2: This milestone was on time and substantially completed as at the reporting date. The Australian Information and Privacy Commissioner and the Secretary of the PM&C jointly announced development of a new Australian Government Agencies Privacy Code on 18 May 2017. The Code will set out specific requirements and key practical steps that agencies must accept as part of complying with the Australian Privacy Principles under the Privacy Act 1988. A consultation draft was released on 30 June 2017, with submissions invited until 11 August 2017, and was made available on the OAIC website. The final version of the Code was registered on 27 October 2017.
In May 2017, the Australian government established a task force with representatives from different department and government agencies to work on a response to the Productivity Commission’s recommendations. A response is expected towards the end of 2017. In interviews in preparing this report, PM&C indicated that the Commission’s recommendations on consumer rights and safeguards were closely tied with other recommendations which affected this and other commitments in the national action plan (including commitment 5 - high-value datasets). The Minister for Cities and Digital Transformation, Angus Taylor, has recently indicated that the Government would support a consumer data rights framework giving individuals greater rights over their data to encourage competition.
In addition, a process for government agencies to publish open data was released on 7 December 2017, after the period of implementation under consideration, and will be expanded upon in the end-of-term report.
Milestone 6.3: This milestone has been substantially completed on time. The government adopted the Open Data Charter on 27 March 2017. In the Government’s Mid-Term Self-Assessment report it is suggested that Australia has offered to support the Charter Secretariat as they establish the Charter working groups and test projects over the next 12 months, however, there is no public evidence of that.
On 25 May 2017, the Government announced a new initiative: the Data Integration Partnership for Australia (DIPA) to support the integration and analysis of government held data. This initiative is not included in the commitment but is relevant to its objectives of enhancing trust in government sharing and release of data. The DIPA will seek to build on data integration projects, including the Multi-agency data integration project (MADIP) and the Business Longitudinal analysis data environment. The MADIP, for example, is a partnership between six commonwealth government agencies integrating census data with datasets involving healthcare, government benefit payments and income tax. The project was initiated in 2015 to facilitate analysis of government policies, programs and services. The Australian Bureau of Statistics (ABS), as the agency responsible for protecting access to the de-identified data linked through the project, has recently released four case studies demonstrating some of the benefits of the project, as well as consulting with a range of interested stakeholders and commissioning a privacy impact statement.
There are no early results available.
It is likely that the response to the Productivity Commission’s recommendations will give rise to a number of initiatives to be reflected in the next national action plan cycle. The collaboration process committed to in milestone 1 could be adapted to further develop and implement that response.
The establishment and operation of an expert panel, which was not completed within this cycle, could be included as part of the next national action plan. If it were to be included, the panel should have a role in scrutinising and coordinating data integration projects, including review of privacy impact assessments and the consultation process involved in each project. The expert panel should have a clearly identified role in the governance of data management projects within the APS and complement the oversight role of the Australian Privacy Commissioner and other similar bodies.
An examination of the resourcing required to support the Australian Information Commissioner’s role in monitoring and enforcing the Australian Government Agencies Privacy Code could also be undertaken, along with the resource implications of complying with the Code within agencies, to ensure adequate resourcing is available.
 Productivity Commission, Data Availability and Use, Inquiry Report No. 82, 31 March 2017 at p 121 http://www.pc.gov.au/inquiries/completed/data-access#report ‘Data Report).
 At p 11.
 At p 12.
 Dr Vanessa Teague, Dr Chris Culnane and Dr Ben Rubinstein, ‘The Simple Process Of Re-Identifying Patients In Public Health Records’, in University Of Melbourne, The Pursuit, 18 December 2017, https://pursuit.unimelb.edu.au/articles/the-simple-process-of-re-identifying-patients-in-public-health-records
 Data Report at p 127-129.
 Data Report at p 35.
 Recommendation 5.1
 Recommendation 8.1
 Recommendation 6.8.
 Recommendation 10.1.
 The Secretaries Data Group and Deputy Secretaries Data Group were established as part of the governance model for data policy recommended in the 2015 Public Sector Data Management Report, https://www.pmc.gov.au/resource-centre/public-data/public-sector-data-management-report
 Namely that data should be: open by default; timely and comprehensive; accessible and usable; comparable and interoperable; for improved governance and citizen engagement; and for inclusive development and innovation: See Open Data Charter, Principles’, https://opendatacharter.net/principles/
 Interview with Anonymous, Open Government advocate, Phone meeting, 30 August 2017; Kat Szuminska, Director, Open Australia Foundation and member, Open Government Forum, Phone meeting, 11 September 2017; Melbourne Open Forum, 24 August 2017.
 OpenGovAsia, ‘Australian government to invest AU$350 million over 3 years to modernise, transform and enhance productivity of the Public Service’, https://www.opengovasia.com/articles/7585-australian-government-to-invest-au3500-million-over-3-years-to-modernise-transform-and-enhance-productivity-of-the-public-service.
 Sydney Open Forum, 22 August 2017; Melbourne Open Forum, 24 August 2017. For examples of some of the State and Territory initiatives see Stephen Easton, ‘Whole of government data linkage takes shape across the nation’, The Mandarin, 26 October 2017 https://www.themandarin.com.au/85285-whole-of-government-data-linkage-takes-shape-across-the-nation/
 Interview with PM&C, Canberra ACT, 7 September 2017.
 OAIC, ‘Developing an APS-wide Privacy Code’, https://www.oaic.gov.au/media-and-speeches/statements/developing-an-aps-wide-privacy-code
 OAIC, ‘Consultation Information: APS Privacy Governance Code’, https://www.oaic.gov.au/engage-with-us/consultations/aps-privacy-governance-code/consultation-information-aps-privacy-governance-code
 PM&C, ‘Data Availability and Use Taskforce’, https://www.pmc.gov.au/public-data/data-availability-and-use-taskforce.
 The Mandarin,’ Taylor calls for universal citizen data right to drive new competition era’, 26 September 2017, https://www.themandarin.com.au/84134-taylor-calls-citizen-data-ownership-drive-new-competition-era/ The intention to legislate for a new consumer data right was formally announced on 26 November 2017, https://ministers.pmc.gov.au/taylor/2017/australians-own-their-own-banking-energy-phone-and-internet-data
 PM&C, ‘Release of process for publishing sensitive unit record level public data as open data’, https://blog.data.gov.au/news-media/blog/publishing-sensitive-unit-record-level-public-data
 A letter from Assistant Minister Taylor adopting the Charter is published on the Open Data Charter website, https://drive.google.com/file/d/0B44SovahLueTMVNYY3pKNFh6ajAyZklScThvVWdOMlRLbkxB/view.
 PM&C, ‘Data Integration Partnership for Australia’, https://www.pmc.gov.au/public-data/data-integration-partnership-australia
 ABS, ‘MADIP Case Studies’, http://www.abs.gov.au/websitedbs/D3310114.nsf/home/Statistical+Data+Integration+-+MADIP+Case+Studies
 ABS, ‘MADIP Consultation and Independent Privacy Impact Assessment’, http://www.abs.gov.au/websitedbs/D3310114.nsf/home/Statistical+Data+Integration+-+MADIP+Consultation
Strengthen Anti-Corruption Framework
AU0016, 2018, Anti-Corruption Institutions
Political Donation Transparency
AU0017, 2018, Legislation & Regulation
AU0018, 2018, E-Government
Improve Public Service Practice
AU0019, 2018, Capacity Building
Access to Information
AU0020, 2018, Right to Information
Enhance Public Engagement Skills in the Public Service
AU0021, 2018, Capacity Building
Independent Review of the Australian Public Service
AU0022, 2018, Capacity Building
Expand Open Contracting
AU0023, 2018, E-Government
AU0001, 2016, Legislation & Regulation
Beneficial Ownership Transparency
AU0002, 2016, Beneficial Ownership
Extractive Industries Transparency
AU0003, 2016, Beneficial Ownership
Combating Corporate Crime
AU0004, 2016, Anti-Corruption Institutions
AU0005, 2016, E-Government
Public Trust in Data Sharing
AU0006, 2016, Capacity Building
Digitization of Government Services
AU0007, 2016, Capacity Building
Information Management and Access Laws
AU0008, 2016, Capacity Building
Freedom of Information
AU0009, 2016, Capacity Building
Access to Government Data
AU0010, 2016, Capacity Building
Electoral System and Political Parties
AU0011, 2016, Money in Politics
National Integrity Framework
AU0012, 2016, Anti-Corruption Institutions
AU0013, 2016, Capacity Building
AU0014, 2016, Public Participation
AU0015, 2016, Capacity Building