1. This paper identifies the rights, responsibilities and roles of data users relative to those of the other key participants in data integration projects involving Commonwealth data for statistical and research purposes, namely data custodians and integrating authorities
2. A data user refers to a person involved in accessing and investigating integrated datasets for statistical and research purposes (Endnote 1). This paper focuses on data users accessing integrated datasets created using at least one Commonwealth dataset, for statistical and research purposes.
6. The governance and institutional arrangements endorsed by the (Commonwealth) Secretaries Board for data integration projects involving the use of Commonwealth data for statistical and research purposes will deliver significant enhancements for data users.
The rights and responsibilities of data users
8. Data users have a number of ‘rights and responsibilities’ associated with accessing and using integrated datasets that involve the use of at least one Commonwealth dataset. These exist within the governance and institutional framework designed to minimise risks around the management of data, once data is received by the integrating authority and after it has been integrated.
· Data users are entitled to receive appropriate training covering high level statistical integration principles, governance and institutional arrangements, data protocols (e.g., ethical approval processes in the case of human-based health research), legislative frameworks and security requirements. This training will be facilitated by integrating authorities. Course material will also be determined by integrating authorities, with possible input, advice and assistance provided by data custodians. Data users can also expect to access a range of self-help tools to enhance their understanding of the Commonwealth arrangements.
· Data users must be aware of, and understand, sanctions which apply for attempts to identify (or re-identify) individuals or organisations; disseminating outputs that enable the identification of individuals or organisations; or the misuse of data.
· It is the right of data users to be informed by data custodians of the project status (i.e. approval or disapproval). Data custodians have the right to approve or disapprove a project proposal, in whole or in part. This decision could take into consideration the technical feasibility assessment made by integrating authorities. Data custodians may also need to prioritise and schedule data extraction work associated with project proposals, taking into account the range of data extraction requests that may be outstanding at the time.
· Where the Cross Portfolio Data Integration Oversight Board advises on amendments to ‘high risk’ (Endnote 2) projects (or where a concern is raised), data users, data custodians and integrating authorities will need to collaborate on how to make improvements to such project(s).
· Data users have a responsibility to pay cost recovery payments to data custodians, where applicable.
· Data users and data custodians are responsible for ensuring that datasets are used for the approved purposes only. This is facilitated by practices which help avoid the misinterpretation of data. Examples include the testing of assumptions made in respect of the data by researchers and the supply of appropriate metadata by data custodians.
10. Data users also have rights and responsibilities in relation to integrating authorities:
· Data users can expect to be informed by integrating authorities on the technical feasibility of a research proposal.
· It is the responsibility of integrating authorities to provide integrated datasets to data users, along with full information on cost recovery or fee-for-service policies (where applicable).
· Data users have a right to receive information on data access arrangements from integrating authorities (subject to written approval from all data custodians and in line with their requirements).
· Data users are responsible for paying data integration fees to integrating authorities (where cost recovery or fee-for-service charges apply). These costs need to be built into project funding proposals by data users.
· Data users may collaborate with data custodians and integrating authorities on how to make improvements to ‘high risk’ project(s), based on advice provided by the Cross Portfolio Data Integration Oversight Board.
The role of data users in data integration projects
11. The Commonwealth governance and institutional arrangements will bring about a major shift in the role of data users. Under the current approaches to data integration used in a number of Commonwealth agencies, researchers undertake data merging and data access functions. These roles will now be carried out by an integrating authority, which will be responsible for the end-to-end management of data integration projects.
· Collaborating with integrating authorities and data custodians at the pre-approval stage;
· Entering into agreements with integrating authorities to ensure the safe management and use of datasets;
· Accessing integrated datasets through secure arrangements; and
· Liaising with data custodians on the valid uses of integrated datasets.
(1) Developing research proposals that produce significant overall benefits to the public
13. A key role of data users is to develop research proposals that make the best use of integrated datasets. These proposals need to take into account the public good which can be derived from a data integration project (e.g., social, economic and scientific benefits) (Endnote 3). The public benefit derived from a project should outweigh the imposition to privacy and any risks to the trust and goodwill that the Australian public has in Commonwealth data collection activities.
(2) Collaborating with integrating authorities and data custodians at the pre-approval stage
14. Data users should seek in-principle agreement from data custodians on the project proposal during the pre-approval stage. Data users will then liaise with the integrating authority appointed by the data custodians. It is the role of integrating authorities to assess project feasibility, which includes an examination of the technical complexities that arise from attempting to combine multiple datasets and the provision of advice on such matters to data users. This includes, for example, advising data users of issues such as coding difficulties, missing variables and/or inaccurate records.
15. Following an assessment of the project proposal by data custodians and integrating authorities, data users will then need to implement any suggested modifications during the pre-approval stage (assuming that all data custodians choose to release the source datasets for the project).
(3) Entering into agreements with integrating authorities to ensure the safe management and use of datasets
16. Data users will need to enter into an agreement with an integrating authority for data integration projects. This agreement may take the form of a contract, Memorandum of Understanding or other arrangement as appropriate for the parties concerned. When the data custodian and integrating authority is the same agency, appropriate internal governance arrangements, rather than an agreement, will need to be in place. This agreement or arrangement will be administered by the integrating authority on behalf of every data custodian involved in a data integration project.
17. The agreement or arrangement will cover:
· Information on penalties for the identification (or re-identification) of individuals or businesses, the misuse of data or violation of data access arrangements.
· Details on the cost recovery or fee-for-service policies of integrating authorities, where applicable. Fees will be set at the discretion of integrating authorities and may reflect local practices and arrangements.
· Governance protocols that address how to investigate and resolve software issues, along with data anomalies, outliers and other quality concerns that arise from a data integration project. Data users may raise such issues with the integrating authority and, where applicable, have some input into the development of such protocols.
· Any special conditions which must be adhered to by data users, including, for example, training requirements and the signing of confidentiality agreements with data custodians.
19. Data users will only be able to access integrated datasets through secure arrangements provided by the integrating authority. The data will be in a form that is not likely to enable the identification of individuals or businesses, and will be subject to the requirements of the data custodians. The access arrangements used will also be dependent on custodian requirements (e.g., data users may be required to visit a data laboratory for ‘high risk’ projects to ensure the protection of sensitive datasets).
21. A key role for data users is to seek agreement from data custodians on valid uses of integrated datasets before the publication and dissemination of research findings. This could include data users checking with data custodians that data has been used and interpreted correctly. However, it should be noted that this is not a uniform requirement across Commonwealth agencies.
22. Any questions about the roles and responsibilities of data users should be emailed to firstname.lastname@example.org.
1. Research is systematic investigation or inquiry which adds to an existing body of knowledge.
2. Data custodians assess the risk of a project in accordance with the risk assessment framework.
3. Commonwealth’s Statistical Integration Principle 4 – Public Benefit: Statistical integration should only occur where it provides significant overall benefit to the public.