• Print

When linking or integrating data, the AIHW uses a separate, secure computer network in the Data Integration Services Centre (DISC) which is not connected to the internet or to any other AIHW system. Once the data has been linked, researchers can access it via the DISC data lab, a locked room within DISC that requires authorised entry. Only DISC staff, the systems manager and approved users can use this network and the data lab. 

The AIHW uses best practice technology, procedures and policies to protect its data including:

  • passwords are changed regularly
  • accounts are locked out after three failed attempts
  • application software updates are tested and applied as soon as
    practical after release
  • anti-virus software is constantly updated
  • desktops have been hardened to prevent users from installing software or tampering with the system.

Once integrated data is ready for a researcher to use, and DISC staff has confirmed that the dataset (i) only contains variables agreed with the data custodian, and (ii) has had 'first level' confidentiality protection applied (e.g. collapsing values on certain variables) as agreed with data custodians, it is moved to the data lab and only the researcher can access it.

Each data lab user is assigned their own personal virtual computing environment and the computers in the data lab can be used only to connect to this virtual environment. 

Data can be freely manipulated in this area, producing output in the formats that researchers require. All output is stored in a temporary work area for the duration of the session. When the researcher is confident that they
have produced the output they need, the data is moved to a checking area where it becomes available only to an AIHW user who ensures the data is confidentialised and suitable for release.

In summary, access is provided to individuals for each stage of a project. This allows the AIHW to determine and log all access rights to the data throughout the process.

At the end of the project, and as per the data retention date, AIHW uses sdelete (Microsoft) to remove all files relating to a project from hard disk.  In line with DISC data retention/backup cycle procedures, data is overwritten on a 4-weekly cycle. Data is encrypted as part of the archival process using Commvault.