The AIHW’s data governance framework provides details of our strong data governance arrangements, including:
- a description of key general concepts in data and data governance
- the legal, regulatory and governance environment in which AIHW operates, including information about AIHW’s compliance with the Privacy Act 1988 (Cwlth) and confidentiality provisions in the Australian Institute of Health and Welfare Act 1987 (Cwlth)
- AIHW data governance structures and roles
- AIHW systems and tools to support data governance
- an overview of AIHW data-related policies, procedures and guidelines
- systems and tools that support AIHW’s data governance arrangements
- our compliance regimes.
Our data governance arrangements apply to all data we hold, including those:
- collected and/or enhanced by us
- collected on our behalf (for example under agreements)
- obtained from any third party(ies).
AIHW standards
The AIHW has embedded the five safes framework into our approach in making decisions about sharing and releasing data.
What is the purpose of the project?
Use of the data is legal, ethical and the project is expected to deliver public benefit.
Who can access the data?
Users have the knowledge, skills and incentives to act in accordance with required standards of behaviour.
Is the data aggregated and treated to protect privacy and confidentiality of each individual?
Data have been treated appropriately to minimise the potential for identification of individuals or organisations. For example, replacing date of birth with age group, substituting street address with postcode.
What controls are in place to protect the data and ensure access is only available to those who are authorised and approved to access it?
There are practical controls on the way the data is accessed—both from a technology perspective and considering the physical environment.
What controls are in place to ensure the outputs of the analysis are appropriate and non-disclosive?
A final check of the statistical findings, before they are released, to minimise risk of identifying individuals or organisations. Methods used at this stage include suppressing small numbers and aggregating results.