05 July 2018

National Data Commissioner

The Department of Prime Minister and Cabinet has released a consultation paper on New Australian Government Data Sharing and Release Legislation.

The paper states
The Australian Government recognises that the data it holds is a strategic national resource that holds considerable value for growing the economy, improving service delivery and transforming policy outcomes for all Australians. Greater use and sharing of public data facilitates increased economic activity and improves productivity. Without improving data accessibility within government, the opportunity for enhanced productivity, increased competition, improved service delivery and research outcomes will be missed. The Australian Government holds a large range of data about the environment, individuals and businesses, all with different attributes and different levels of sensitivity. When this data is used and combined, it provides government with new insights into important and complex policy questions and allows for improved service delivery. 
Existing data sharing arrangements across the public service are complex and hinder the use of data. Barriers to greater sharing of data within government include:
• a dense web of legislative requirements which lack consistency 
• a culture of risk aversion, leading to overly cautious legislative interpretation and approval process complexity, and 
• lack of a whole-of-government approach.
New data sharing and release arrangements will benefit Australians by streamlining the way public data is shared and released within government and with trusted users. New arrangements will provide efficient, scalable and risk based trusted data access to datasets that have substantial and community-wide benefits for research, innovation and policy. The new arrangements will increase the authorised sharing and release of data and improve data safeguards to ensure risks are managed consistently and appropriately. This paper outlines key concepts and principles which may guide development of the new data sharing and release arrangements. While the paper includes scenarios involving more sensitive data in an effort to demonstrate how new arrangements could work, data about individuals and businesses is only one part of the data system. The concepts and principles in the paper cover all data held by the Australian Government and the proposed data sharing and release arrangements will provide a consistent and scalable framework applicable to data of all attributes and sensitivities.
Your views are sought on the issues outlined in this paper. The Public Data Policy Statement seeks to ensure the value of public data is maximised
In late 2015, the Prime Minister released the Australian Government Public Data Policy Statement. This statement provides a mandate for Australian Government entities to optimise the use and reuse of public data to drive innovation across the economy. This includes mandating the release of data as open by default when it is safe to do so. Since this Statement was released there has been a dramatic increase in the number of datasets publicly available. Data.gov.au now hosts over 29,000 data records. The Productivity Commission’s Data Availability and Use Inquiry recommended national reforms
In early 2016, Treasurer Scott Morrison asked the Productivity Commission to undertake an inquiry into the benefits and costs of options for increasing the availability and improving the use of public and private sector data by individuals and organisations.
The Commission was required to: • look at the benefits and costs of making public and private datasets more available • examine options for collection, sharing and release of data • identify ways consumers can use and benefit from access to data, particularly data about themselves, and • consider how to preserve individual privacy and control over data use. ...
The PC identified a “lack of trust by both data custodians and users in existing data access processes and protections and numerous hurdles to sharing and releasing data are choking the use and value of Australia's data”, and recommended “the creation of a data sharing and release structure that indicates to all data custodians a strong and clear cultural shift towards better data use that can be dialled up for the sharing or release of higher-risk datasets”. 
On 8 May 2017 the Australian Government tabled the Productivity Commission’s Data Availability and Use Inquiry (PC Inquiry). The Inquiry made 41 recommendations aimed at overcoming barriers and issues with Australia's current data system to move from one based on risk avoidance, to one based on value, choice, transparency and confidence. The PC Inquiry recommendations balance the need for greater data access and use arrangements with proactive management of risks.
The Australian Government has committed to reforming data governance
On 1 May 2018, the Australian Government released its response to the PC Inquiry. The Government committed to reforming data governance within government to better realise the benefits of increased data use, while maintaining trust and confidence in the system.
To prepare its response, the Department of the Prime Minister and Cabinet consulted with: • 78 peak industry bodies and businesses • 15 community, consumer and civil society representatives • 16 research sector bodies • 43 Commonwealth public sector bodies, and • 9 state and territory public sector bodies.
Better use of public sector data can help us improve government services for Australians and ensure our programs and policies are informed by evidence. Greater access to public sector data with a consistent approach to managing risk can improve research solutions to current and emerging social, environmental and economic issues. 
To unlock these benefits, the Australian Government committed to:
• Establishing a National Data Commissioner to implement and oversee a simpler, more efficient data sharing and release framework. 
• Introducing legislation to improve the sharing, use and reuse of public sector data while maintaining the strong security and privacy protections the community expects. 
• Introducing a Consumer Data Right (CDR) to allow consumers to share their transaction, usage and product data with service competitors and comparison services.
Based on the wide consultation underpinning the PC Inquiry recommendations, these reforms will increase data access and use within government and with trusted users outside government, while improving data privacy and security with strengthened and consistent safeguards.
This paper explores issues related to the implementation of data governance reforms, including the National Data Commissioner and the Data Sharing and Release legislation. The Consumer Data Right is being developed concurrently and being led by the Treasurer – see https://treasury.gov.au/consumer-data-right/. 
A new Data Sharing and Release Bill
This paper outlines the key principles proposed to guide the development of legislation to realise the value of public sector data and modernise the Australian Government data system. These principles build on the investment and commitments to date by the Australian Government (including those outlined in the Australian Government Public Data Policy Statement and previously published by the Australian Information Commissioner (OAIC) on open public sector information) to realise the immense value of public sector data to improve government services and policies.
The purpose of the DSandR Bill will be to streamline the process for sharing public sector data and improve data safeguards across the public service. The Bill will aim to increase authorised sharing and release of the range of data held by the Australian Government while improving data safeguards and risk management tools to create a more transparent environment for data sharing.
This paper focuses and seeks views on the development and design of a new Data Sharing and Release Bill (the DSandR Bill). The issues outlined in this paper and the proposed arrangements are based on the extensive consultation of the PC Inquiry and engagement with stakeholders. This paper is the first step in designing and drafting new legislation. The paper does not represent official government policy but instead outlines an approach for consideration. 
The DSandR Bill will be principles-based 
The DSandR Bill will be based on key principles designed to move the paradigm from one which restricts access to data to one which authorises sharing and release when appropriate data safeguards are in place. The DSandR Bill will aim to promote better sharing of public sector data whilst ensuring appropriate safeguards to build trust in use of public data and maintain the integrity of the data system. These principles recognise the different types of data held by government and the many benefits of increased data sharing for citizens. 
Greater sharing of the data the public sector holds can lead to: • more efficient and effective government services for citizens • better informed government programs and policies • greater transparency around government activities and spending • economic growth from innovative data use, and • cross-sectoral research solutions to current and emerging social, environmental and economic issues. 
The Bill will apply to Commonwealth entities and Commonwealth companies and include most data collected by these entities, with appropriate exceptions (see Section 3). It will provide a legislative approach to share, access and release data that is otherwise prohibited, when appropriate conditions and safeguards are met.
The DS&R Bill will introduce new data sharing and release arrangements
For data sharing and use to be authorised under the Bill, a purpose test and data safeguards need to be met (see Section 4). The Bill will authorise data sharing and release for particular purposes only, which could include:
  •  informing government policy making 
  • supporting the efficient delivery of government services or government operations 
  • assisting in the implementation and assessment of government policy, and 
  • research and development with clear and direct public benefits.
The DSandR Bill will apply appropriate and consistent safeguards to data sharing and release for these purposes. Through the internationally recognised Five-Safes disclosure risk management framework, safeguards can be dialled up or down as appropriate depending on the sensitivity of the data and whether privacy needs to be maintained (see Section 4). Consistent risk management will help prevent data misuse or unintentional disclosure and ensure data privacy and security are maintained. The DSandR Bill will create accredited bodies within the data system, each with different roles, skills and expertise: data custodians, Accredited Data Authorities and trusted users (see Section 5). The DSandR Bill will build in accountability for these actors within the system, to ensure all take responsibility for the way data is managed and shared.
The National Data Commissioner will oversee the data system and provide guidance on the new arrangements
The DSandR Bill will outline the National Data Commissioner’s (NDC) role in implementing and overseeing a simpler, more efficient data sharing and release framework (see Section 6) including accrediting parts of the data system. The NDC’s role is to monitor and enforce the provisions of the DSandR Bill (and associated legislative instruments). The NDC will work closely with other entities, including the Office of the Australian Information Commissioner (OAIC), and be advised by a new National Data Advisory Council (NDAC). We want to hear your views This paper outlines an approach to the DSandR Bill which aims to balance sharing data held by government with appropriate risk management. The principles underpinning the DSandR Bill are relevant across all aspects of the possible approach outlined above.