Data compliance and security

Interoperability projects can only be realised when you have managed your information and data risks. All Government information and data is subject to legislation, policies and standards. Interoperability projects need specific attention to data compliance and security requirements relating to:

  • data exchange mechanisms
  • privacy and de-identification
  • licensing for mixed, reused or derived datasets.

Data security is put in place to prevent unauthorised access to information. It is a fundamental theme for enabling interoperability and should be addressed as an enterprise wide initiative with an agency wide security strategy. Data security requirements across Government which your agency must consider include the:

Secure data exchange

In addition to the PSPF, your agency can ensure your processes and systems meet criteria for secure data exchange by referring to the Digital Transformation Agency's (DTA):

Data exchange security considerations include:

  • access restrictions such as IP whitelisting, multi-factor authentication, security tokens and API Keys
  • HTTPS secure connections
  • encryption of data in transit and at rest
  • tamperproofing data that is publicly exchanged
  • strict password syntax checks and password resets
  • encryption of all passwords
  • data storage locations such as on premises and in the cloud
  • security classifications.

Privacy and de-identification

Privacy and the de-identification of information must be considered when releasing information online. It is essential that all data released has undergone the necessary privacy and de-identification checks. The Office of Australian Information Commissioner (OAIC) provides the following information that can help you understand and meet these requirements:

Licensing and terms of use

Compliance with licensing and terms of use of exchanged data is a legal requirement. To ensure you meet this requirement you must understand:

  • what licencing and terms of use the data is under
  • if the data uses other derived datasets
  • necessary transfer of derived data's licence and terms of use, to new datasets.

Terms of use are applied to data to ensure users do not use the data out of context and for purposes other than intended. For example if a dataset does not reach a certain data quality there should be appropriate terms of use agreements in place to ensure it is not used out of context.

Copyright National Archives of Australia 2019