We cultivate trust in the way we collect, manage, use and share data. This means that how we handle and safeguard data is governed by clear and consistent guidelines which are available to the public, and protective of customers’ rights, including their privacy and information access rights. We acknowledge and respect Indigenous Data Sovereignty – the right of Indigenous peoples to govern the creation, collection, ownership and application of their data.
Why this is important
As government, we hold large amounts of data about the people and businesses of NSW. As we become more digitally enabled, the volume of data we hold continues to grow and we recognise that with this, the cybersecurity and privacy risks increase. Using and sharing this data enhances our ability to understand our customers, and make decisions to inform and evaluate services, policies and programs and to optimise customer experiences and outcomes. Releasing government data as open data, with appropriate safeguards, promotes transparency of government and provides a platform for innovation. In achieving these benefits, we have a stewardship responsibility to ensure that we collect, manage, use and share data safely, in accordance with the highest privacy, security and ethical standards and in line with community expectations and the individual and collective interests of Indigenous peoples.
Fostering trust
Fostering trust involves considering community expectations and respecting our customers’ preferences for how we engage with them and collect, manage, use and share their data. Applying the NSW Government Customer Commitments and the now Australian Digital and Data Ministers’ Meeting Trust Principles in the delivery of data and digital projects will support us in achieving this trust. These principles include respect, accountability, security, privacy and transparency.
Effective data governance
Trust and transparency are also supported by effective data governance and data management practices. This ensures transparency - data is discoverable and accessible and trusted – data is of high quality and consistency, secure, and individuals' privacy is protected. NSW Service Point provides an example of taking a ‘privacy by design’ approach to collecting and storing standardised information about government transactions to support service delivery.
Guidance on data governance is provided in the Data Governance Toolkit and in a range of other NSW Government data policies, guidance and frameworks, including on data sharing and information management. These will be consolidated to provide greater consistency and transparency about how we govern data use and sharing across NSW government. The data sharing guidance will be updated to align with the Australian Government data sharing scheme as appropriate.
Facilitating Indigenous Data Sovereignty and Indigenous Data Governance
Indigenous data is information or knowledge, in any format or medium, which is about and may affect Indigenous peoples both collectively and individually.
Indigenous Data Sovereignty is a global movement concerned with the right of Indigenous peoples to govern the creation, collection, ownership and application of their data.
Indigenous Data Governance is the right of Indigenous peoples to autonomously decide what, how and why Indigenous Data are collected, accessed and used. It ensures that data on or about Indigenous peoples reflects their priorities, values, cultures, worldviews and diversity.
Indigenous peoples have the right to exercise control of data which is about and may affect them both collectively and individually, including control of data creation, development, stewardship, analysis, dissemination and infrastructure.
Indigenous peoples have the right to have data that is contextual and disaggregated, that is protective and respects their individual and collective interests and that is relevant and empowers sustainable self-determination and self-governance. They have the right to have data structures that are accountable to them.
Legal and policy context
As we increasingly use digital channels, it is more important than ever that we have the right data protections in place to enable us to make more widespread use of this data. Requirements for protecting security, privacy and access rights in governing and managing our customers’ data are set out in NSW legislation and policy.
We comply with the NSW Cyber Security Policy, including classifying and handling data in accordance with the NSW Government Information, Classification, Labelling and Handling Guidelines.
We use and share de-identified data wherever possible and we comply with the Privacy and Personal Information Protection Act 1998 and the Health Records and Information Privacy Act 2002 if personal or health information is involved. We are developing and using Privacy Enhancing Technologies (PETs), such as the Personal Information Factor (PIF) tool, so we can use and share data safely. We also have data breach management plans and notify serious data breaches to the NSW Privacy Commissioner.
We respect our legislated obligations for transparency under the Government Information (Public Access) Act 2009, including with respect to government decision-making and we release government data as open data in accordance with the NSW Open Data Policy. We also comply with the State Records Act 1998 for the creation, capture, control, use, maintenance and disposal of all records.
The Data Sharing (Government Access) Act 2015 authorises NSW Government sector agencies to share data with other NSW Government sector agencies for specific purposes. The Act was world leading when it was instituted but has now been overtaken by advances in this area in other jurisdictions. A statutory review of the Act is being undertaken as Phase 3 of the NSW Data Reform.
Data ethics
Trust and transparency are also fostered by ensuring we consider ethical impacts in collecting, managing, using and sharing data and in our decision-making, especially when vulnerable members of our community are involved. Many parts of NSW government are already working in accordance with research ethics frameworks. In addition, the NSW Artificial Intelligence (AI) Strategy’s AI Ethics Policy outlines mandatory ethical principles for the use of AI by NSW Government agencies. These are aimed at ensuring that AI solutions used by government are trusted by the public, meet the highest ethical and assurance standards, are clearly focused on customer needs, and carefully manage potential risks.
Having a review mechanism where citizens can question and challenge AI based outcomes is key to transparent use of AI. This might include sharing and publishing methodologies, algorithms and models we use to generate insights and inform decisions so we can explain our decisions when asked. The principles outlined in the AI Ethics Framework are also important more broadly and we will draw on them in developing a clear set of Data Ethics principles for NSW Government.
"We need to improve awareness of how to share data safely and what controls can be applied." NSW Government Data Strategy Workshop Participant
Principles
- We respect customers’ preferences about how we engage with them and collect, use and share their data.
- We take a ‘by design’ approach to data projects and assess privacy, security and ethical impacts across the data lifecycle ensuring controls are proportionate to the risks and that we consider community expectations and Indigenous Data Sovereignty and comply with relevant legislation and NSW government policy.
- We work with the Aboriginal Community of NSW on all aspects of the Data Strategy to embed principles of Indigenous Data Sovereignty and Indigenous Data Governance.
- We recognise Aboriginal community members for their expertise as part of the Data Strategy and we involve them in its governance.
- We empower our staff to increase their knowledge and skills in the emerging areas of capability needed to effectively design, develop, implement and evaluate Indigenous Data Sovereignty and Indigenous Data Governance.
- We ensure data quality is fit for purpose, community led and understood and we provide metadata to facilitate data discovery and accessibility and so the data can be trusted and used appropriately.
- We cultivate a culture of trust between data providers and recipients, including Aboriginal people, through consistent and safe data sharing practices and effective data governance and stewardship.
- We encourage sharing and publication of methodologies, algorithms and models to increase transparency and build trust in our shared decision-making.
Actions
| Undertake statutory review of the Data Sharing (Government Sector) Act 2015 (NSW). |
| Engage with the Aboriginal Community to gain an understanding of the peoples that wish to participate in community engagement about the Indigenous Data Sovereignty and Indigenous Data Governance reforms included in the Data Strategy. |
| Consolidate whole of NSW Government data policy, including developing a common data sharing agreement and streamlined approval process across government, aligning with the Australian Government’s data sharing scheme as appropriate; and working with the Aboriginal Community to ensure inclusion of Indigenous Data Sovereignty and Indigenous Data Governance principles. |
| Work with the Aboriginal Community to implement and evaluate the Indigenous Data Sovereignty and Indigenous Data Governance principles in the Data Strategy and in the consolidated whole of NSW Government data policy, including for data sharing. |
| Develop a clear set of data ethics principles for NSW Government, drawing on the ethical principles outlined in the NSW Artificial Intelligence (AI) Ethics Policy (Community benefit, Fairness, Privacy and Security, Transparency and Accountability) and complementing existing research ethics frameworks in use by agencies. |
| Foster increased release of open data across government, with appropriate safeguards to promote government transparency and provide a platform for innovation. |
Case Studies
Last updated 08 Jun 2021