What is the purpose/objective of the Act?
The Public Sector (Data Sharing) Act 2016 enables public sector agencies to share their data with each other and with external entities.
- promotes the management and use of public sector data as a public resource that supports good government policy making, program management and service planning and delivery
- removes barriers to sharing public sector data between public sector agencies
- facilitates faster sharing of public sector data between public sector agencies
- provides protections in connection with public sector data sharing
- enables the Minister for the Public Sector to enter into data sharing agreements with other non-public sector entities.
For what purposes can agencies share data under the Act?
At least one of the following purposes (see the Act for precise definitions of these purposes):
- data analytics work for government policy making, program management and/or service planning and delivery
- facilitating, developing, improving and/or undertaking Government policy making, program management and/or service planning and delivery
- assisting in law enforcement
- assisting in emergency planning and response.
What are the Five Safes?
The Five Safes are also known as the Trusted Access Principles. They provide the fundamental framework for sharing data under the provisions of the Act.
What are the ‘data sharing safeguards’ in the Act?
The data provider and data recipient must follow three safeguards in addition to the five safes.
- Confidentiality and commercial-in-confidence - data recipients must handle any confidential or commercially sensitive data in compliance with the data provider's contractual or equitable obligations.
- Data custody and control safeguards - data providers and data recipients must comply with any legal requirements concerning the data’s custody and control. If a data recipient arranges for a person or body (other than another public sector agency) to conduct data analytics work using shared data, they must ensure that appropriate contractual arrangements, legal obligations and data security policies are in place before the shared data is provided.
- Other data sharing safeguards - data recipients must ensure that data is clearly marked as data that has been provided under the Act.
How does the Act interact with other data sharing legislation?
The Act overrides all other South Australian data sharing legislation. A public sector agency can legally share public sector data with another public sector agency in accordance with the Act regardless of any other South Australian Act or law.
How does the Act interact with the Information Privacy Principles (IPP) and the information Sharing Guidelines (ISG)?
The IPPs apply to the collection, storage, correction, use and disclosure of data by public sector agencies regarding personal information. If there is a conflict with the Act, the Act takes priority and must be followed. Although the ISG do deal with sharing government data, their focus is more on immediate needs or client service delivery (e.g. threats to client safety/wellbeing, case management, referrals, risk assessments etc.) rather than data analytics for program evaluation or projects. The Public Sector (Data Sharing) Act 2016 does not affect sharing information under the ISG.
What is the process for actioning an FOI request for data shared under the Act?
If a public sector agency receives such a request, it must:
- not give the requester access to the data; and
- refer the request to the agency that originally provided the data.
What is public sector data?
This is broadly defined as any data controlled by public sector agencies.
What is exempt public sector data?
- Data held by the Auditor-General, the Crown Solicitor, the Director of Public Prosecutions and the Ombudsman;
- Data that would be privileged from production in legal proceedings on the ground of legal professional privilege;
- Data obtained in confidential circumstances for the purposes of mediation, conciliation or another dispute resolution process undertaken under an Act or law;
- Data created by South Australia Police containing information classified by the Commissioner of Police, in accordance with the provisions of any other Act, as criminal intelligence;
- In relation to proceedings being heard, or to be heard, before a court or tribunal, data –
- prepared for the purposes of the proceedings;
- obtained in confidential circumstances for the purposes of mediation, conciliation or some other form of dispute resolution;
- the disclosure of which would be inconsistent with the Crown acting as a model litigant in the proceedings; or
- prepared by or on behalf of the court or tribunal;
- Data the public disclosure of which would, but for any immunity of the Crown –
- constitute contempt of court;
- contravene any order or direction of a person or body having power to receive evidence on oath; or
- infringe the privilege of Parliament; and
- Data the disclosure of which could reasonably be expected to prejudice national security.
Although ‘exempt’, this data can still be shared in some limited circumstances.
Exempt public sector data should not be confused with public sector agencies that are exempt from the operation of the Act.
Can ‘identified data’ be shared under the Act?
A ‘Public sector agency’ has the same definition as in the Public Sector Act 2009, but excludes certain exempt public sector agencies. South Australian Ministers, chief executives and departments all fall within the definition of a public sector agency. The following bodies are exempt from the definition of a ‘public sector agency’ and thus the Act does not apply to them:
- the Independent Commissioner Against Corruption
- the Judicial Conduct Commissioner
- the Office for Public Integrity
- all Royal Commissions
- a judicial conduct panel under the Judicial Conduct Commissioner Act 2015
- a person appointed to conduct a review of the Independent Commissioner Against Corruption or the Office for Public Integrity under section 46 of the Independent Commissioner Against Corruption Act 2012 (as in force immediately before the commencement of section 20 of the Independent Commissioner Against Corruption (Miscellaneous) Amendment Act 2016); and
- the reviewer within the meaning of Schedule 4 of the Independent Commissioner Against Corruption Act 2012.
When can data be shared by a public sector agency?
A public sector agency can share data that it controls (excluding exempt public sector data) if:
- data sharing is for a legislated purpose/s;
- the provider agency has made a written record of the purpose/s of data sharing, as agreed with the data recipient; and
- the provider agency has applied the five safes and is satisfied that the provision and use of the data is appropriate in all the circumstances.
Who in my agency has authority to approve data sharing with another agency?
Your agency must develop a policy to action, consider and approve data requests. Most agencies have appointed a Chief Data Officer who can assist you. The only legislative requirements relating to approvals for release relate to prescribed health data.
What if my agency disagrees or has concerns with a request from another agency?
Requests for data should not be approved unless your agency is satisfied that the potential data recipient can appropriately meet the requirements of the five safes.
What if there is a dispute concerning sharing of data?
Unless there is a significant cause for concern, data sharing requests for an appropriate purpose and use should not be refused. If a dispute arises, contact the Office for Data Analytics for advice.
Can the Minister for the Public Sector direct a public sector agency to share data, including exempt public sector data?
Yes. The Minister for the Public Sector has the power to authorise a binding direction to public sector agencies to provide public sector data to another public sector agency. The Minister must apply the five safes framework and be satisfied that sharing and use of data is appropriate in all specified circumstances. Public sector agencies are not authorised to share exempt public sector data that they hold under the Act with each other, but the Minister for the Public Sector can direct them to do so.
What are the obligations of public sector agencies once data has been shared?
The data provider and data recipient must continue to comply with all relevant data sharing safeguards. The data recipient must not re-share, disclose or use the data except for the specified purpose in the data sharing agreement unless the following circumstances occur:
- the Minister for the Public Sector, after consultation with the public sector agency who provided the data, approves the further use or disclosure of the shared data;
- the further use or disclosure of the data is required or authorised by or under law or an order of a court or tribunal;
- the further use or disclosure of the data is reasonably required to lessen or prevent a serious threat to the life, health or safety of a person, or a serious threat to public health or safety; or
- the further use or disclosure is by the Office for Data Analytics (ODA) and:
- the proposed further use is consistent with the objects of the Public Sector (Data Sharing) Act 2016; and
- ODA is satisfied that the circumstances in which the proposed use will occur is consistent with the circumstances that the public sector agency who provided the data was (at the time of providing the data) informed would be the circumstances in which any proposed use of the data would occur.
Can public sector agencies share data with the private sector under the Act?
Yes. South Australian public sector agencies can enter into data sharing agreements with all tiers of government in South Australia, or interstate non-government organisations including private industry or the community sector. The only additional requirement is that the Minister for the Public Sector must sign the data sharing agreement.