Join the discussion

The State Government has announced legislative changes to break down the artificial walls that prevent the sharing of information. The changes are in line with recommendations from Royal Commissioner Margaret Nyland, and will extend the reach of data sharing by enabling the Government to work with the Commonwealth, other states or territories, local councils and the non-Government sector. The Bill – including the proposed amendments highlighted in yellow – is available here PDF, 275KB).

The proposals address concerns raised by the Child Protection Systems Royal Commission, which said: “A consistent theme in evidence before the Commission was that, in spite of the ISGs (Information Sharing Guidelines), many agencies fail to share information.” In addition, the amendments seek to establish a new data analytics office to co-ordinate data storage, sharing and analysis.

You can provide your feedback by:

  • Posting in the online YourSAy discussion board below.
  • Emailing your submission to NRCresponseunit@sa.gov.au.
  • Mailing your submission to: Nyland Royal Commission Response Unit, Attorney-General’s Department, GPO Box 464, Adelaide SA, 5000.

Comments closed

Andrew Prevett

01 Sep 2016

My experience comes from trying to sit down with multiple welfare and law enforcement agencies to try and share information for a common cause. It simply doesn’t work. All agencies were willing to share information to a point and all signed or agreed to relevant privacy conditions, but we encountered two key problems.

1. Protectionism linked in with the next round of funding.
2. Everyone functions on different operating systems and collects / configures their information differently making analysis of the whole difficult to say the least.

The Child Protection Systems Royal Commission, which said it themselves that in spite of guidelines allowing information sharing many agencies fail to do so.

Other than the above, many agencies do not understand each other well enough to even know what information to share and if they do have the understanding, many want to remain valid in the next round of grants and hold back information.

To suggest there will be a data analytic office to co-ordinate data storage, sharing and analysis is ridiculous. The courts, police and correctional services alone, which all operate on different operating systems barely interact with each other and only up to recently did the correctional system share that a newly released prisoner was on parole.

Great in theory, but just another Bill that is meaningless unless the funds are behind it to make real changes to operating systems so sharing can occur electronically and managed those access control mechanisms.

Government Agency

Strategic Communications Group > Andrew Prevett

01 Sep 2016

Thanks for your feedback Andrew. Your thoughts and concerns regarding the establishment of an Office of Data Analytics have been passed on to the appropriate staff for consideration.

Victor Ryshko

31 Aug 2016

This Bill seems to extend far beyond the Nyland Royal Commission on Child Protection Systems into all areas of government. This Bill is not simply aimed at child protection, but at enabling government to perform big data analytics on the general population. Further, it gives the Minister the right to enter into data-sharing agreements with non-government entities which is a threat to privacy.

While I have no concern with information being reported on a mandatory basis to law enforcement for the purpose of child protection or with data that is accessed under due process, I think that there are privacy reasons that data-sharing for all agencies and with the non-government sector should be severely restricted. I don’t think that the case has been made for allowing the government to share data with the non-government sector where that data relates to people (even if de-identified).

The Bill should allow individuals to consent or opt-out of their data being used for analytic purposes. Most of the data that could be shared relates to no crime and was not collected for the purpose of research to inform policy. It would therefore be more ethical to amend the Bill to provide for a requirement that people consent to data-sharing between government and non-government agencies for the purpose of general analysis. At the very least, individuals should be able to opt-out of data-sharing.

Additionally, the Bill provides no penalties if safeguards are breached nor is there mandatory reporting of data breaches (or unauthorised access) if an agency or contractor does not abide by the safeguards in the Bill. Government datasets potentially include very large numbers of people and so very substantial penalties should be applied if data recipients are subject to data breaches.

Government Agency

Strategic Communications Group > Victor Ryshko

01 Sep 2016

Hi Victor, thanks for your feedback, and your thoughts regarding individual consent for data sharing and penalties for the breach of data privacy. Your feedback has been passed on to the appropriate staff for consideration.

Shaugn Vorster

26 Aug 2016

Information Security is a complex one, and I reference for your attention the CIA Model below.

The CIA (Confidentiality, Integrity, and Availability) triad of information security is an information security benchmark model used to evaluate the information security of an organization. The CIA triad of information security implements security using three key areas related to information systems including confidentiality, integrity and availability.

The CIA triad of information security was created to provide a baseline standard for evaluating and implementing information security regardless of the underlying system and/or organization. The three core goals have distinct requirements and processes within each other.

Confidentiality: Ensures that data or an information system is accessed by only an authorized person. User Id’s and passwords, access control lists (ACL) and policy based security are some of the methods through which confidentiality is achieved

Integrity: Integrity assures that the data or information system can be trusted. Ensures that it is edited by only authorized persons and remains in its original state when at rest. Data encryption and hashing algorithms are key processes in providing integrity

Availability: Data and information systems are available when required. Hardware maintenance, software patching/upgrading and network optimization ensures availability

As a catch all phrase I would propose in section 6 or as appropriate, a similar statement to the following effect:
"Public Sector Agencies should ensure that appropriate processes, procedures and systems are in place to provide reasonable assurance as to the confidentiality, integrity and availability of the shared data in order to ensure non-repudiation, reliability and resilience."

Why: - 1. As data is shared, public value is hopefully generated. This needs to be sustainable and trusted.
2. As the public and agencies will begin to rely on this shared information to transact and provide improved services, the ongoing security and operational effectiveness of such systems of shared information needs to be ensured

Government Agency

Strategic Communications Group > Shaugn Vorster

26 Aug 2016

Thanks for your response Shaugn, and for the details you have included regarding information security measures. Your feedback will be forwarded to the Attorney-General’s Department for consideration.