The AIHW has a long history of effective compliance with its privacy and confidentiality obligations and is well experienced in managing the risks associated with the use and release of data. Building on our current best practice, the AIHW has recently decided to progressively embed the Five Safes framework into our approach to the management of the privacy of data.
In essence, the Five Safes is a risk assessment framework for data access: safe people, safe projects, safe settings, safe data and safe outputs. The framework is described in more detail by Tanvi Desai, Felix Ritchie and Richard Welpton, Five Safes: designing data access for research, University of the West of England, 2016, and by the Australian Bureau of Statistics.
The Five Safes is becoming common language across the Commonwealth (for example in relation to the government’s response to the Productivity Commission’s report on data availability and use) and with other Australian stakeholders. This makes it useful for communicating with stakeholders including data suppliers, data users and the general public – about our approach to ensuring privacy, confidentiality and data security.
Current AIHW practices in data linkage, confidentialisation, data security and data access and release practices are being mapped to the Five Safes framework. Similarly, the activities of the AIHW’s Ethics Committee in considering projects and data collections can be reflected in the dimensions of the Five Safes framework.
The five risk dimensions in the Five Safes framework are assessed separately, then the dimensions are considered jointly to evaluate whether the overall arrangements are acceptable.
The Table 1 below illustrates how a Five Safes framework risk assessment supports the application of controls for data access. The table illustrates the four most common modes by which the AIHW shares and releases data and their associated controls.
Website data files, tables and publications.
Providing data directly to particular users.
Providing access to data through a secure remote connection.
Providing access to data within the security of the AIHW data lab.
Is the use of the data appropriate?
Anyone can use the data for their own purposes.
Users sign a declaration regarding the purpose for which they will use the data.
Users can only use the data for the stated purpose; their access and use is controlled and monitored.
Project proposals are subject to a comprehensive evaluation by the AIHW.
Can the users be trusted to use it in an appropriate manner?
Anyone can access the data.
Very high control
Users sign legally binding undertakings.
Authorised users sign legally binding undertakings.
Available to authorised expert users who agree to attend the Data Lab and sign legally binding undertakings.
Is there a disclosure risk in the data itself?
Very High control
Data are highly aggregated and treated to protect privacy and confidentiality.
Data are treated by the AIHW to minimise the likelihood of identifying individuals.
Treatments are applied to protect privacy and confidentiality while supporting the aims of the project.
Treatments are applied to protect privacy and confidentiality while maximising the utility of the data.
Does the access facility prevent unauthorised use?
There no controls.
Users are required to store the data securely and use it in their own physical and IT environment in accordance with a signed agreement.
Access control is password based, physical security is specified in an agreement, data cannot be removed, and use of the data can be monitored and audited.
Very high Control
The AIHW Data Lab is within the AIHW premises and subject to physical security, IT security, as well as monitoring and auditing capabilities. Data cannot be taken from the Data Lab.
Are the statistical results non-disclosive?
There are no controls.
The outputs are controlled by the user, but are governed by agreements with the AIHW.
Outputs can be audited by the AIHW and users are required to comply with the AIHW confidentialisation policy and practices.
Outputs meet project objectives, AIHW confidentialisation policy and practices, and are assessed by the AIHW before being released.
Table 1. Five Safes framework controls applied under different modes of data sharing and release
We'd love to know any feedback that you have about the AIHW website, its contents or reports.