FREQUENTLY ASKED QUESTIONS
What is the purpose/objectives of the Act?
The Act enables public sector agencies to share their data with each other and with external entities. Read the Act in full.
For what purposes can agencies share data under the Act?
At least one of the following purposes (see the Act for precise definitions of these purposes):
What are the Five Safes?
The Five Safes provide the fundamental framework for sharing data under the provisions of the Act.
What are the ‘data sharing safeguards’ in the Act?
The data provider and data recipient must follow three safeguards in addition to the Five Safes.
How does the Act interact with other data sharing legislation?
The Act overrides all other South Australian data sharing legislation. A public sector agency can legally share public sector data with another public sector agency in accordance with the Act regardless of any other South Australian Act or law.
How does the Act interact with the Information Privacy Principles (IPP) and the Information Sharing Guidelines (ISG)?
The IPPs apply to the collection, storage, correction, use and disclosure of data by public sector agencies regarding personal information. If there is a conflict with the Act, the Act takes priority and must be followed. Although the ISG do deal with sharing government data, their focus is more on immediate needs or client service delivery (e.g. threats to client safety/wellbeing, case management, referrals, risk assessments etc) rather than data analytics for program evaluation or projects. The Public Sector (Data Sharing) Act 2016 does not affect sharing information under the ISG.
What is the process for actioning an FOI request for data shared under the Act?
If a public sector agency receives such a request, it must:
Which standards and frameworks does ODA recommend agencies implement?
What is public sector data?
This is broadly defined as any data controlled by public sector agencies.
What is exempt public sector data?
Although ‘exempt’, this data can still be shared in some limited circumstances.
Exempt public sector data should not be confused with public sector agencies that are exempt from the operation of the Act.
Can ‘identified data’ be shared under the Act?
Yes, but only under specific circumstances.
In most cases, data to be shared must be de-identified. However, identified data can be shared under the Act if the person in question has granted permission or if the sharing and use of the personal information:
The agency providing the data is still required to consider all the Five Safes prior to the making the final assessment. If the data provider is not satisfied that it is appropriate to share the identified data, they are not be obliged to share it, unless specifically directed to by the Minister for the Public Sector.
Do I really have to fill out that data sharing form?
Yes. It is the only legally binding agreement form acceptable under the requirements of the Act. ODA will not accept any others. There are editable PDFs and Word files for multi-agency agreements on the data sharing page. There are also addendum forms for cases where additional data is required to an existing data sharing agreement.
Another agency told me that I have to sign an MOU with them before we can share data. Is this true?
It might not be. There is a very high likelihood that you can legally share data under the Act by applying the Fives Safes framework and completing the data sharing agreement form. Contact ODA for confirmation.
What is a public sector agency and which public sector agencies are exempt?
A ‘Public sector agency’ has the same definition as in the Public Sector Act 2009, but excludes certain exempt public sector agencies. South Australian Ministers, Chief Executives and Departments all fall within the definition of a public sector agency. The following bodies are exempt from the definition of a ‘public sector agency’ and thus the Act does not apply to them:
When can data be shared by a public sector agency?
A public sector agency can share data that it controls (excluding exempt public sector data) if:
Who in my agency has authority to approve release of data to another agency?
Your agency must develop a policy to action, consider and approve data requests. Most agencies have appointed a Chief Data Officer who can assist you. The only legislative requirements relating to approvals for release relate to prescribed health data.
What if my agency disagrees or has concerns with a request from another agency?
Requests for data should not be approved unless your agency is satisfied that the potential data recipient can appropriately meet the requirements of the Five Safes.
What if there is a dispute concerning release of data?
Unless there is a significant cause for concern, data sharing requests for an appropriate purpose and use should not be refused. If a dispute arises, contact the Office for Data Analytics for advice. We can help!
Can the Minister for the Public Sector direct a public sector agency to share data, including exempt public sector data?
Yes. The Minister for the Public Sector has the power to authorise a binding direction to public sector agencies to provide public sector data to another public sector agency. The Minister must apply the Five Safes framework and be satisfied that sharing and use of data is appropriate in all specified circumstances. Public sector agencies are not authorised to share exempt public sector data that they hold under the Act with each other, but the Minister for the Public Sector can direct them to do so.
What are the obligations of public sector agencies once data has been shared?
The data provider and data recipient must continue to comply with all relevant data sharing safeguards (see above). The data recipient must not re-share, disclose or use the data except for the specified purpose in the data sharing agreement unless the following circumstances occur:
Can public sector agencies share data with the private sector under the Act?
Yes. South Australian public sector agencies can enter into data sharing agreements with all tiers of government in South Australia, or interstate non-government organisations including private industry or the community sector. The only additional requirement is that the Minister for the Public Sector must sign the data sharing agreement.