One of the roles of data custodians in data integration projects is to extract the data [1. This responsibility may be transferred to a third party agency or organisation if there are bilateral arrangements for that third party to hold and manage the data on behalf of the custodian.] as specified in the project agreements and to ensure its safe transmission to the integrating authority, consistent with Australian Privacy Principles (APPs) and the Australian Government Protective Security Policy.
The type of data supplied by custodians will vary according to project requirements and the linkage models being used. However, it is generally better practice for the data custodians to separate the linking (or identifying) information (e.g., name and address) from the analysis (or content) data (e.g., administrative or clinical information) before it is transferred. For more information on this approach, see Separation Principle: Approach 1.
Where legislative and other requirements allow, data custodians may provide the integrating authority with the identified data (records which contain both the linking and analysis variables). The integrating authority is then responsible for ensuring that privacy and confidentiality are maintained according to the requirements of data custodians. Unless otherwise agreed, the integrating authority in this case is responsible for applying the separation principle. For more information on this approach, see Separation Principle: Approach 2.
Regardless of the approach used by data custodians, data transmission should be undertaken in accordance with legislative and policy requirements.
As well as ensuring only the required variables for the project are identified, specified and supplied, the data custodians are responsible for providing relevant metadata and quality assurance documentation, such as a data quality statement, to the integrating authority. This is to ensure the data is fit for the purpose specified in the project agreements.
It is advisable to encrypt the data when transferring it between organisations, whether electronically (generally only suitable for small datasets) or by courier using optical disc or a USB storage device. The Australian Government Protective Security Policy Framework provides further information on the safe transmission of Commonwealth data. Also refer to the data security section and Data Linking Information Series - Sheet 2 which contains an example of secure data transfer via courier
On receipt, the data should be examined and verified to ensure it complies with expectations agreed upon. The integrating authority should then inform the data custodian whether the transfer has been successful, or if there are issues which need to be resolved.
If there are issues with the data received (e.g., data items are missing), then the integrating authority can provide details to the source data custodian about these issues, including why it might have occurred, and request for the data to be re-transferred. However, to preserve privacy and confidentiality, only the information that was obtained from that source custodian about an individual or organisation should be disclosed or discussed in relation to the data issues (see High Level Principle 5 regarding feedback of information).
For more information on the project delivery phase see: