A checklist for integrating authorities

This is a list of considerations for integrating authorities who have been approached to undertake the end to end management of a data integration project for statistical or research purposes. Integrating authorities must be accredited to manage high risk projects.

1.      In Principle approval

✔ Have you assessed the technical feasibility of the project and ensured that you can deliver on all aspects of the project (e.g. linking methods, data security and provision of secure access to the integrated data, timeframes, data quality, risk management etc.)

 2.        Finalise project details

✔ Have you discussed and agreed the arrangements for security of the data (e.g. data transfer, access, use, storage and destruction or retention) with all data custodians?

✔  Have you discussed and agreed with data custodians how confidentiality and privacy will be protected?

• How will the separation principle be applied (if applicable)?
• How will the data be de-identified and/or confidentialised?
• Do the data custodians have any special conditions to be met for users of the data (e.g. signing confidentiality undertakings, review of research results before publication)?
• Are the consequences, if there is a misuse of data or breach of privacy, understood for both the integrating authority and the data user?

✔ Will there be a fee for service or cost recovery charge to the data user and has a quote been prepared and accepted?

✔  Do you need to assist the data users to seek Ethics Committee approval for the project?

✔  Is a privacy impact assessment required?

✔  Do you intend to outsource or work in partnership with other organisations to complete components of the project (such as creation of linkage keys) and have the data custodians been advised?

✔  Have you entered into a project agreement with all of the data custodians to formalise the arrangements for the project?

✔  Have you entered into a data access agreement with the data user to set out the conditions and arrangements for accessing the integrated data for research and analysis?

✔  Have you registered the project on the Public Register of Data Integration Projects and submitted the risk assessment to the Oversight Board?

 3.      Project delivery

✔  Have you conducted the following steps in accordance with the project agreements?

• Data prepared, linked, merged and quality checked using agreed protocols (e.g. application of the separation principle),
• Integrated data de-identified and confidentialised,
• Secure access to the integrated data provided to data users,
• Ensure that the integrated data is stored securely if it is to be retained and a review process is in place or that it is destroyed at project completion, and
• Completed an evaluation of the project and updated the project findings on the Public Register of Data Integration Projects.