How can I access the information I need?
Now that you've determined you need access to information from another part of government, how do you go about getting access to it, what do you need to do and what processes must be followed? The answer may not always be straight forward, but the following resources will provide you with a starting point.
Some agencies have matured and robust processes to follow for requesting access, others have processes which may not be immediately apparent and some may even be resistant to sharing their data. The following sections provides some clarity around requesting data from other agencies.
1. Determine the type of information and the information owner
If the information you need is in the public domain, such as an open data set published on the Open Data Portal, then accessing it should be a straightforward exercise. Remember though, some types of information in the public domain are subject to licensing or copyright restrictions, which can define limitations on use, reuse and on-sharing. Ensure you understand any licensing restrictions prior to use.
If the information you need is not available publicly, then getting access will require a few more steps.
2. Build the case for sharing
It is important in any new initiative to spend some time in ensuring 'the right problem is being solved' before committing time and resources. The same applies with any information sharing initiative. Having clear and complete articulation on the benefits and value of establishing an information sharing activity will not only help the information owner understand your need for access, but also help you refine your primary purpose and objective for the information you need to access.
The Information Sharing Authorising Framework can assist in you with building your case for sharing. Specifically, the following modules from the 'Prepare' phase.
- Benefits Proposition
- Information Flow Map
3. Determine any existing enablers for sharing
Across Government there may be several instruments which enable access to the information you need. These include specific or general items of legislation, existing Memorandum of Understanding (MOUs) or previously established Master Sharing Agreements (MSAs). Leveraging existing enablers will significantly assist you in accessing the information you need and therefore it is beneficial to spend some time researching and understanding any existing enablers. The Legislation mapping module of the Information sharing authorising framework may assist with this process.
4. Assess any risks and barriers
Risk is usually a primary barrier to establishing any information sharing initiative. It is all too common for data and information owners to refuse access requests and cite excessive risk as the reason why. It is therefore essential that when developing and negotiating access to data and information that the risks are comprehensively understood. Critically, the risk of not sharing information should be central to any assessment. Legislation and privacy concerns can also form barriers to access, so an evaluation of the impacts of both should be undertaken. If you are seeking data containing personal information, then the completion of a Privacy Impact Assessment is a must. The following modules from the Information Sharing Authorising Framework may assist:
- Risk Assessment
- Privacy Impact Assessment
- Legislation Mapping
- Information Security Classification
5. Establish the sharing agreement
If the case for access to information is well defined and the risks of sharing are comprehensively understood and appropriately managed, then all parties should agree to share information. The document which captures this agreement is called the Master Sharing Agreement (MSA). An MSA outlines how information can be used in a sharing activity, documents information flows, defines the participating parties and outlines high level sharing principles such as account abilities, security controls, governance models and success measures.
6. Exchange and use the data
Once a sharing agreement is in place, you are ready to receive and use the data according to the permitted usage conditions defined in that agreement. You must ensure that all usage conditions, including security and privacy requirements, continue to be monitored and met throughout the life of the agreement. When the information or output is no longer required, it should be retired as per the requirements of the agreement, ensuring that any recordkeeping responsibilities are met.
To enable potential leverage from your sharing initiative, you should consider whether the details of the agreement can be published in your agencies information exchange register, the QGCIO's Information sharing agreements register or the Information sharing pattern library.
Last Reviewed: 10 May 2018