How Queensland Government agencies can obtain data from QDAP

This use case demonstrates how Queensland Government agencies can obtain data from the Queensland Data Analytics Platform (QDAP).

The flowchart provides an overview of the steps required for each party to fulfill their obligations throughout the process. The flowchart is limited in its focus and surrounding steps or information can be found in the workflow below. The workflow tables provide practical information which will support decision makers throughout the data sharing process. This work aims to provide data custodians, recipients and users with clarity around what they need to do when sharing and using data.

Workflow

Useful data identified through QDAP

The requesting agency identifies a data need which cannot be satisfied by internal data holdings and further determines that the required data is available via QDAP.

Activities Supporting documentsResponsibilities
  • Identify opportunity
  • Assess agency data holdings
  • Review QDAP holdings including permitted usage conditions
Agency Information Asset Register Requesting agency needs to clearly understand what they want to do with the data and whether this is in line with the datasets existing permitted usage conditions.

Authorisation of data sharing request

Once the required data has been identified, the requesting agency seeks internal approval to access QDAP so that the required data can be accessed.

Activities Supporting documentsResponsibilities
 

QDAP Access and use Policy (to be developed)

Privacy Impact Assessment (OIC)

Information Privacy Act 2009

Agency specific legislation

Requesting agency ensures that the correct approvals are provided to access QDAP from someone with appropriate delegations

Access and use of data

Once a requesting agency has received internal approval, the agency makes a request to access QDAP. If they already have a log in, they make a request to access the required data set.

Activities Supporting documentsResponsibilities
  • Request and internal permissions provided to QDAP including details of how the agency will use the data (permitted usage)
  • QDAP evaluates request and determines if the data is fit for purpose
  • QDAP reviews current permitted usage conditions. If not, QDAP approaches source agency and asks them to determine if the new use is permitted.

Internal agency approval documentation

Datasets permitted usage conditions

The requesting agency ensures that the complete details of the data request and internal approvals are provided to QDAP.

QDAP evaluates the request against dataset attributes and the permitted usage conditions.

Data Governance Body acts as an escalation point to resolve issues around permitted usage

Upon receiving the data access request, QDAP reviews and prepares the data, ensuring that it is fit for the requesting agency's purpose.

Activities Supporting documentsResponsibilities
Depending on the state of the data and the requirements of the request, this may involve activities such as quality assurance/cleansing/unique identifiers for data matching etc.

Original data request

Permitted usage conditions

QDAP conducts data review and preparation and liaises with requesting agency to resolve issues.

Data Governance Body acts as an escalation point to resolve any issues with the requesting agency if required.

Once QDAP has prepared the data, the requesting agency is granted access to it.

Activities Supporting documentsResponsibilities
  • Individual log in provided to agency
  • Agency provided with the access and use policy
  • Agency clearly informed regarding the permitted usage conditions
  • Agency provided with information as to what monitoring and auditing activities will be undertaken by QDAP to ensure compliance

QDAP access and use policy

Permitted usage conditions

Requesting agency ensures the QDAP access and use policy and any permitted usage conditions are complied with.

After gaining access, the requesting agency uses the data for its intended purpose.

Activities Supporting documentsResponsibilities
This may involve data being used and accessed within the confines of QDAP as well as QDAP processing data and providing it to the requesting agency.  

QDAP provides access to requested data for users as per the terms of the original request.

Data users are aware of the conditions of use and use data only for its intended purpose/s.

Data Governance Body – has oversight of the process, reviews outcomes, makes suggestions form improvements and deals with any issues escalated to it.

Data is to be published as per its permitted usage conditions.

Activities Supporting documentsResponsibilities

QDAP ensures that authorisations are kept for recordkeeping   purposes and available for auditing.

QDAP publishes to appropriate and agreed repositories in   accordance with the conditions specified in their original request and the   agreed permitted usage conditions.

Public Records Act 2002

Records Governance Principles

Open data policy statement

Information access and use policy

Data Governance body to provide oversight and review. Deals with escalated issues.

Data management and governance 

Access to data must be managed appropriately.

Activities Supporting documentsResponsibilities

QDAP has documented/automated processes in place to ensure that   only those who are permitted to access and use the data have access and that permitted usage conditions are adhered to.

Information access and use policy

Audit schedule

Access notifications at log in to ensure users are aware of inappropriate access and use penalties (as per CCC Operation Impala Recommendations)

Data users – ensure they comply with conditions of use for QDAP as well as permitted usage conditions for the dataset.

QDAP – ensures appropriate user access permissions are provided and kept up to date. Ensures users are aware of their responsibilities.

Data Governance body– oversight and review. Deals with escalation issue

There must be a body in place to oversee governance. For example, the Data Governance Body.

Activities Supporting documentsResponsibilities

There is a group in place to oversee the process, deal with escalated issues, resolve problems and make determinations. Ideally comprised of cross agency representatives from key data supplying/requesting agencies with the seniority/authority to act.

Data governance charter

Responsibilities of the Data Governance body may include managing by exception:

  • Resolving unforeseen issues
  • Deciding on access requests
  • Dealing with rejected requests for data to be added to QDAP
  • Data not being provided as specified (e.g. quality, timeliness etc)
  • Amendments to conditions of use
  • Negotiating conditions of use
  • Agreeing to or rejecting additional usage conditions
  • Identifying additional data sources
  • Dealing with adverse audit results (e.g. unauthorised   access/use/release)

Data is to be retired or destroyed appropriately.

Activities Supporting documentsResponsibilities

Once the permitted usage timeframe has ended, access to the data should be removed unless other arrangements have been made.

Permitted usage conditions

QDAP – regularly review data access permissions and determine if the permitted usage timeframe has ceased.

DG Group – oversight and review. Deals with escalation issues.


Last Reviewed: 09 June 2020