How do I get approval to share?
Regardless of what triggered the request for information, it is important that your agency has a sound understanding of its data and information holdings, allocated information asset custodians and a documented process in place to respond to requests.
1. Do you hold the requested data?
Your information asset register will help you to determine what information you hold and who the custodian is. It should also contain other useful information such as the security classification of the data and whether any of the data has already been published on the Open Data Portal. Making your information asset register available through the QGCIO’s ICT profiling activity, or publishing the register on your website will help potential users identify which agency has the data they need and who they need to approach to request access.
2. How do you evaluate a request?
Requests for information may be accompanied by a use case which should identify a business, policy or economic opportunity (e.g. service delivery enhancement, research or data analytics project) which requires your data. The Queensland Government is open by default and therefore requests to access your data and information should be granted unless there is sufficient justification not to do so (e.g. privacy, security or confidentiality).
The risks associated with sharing the information should be weighed up against the benefits of sharing the information. Sometimes these risks may be insignificant. Where a risk has been identified, it should be balanced against the benefits of sharing the information from the users perspective. Use your agencies preferred benefits realisation methodology and risk assessment tools to help clarify what the risks and benefits of the sharing activity are.
3. Are there existing sharing options?
Sometimes, information sharing parameters are defined by legislation (e.g. the Child Protection Act 1999
). Perhaps there are existing agreements in place between your agency and the requesting agency that can be extended or re-used, or there may be examples of successful agreements from other agencies that can be leveraged to progress the sharing request. You might even have Departmental policies or directives that provide specific advice in relation to sharing data or information.
4. What type of information has been requested?
The type of data requested will have an impact on your decision to release. Some data may already be available on the Open Data Portal, or have the potential to be published there. It could also be data that you have already made available through a previous sharing agreement or your departmental website.
However, if the requested data contains personal, sensitive or classified information, you will need to evaluate this as part of the decision-making process. But remember, while privacy and security requirements must be met, they should not inhibit shared access to government information when it is permissible.
5. Can the data be shared and who needs to approve it?
Your data may be ready to share as it is, or it may require manipulation, cleansing or extraction. If it contains personal information, you may need to obtain consent to share, or undertake a de-identification process (such as data masking or aggregation). Using a de-identification process may allow you to share datasets with potentially high value without infringing on the privacy of individuals.
Use all the information above to determine whether the information can be shared and any constraints that may be required on the use of the shared information. In many cases, the Information Custodian will have the authority to approve the information sharing request, however this may vary from agency to agency. Ensure that approval to share the requested information is obtained from an appropriate delegate/custodian and that all relevant departmental processes are followed prior to releasing the requested information.
6. Do you need a sharing agreement?
Some data and information sharing initiatives may be governed by legislation, in which case a formal sharing agreement may not be necessary. However, documenting the details of your sharing arrangement is a useful governance mechanism and provides transparency and clarity for the agencies involved. A new sharing agreement may not be required in every instance, so check to see if there are existing agreements that can be leveraged or reused to include the new sharing arrangement. If you do need to start from scratch, the Information sharing authorising framework provides step by step assistance and templates for developing a new agreement.
Now that an agreement has been developed and approved and your data is ready, you can start sharing information and realising the benefits! It is important to monitor the progress of the arrangement to ensure that any controls and conditions specified in the agreement are being met and that any opportunities for innovation or improvement are considered.
Consider sharing your use cases and sharing agreements to enable further sharing opportunities by providing success stories or a starting point for others to develop a sharing agreement of their own.
Last Reviewed: 10 May 2018