How To Govern Data Governance At The Australian Primary Health Care Research Institute

Transcription

1 GRAPHC Data Governance Policy

2 Document Control Document Title: Data Governance Policy Summary: This document defines the policies of GRAPHC regarding GRAPHC s data governance management system. Date of Issue: May 2014 Version: Version 0.2 Draft Contact: GRAPHC@anu.edu.au Relevant References: Change History V0.1 Drafted by M Hewett V0.2 Edit by P Konings V0.3 Edit by P Konings, Notes & Observations by I McRae

3 Document Control... 2 Background... 4 Intent... 4 Objectives... 4 Overview... 4 Scope... 4 Policy Statements... 5 Responsibilites... Error! Bookmark not defined.

4 Background The Australian Primary Health Care Research Institute (APHCRI) at the Australian National University (ANU) provides national leadership in improving the quality and effectiveness of primary health care in Australia. The national centre for Geographic & Resources Analysis in Primary Health Care (GRAPHC) was established in 2011, within APHCRI, to promote and facilitate the use of Geographic Information Systems (GIS) to inform locally relevant and equitable solutions for targeting health resources and services in Australia and to support geographic and location based aspects of primary health care research. Intent GRAPHC recognises that data is a valuable asset for the purposes of its objective. GRAPHC collects, processes, analyses and hosts data from a variety of sources. Wherever possible and appropriate, this data is made publicly available so that it may be used by researchers around Australia. GRAPHC acknowledges that some of the data will be of a sensitive nature in terms of privacy, integrity, availability, security and governance. GRAPHC will adhere to a Data Governance framework to ensure that appropriate controls are applied to data, and that the data is used and protected appropriately. Objectives The specific objectives of our Data Governance Framework are to apply appropriate controls over: Data Acquisition and Collection Data use and disclosure Data security Data privacy Data availability Data Integrity Data Ownership and Citations Overview GRAPHC s information infrastructure and services and data and database infrastructure are part of the broader ANU IT community and as such GRAPHC Data Governance policy is subject to ANU Data Management Policy. Scope This policy applies to: Common spatial data holdings of GRAPHC. GRAPHC s G-Tag System database contents

5 This policy does not apply to data held as part of GRAPHC research projects. Each project will be governed by its own privacy and ethical requirements as determined by law, ethics oversight organizations and the dataset owners. Policy Statements 1. All individuals are entitled to confidentiality and privacy with respect to information relating to them. 2. Data to be included in the GRAPHC data holdings shall be acquired or collected in a lawful and appropriate manner. If the data is to be modified for appearance or content prior to inclusion in the GRAPHC data holdings, a copy of the original dataset shall be maintained by GRAPHC in an archival location wherever possible. 3. In all cases, GRAPHC will only use data in accordance with any licensing conditions or use restrictions imposed by the data provider. Where appropriate, such use restrictions will be included in the metadata of datasets published by GRAPHC for public use. If privacy, licensing or other restrictions prohibit GRAPHC from sharing or making data public, GRAPHC will ensure that such dataset are used within the scope of such limits 4. Data shall remain protected in accordance with the requirements of applicable legislation. 5. GRAPHC will endeavour to protect individual privacy at all times. Datasets that require protection will be appropriately stored to ensure access is in accordance with the requirements associated with the data. 6. Wherever possible and appropriate, GRAPHC will make data available through public data portals. Where data is protected by law, license or ethics, GRAPHC will not expose that data beyond the limits specified by those protections. 7. Appropriate controls shall be applied to ensure that data remains complete and accurate. 8. GRAPHC shall ensure that whenever data from other sources or owners is re-published or otherwise made available to users that the owner or source is appropriately cited. Where possible, links to data originators will be recorded and provided as part of dataset metadata. Responsibilities GRAPHC Staff shall: Apply the requirements specified within this policy. Make this document publicly available on the GRAPHC website. Update this document as appropriate. If GRAPHC staff become aware of a situation contrary to the requirements specified in this policy they shall raise the issue with their supervisor and initiate action as appropriate to resolve the situation.