Interoperability projects can only be realised when you have managed your information and data risks. All Government information and data is subject to legislation, policies and standards. Interoperability projects need specific attention to data compliance and security requirements relating to:

• data exchange mechanisms
• privacy and de-identification
• licensing for mixed, reused or derived datasets.

Data security is put in place to prevent unauthorised access to information. It is a fundamental theme for enabling interoperability and should be addressed as an enterprise-wide initiative with an agency-wide security strategy. Data security requirements across Government which your agency must consider include the:

• Protective Security Policy Framework (PSPF) which includes requirements for sensitive and classified information
• Australian Government Information Security Manual (ISM) which is the standard that governs the security of Government ICT systems and includes information on access controls.

Secure data exchange

In addition to the PSPF, your agency can ensure your processes and systems meet criteria for secure data exchange by referring to the Digital Transformation Agency's (DTA):

• Trusted digital identity framework
• Gatekeeper Public Key Infrastructure Framework

Data exchange security considerations include:

• access restrictions such as IP whitelisting, multi-factor authentication, security tokens and API Keys
• HTTPS secure connections
• encryption of data in transit and at rest
• tamper proofing data that is publicly exchanged
• strict password syntax checks and password resets
• encryption of all passwords
• data storage locations such as on premises and in the cloud
• security classifications.

Privacy and de-identification

Privacy and the de-identification of information must be considered when releasing information online. It is essential that all data released has undergone the necessary privacy and de-identification checks. The Office of Australian Information Commissioner (OAIC) provides information on the Australian Privacy Principles that can help you understand and meet these requirements.

Licensing and terms of use

Compliance with licensing and terms of use of exchanged data is a legal requirement. To ensure you meet this requirement you must understand:

• what licensing and terms of use the data is under
• if the data uses other derived datasets
• necessary transfer of derived data's licence and terms of use, to new datasets.

Terms of use are applied to data to ensure users do not use the data out of context and for purposes other than intended. For example if a dataset does not reach a certain data quality there should be appropriate terms of use agreements in place to ensure it is not used out of context.

Related content

• Australian Privacy Principles and Commonwealth records
• Digital authorisations and workflows
• Interoperability development phases resource (PDF 2.7MB)
• Interoperability scenarios (PDF 2.47MB)
• Interoperability key theme – security
• Legislation, policies, standards and advice
• Protecting information