Regardless of what triggered the request for information, it’s important that your agency has a sound understanding of its data and information holdings, allocated information asset custodians and a documented process in place to respond to requests.
Your information asset register will help you determine what information you hold and who the custodian is. It should also contain other useful information such as the security classification of the data and whether any of the data has already been published on the Open Data Portal.
Making your information asset register available through the QGEA ICT profiling activity, or publishing the register on your website will help potential users identify which agency has the data they need and who they need to approach to request access.
Requests for information may be accompanied by a use case which should identify a business, policy or economic opportunity (e.g. service delivery enhancement, research or data analytics project) which requires your data. The Queensland Government is open by default and therefore requests to access your data and information should be granted unless there is sufficient justification not to do so (e.g. privacy, security or confidentiality).
The risks associated with sharing the information should be weighed up against the benefits of sharing the information. Sometimes these risks may be insignificant. Where a risk has been identified, it should be balanced against the benefits of sharing the information from the user’s perspective. Use your agencies preferred benefits realisation methodology and risk assessment tools to help clarify what the risks and benefits of the sharing activity are.
Sometimes information sharing parameters are defined by legislation (e.g. the Child Protection Act 1999). There may be existing agreements in place between your agency and the requesting agency that can be extended or re-used, or there may be examples of successful agreements from other agencies that can be leveraged to progress the sharing request.
Ensure you confirm there are any existing policies or directives in place that provide specific advice in relation to sharing data or information.
The type of data requested will have an impact on your decision to release. Some data may already be available on the Open Data Portal, or have the potential to be published there. It could also be data that you have already made available through a previous sharing agreement or your departmental website.
However, if the requested data contains personal, sensitive or classified information, you will need to evaluate this as part of the decision-making process. But remember, while privacy and security requirements must be met, they should not stop shared access to government information when it is permissible.
Your data may be ready to share as it is, or it may require manipulation, cleansing or extraction. If it contains personal information, you may need to obtain consent to share, or undertake a de-identification process (such as data masking or aggregation). Using a de-identification process may allow you to share datasets with potentially high value without infringing on the privacy of individuals.
Use all the information above to determine whether the information can be shared and any constraints that may be required on the use of the shared information. In many cases, the Information Custodian will have the authority to approve the information sharing request, however this may vary from agency to agency.
Ensure that approval to share the requested information is obtained from an appropriate delegate or custodian and that all relevant departmental processes are followed prior to releasing the requested information.
Some data and information sharing initiatives may be governed by legislation, in which case a formal sharing agreement may not be necessary. However, documenting the details of your sharing arrangement is a useful governance mechanism and provides transparency and clarity for the agencies involved. A new sharing agreement may not be required in every instance, so check to see if there are existing agreements that can be leveraged or reused to include the new sharing arrangement.
Once an agreement has been developed and approved and your data is ready, you can start sharing information and realising the benefits. It is important to monitor the progress of the arrangement to ensure that any controls and conditions specified in the agreement are being met and that any opportunities for innovation or improvement are considered.
Consider sharing your use cases and sharing agreements to enable further sharing opportunities by providing success stories or a starting point for others to develop a sharing agreement of their own.
SSO is an authentication process that allows you to access multiple services and applications with one username and password.
Most Queensland Government agencies use SSO. If your agency doesn't use SSO, contact your agency IT service desk and let them know you would like to use it.
Most government-owned corporates, non-government organisations, and statutory authorities do not currently use SSO. If your organisation doesn't use SSO, contact your IT service desk and let them know you would like to use it.