The NSW Government has launched a new data strategy it says will create better outcomes for citizens while protecting their privacy, with more information to flow between agencies and departments in a “deliberate and cautious” way.
The strategy will help to put “data at the heart of decision making” in the state government, which said it has learned a lot of lessons from the recent natural disasters, pandemic and major data breaches within government.
Released Monday, the strategy marks a significant step in NSW’s ongoing data reforms which began more than five years ago with data sharing legislation in 2015 and the establishment of the NSW Data Analytics Centre (DAC).
The DAC allowed the government to begin discrete data projects and establish data sharing practices, culture, capabilities and governance mechanisms, and was critical to the state government’s response to the COVID-19 pandemic.
The disruption of 2020 and the value of data in managing it provided an opportunity to formalise many of the best practices into a new sector wide data strategy, which ensures data is shared by government departments in a more “sophisticated” way, according to NSW chief data scientist Dr Ian Oppermann.
“The strategy says, ‘let’s take the best of what we found from working in the world of COVID and let’s try and bake it in,’” Dr Oppermann told InnovationAus.
“Let’s acknowledge that people’s capabilities and different parts of government’s capability have improved substantially over the period since 2015.”
The strategy includes four themes, each underpinned by a set of principles and sector wide actions. The themes are: accelerating actionable insights, treating data as and asset, strengthening transparency and trust, and fostering culture, leadership and capability.
It was developed through consultation with hundreds of data practitioners and stakeholders across government and academia, and overseen by NSW Data and DAC director Narelle Grayson and NSW Department of Customer Service chief data officer Simon Herbert.
Dr Oppermann said the strategy acknowledges the varying capabilities of those sharing data and sets appropriate authorisation and governance requirements for access.
The strategy will apply for the next year and will be reviewed and updated iteratively.
The New South Wales Government is under pressure to tighten its data security following a major breach of its service delivery agency Service NSW last year and a more recent breach of health data as part of a the compromised Accellion file transfer software.
The Service NSW breach led to a parliamentary inquiry which produced a damming review of the state government’s cyber posture and recommended an overhaul of cyber strategy.
Plans for a mandatory data breach notification scheme – the first by a state or territory in Australia – were released last month and a new sector wide cyber strategy quickly followed.
Dr Opperman said the NSW Government will protect people’s privacy and security in data sharing by being more transparent, improving government capabilities, and being up front when things do go wrong.
He said the data sharing strategy itself offers “how to” templates for the agencies involved but also demonstrates the level of sophistication the government is approaching to the general public.
The state’s cybersecurity posture is also continuously being improved, according to the NSW government chief data scientist, who is confident in the level of funding.
The government will also be “as transparent as possible” on its data sharing, he said, and will receive ongoing advice from external stakeholders through its data and technology advisory committees, which include privacy advocates and the Human Rights Commissioner as members.
Phase one of NSW’s data reforms was about embedding data practices across government and establishing governance measures like a chief data officer in each government department and connecting them through a NSW Government Data Leadership Group.
These data officers will be responsible for implementing the new strategy in phase two of the reforms, which includes developing department specific data roadmaps with high level plans and goals depending on their maturity, the data they collect and how it will be shared.
“It means that every single [government] cluster can think through what they need to do in terms of improving their data capabilities, their data literacy, their data maturity and also the governance associated with it,” Dr Oppermann said.
The strategy outlines how data should be shared based on the risks created by doing so, which are determined by an assessment of the information’s sensitivity and its “personal information factor” or how likely a person is to be reidentified based on the data, even when it has been deidentified.
“There are different levels of trust that need to operate in order for people to appropriately take data, to analyse data, to ensure the security associated with it, and to ensure that they’ve got not only the authority to analyse but [also] the authority to release [it], and they’ve got all the context they need to put in place,” Dr Oppermann said.
Phase three of the New South Wales data reforms will include a statutory review of the 2015 data sharing legislation underpinning the strategy, which could lead to further reform.
That review is expected to draw on the results of the current data data sharing initiative and Dr Oppermann said it will determine whether NSW adopts a “heavy” legislative framework for data sharing or uses the laws as more of a “guidance framework”.
But before then there is more work to be done, he said.
“Watch this space,” Dr Oppermann told InnovationAus.
“There’s a lot more to come. Data use is inevitable but we are looking to make sure that it’s a deliberate and cautious acceleration of our data use over time.”
Do you know more? Contact James Riley via Email.
Data comes from the past. It’s in the rear-view. If you put “data at the heart of decision making” you’re driving down the street looking at the reversing camera. You won’t see the corner coming up because it hasn’t happened yet. You can’t do the future – until it has become the past. What sort of leadership is that ? Let’s do the future – when it’s over ? These guys “learned a lot of lessons from the recent natural disasters, pandemic and major data breaches within government” – after they were over. They didn’t see any of them coming ? Like, nobody saw the GFC coming ? Surprise ! A GFC ! That’s data driven leadership guys. Not leadership at all.