Privacy and Security
The TDLU is committed to the secure protection of data in support of maintaining individual privacy whilst supporting research in the public interest by providing access to linkable non-identifiable data and reducing the use of personal information in research. The effective protection of data is integral to the activities of the TDLU. The TDLU will ensure that:
- Privacy is integral to the design of its processes and procedures;
- Its activities comply with all applicable guidelines, codes of conduct and law relating to privacy and confidentiality; and
- That all physical computing infrastructures used in support of data linkage activities is maintained on a standalone basis supported by tight access restrictions.
The TDLU operates within a legal framework which may impose various restrictions and obligations on those who deliver and access data linkage services. Users of this service should note the duty of confidentiality at common law and equity and should refer to relevant legislation in Tasmania including:
- Personal Information Protection Act 2004;
- Relevant State health information privacy legislation and principles (where information is health information);
- Relevant State information privacy specific to providers of non-health data;
- Commonwealth Privacy Act 1988, as applicable, and the Information Privacy Principles; and
- The National Privacy Principles (when dealing with information held by a private organisation).
Further, the TDLU recognises the following policy statements, principles and guidelines specific to the use of linked data in support of research activities;
- National Statement on Ethical Conduct in Human Research developed jointly by the National Health and Medical Research Council, the Australian Research Council and Australian Vice-Chancellors' Committee;
- Australian Code for the Responsible Conduct of Research jointly issued by the National Health and Medical Research Council, the Australian Research Council and Universities Australia;
- Guidelines under s95 of the Privacy Act 1988 (Commonwealth); and
- Guidelines under s95A of the Privacy Act 1988 (Commonwealth).
Information security measures employed by the TDLU are divided into four key categories:
- Physical Security - The TDLU has in place strict security measures and physical entry controls for the location where data is stored.
- IT Security - The TDLU has established a standalone network within an entry controlled location with strict, multi-level password protection, anti-virus software and encryption for data transfer.
- Personnel Security - access to physical infrastructure and data is strictly limited to those TDLU staff whose work responsibilities specifically require such access.
- Administrative Security - extensive work has been undertaken to complete a range of policies, procedures, standards, guidelines, security training and risk assessments in support of ongoing security arrangements for the TDLU.
There are a number of security measures also undertaken to ensure the data remains safe once provided to the approved researchers. These include:
- approval of security plans from Human Research Ethics Committees and data custodians;
- legally binding contracts and confidentiality agreements with data custodians and researchers;
- data supplied to and from the TDLU and to researchers and data custodians is in an encrypted format.