Sorry, you need to enable JavaScript to visit this website.
AIFS Logo
Most relevant
Home About AIFS Our services Data linkage and integration

Data linkage ethics

Our ethics process

All research projects that use our data linkage and integration services must comply with the ethical principles and standards of the National Statement on Ethical Conduct in Human Research, as well as any specific ethical requirements of the data custodians and the Data Availability and Transparency Act 2022.

You may need to obtain ethics approval from a Human Research Ethics Committee (HREC) or other relevant ethics bodies before you can access and use the data. We can assist you with the ethics application process and provide you with the necessary information and documentation to support your application.

Our Human Research Ethics Committee (HREC) ensures that all research and data integration projects undertaken adhere to ethical standards and respect the rights of people. It is registered with the National Health and Medical Research Council (NHMRC). 

The HREC’s role is to provide independent review and monitoring of research and evaluation activities in line with the principles of the National Statement. It assesses proposed data integration projects to balance the benefits of a project with any risk to privacy.

Before we collect, link and analyse data, we need to ensure that we follow the ethical principles and standards that guide our research. These include compliance with the relevant laws and regulations that govern data protection, privacy, and confidentiality.

Risk assessments

One of the key steps in the ethics process is to conduct a risk assessment for each study. A risk assessment is a systematic process of identifying, analysing, and evaluating the potential harms and benefits associated with the research activities. The aim of the risk assessment is to minimise or mitigate any adverse impacts on the participants, the researchers, and the wider community, while maximising the social value and validity of the research.

We also monitor and evaluate the ethical conduct and outcomes of the research projects that use our data linkage and integration services and report any issues or breaches to the relevant authorities and stakeholders.

Privacy Impact Assessments

One of the tools that we use to conduct a risk assessment is a Privacy Impact Assessment (PIA). A PIA is a process that helps us to identify and address any privacy risks that may arise from the collection, use, and disclosure of personal information in the research project. A PIA also helps us to demonstrate our compliance with the relevant privacy laws and principles, such as the Privacy Act 1988 and the Australian Privacy Principles.

A PIA is not required for every research project that involves personal information. There are some situations where a PIA is highly recommended or mandatory, such as when a project involves:

  • new or changed ways of handling personal information, such as collecting new types of data, linking data from different sources, or sharing data with new partners
  • sensitive or confidential information, such as health records, financial details, or criminal history
  • vulnerable or marginalised groups, such as children, First Nations people, or refugees
  • large-scale or complex data sets, such as big data, biometric data, or geospatial data
  • high-risk technologies or methods, such as artificial intelligence
  • cross-border transfers of personal information, such as sending data overseas or accessing data from foreign jurisdictions.

By conducting a PIA in these settings, we can ensure that we are respecting the privacy rights and expectations of the data subjects, managing the privacy risks effectively, and enhancing the trust and confidence of the data users and providers.

A PIA involves:

  • scoping the project and identifying the stakeholders
  • mapping the information flows and data linkages
  • analysing the privacy impacts and risks
  • identifying and implementing the privacy solutions and safeguards
  • consulting with the stakeholders and obtaining their feedback
  • reviewing and updating the PIA as needed.

We document the results of the PIA in a PIA report, which we share with the data custodians, the ethics committees, and the data users. The PIA report outlines the: 

  • purpose and objectives of the project
  • data sources and variables involved
  • information flows and data linkages
  • privacy risks and mitigations
  • privacy governance and accountability arrangements.

Share