Victorian Public Sector Data Sharing Policy

This Policy supports the Victorian Government’s response to cross-portfolio data needs by facilitating data sharing across government.

On this page

Overview

The Victorian Public Sector Data Sharing Policy responds to the critical need for data sharing between Victorian government agencies to inform policy and service decisions for the benefit of Victorians.

It establishes that Victorian government agencies have a ‘responsibility to share’ with each other where there is a demonstrated need for the data to improve policy making, service planning and delivery with a clear public benefit, unless there is good reason not to.

It adopts the National Data Sharing Principles to help the Victorian government agencies fulfil that responsibility in a considered, safe and secure way.

Policy context and purpose

Better use of data1, through sharing, linkage and analytics, is transforming the way government works.
Data insights can enhance government’s understanding about what works and why, leading to better decisions, more streamlined processes and more effective and efficient services and investment. For example, data sharing between government agencies can provide:

  • a more holistic picture for policy-making (such as building a linked social services data asset that combines health, human services, education, justice and police data2)
  • Victorian citizens with integrated government services (such as through Service Victoria, which allows citizens a simpler, faster way to access a range of government services).

Where data sharing is vital for protecting vulnerable people, there are also specific information sharing schemes that recognise the importance of sharing, such as:

  • the Family Violence Information Sharing Scheme, and
  • the Child Information Sharing Scheme.

This policy is an important contribution to assist Victorian government agencies to access the data they need to meet the policy and service needs of the Victorian community. It facilitates the expeditious sharing of data between VPS agencies within a controlled access environment, while ensuring the right safeguards are in place.

It is modelled on the data sharing framework established under the Victorian Data Sharing Act 2017 (VDS Act), which sets up the statutory office of the Victorian Chief Data Officer (CDO) with powers and functions, including to support data-led policy and service decisions across government and to lead and coordinate data sharing and data integration work.

Establishing the ‘responsibility to share’

This policy establishes a clear responsibility on Victorian government agencies to share data with each other.

The responsibility applies where the requesting agency has demonstrated a need for data to inform policy making, service planning and delivery with a clear public benefit, and there is no legitimate basis to refuse the request.

Demonstrating the need for data should include a clear articulation of how the data will be used to benefit the Victorian community or sections of the community. For instance, this may include a statement on how data access would:

  • unlock insights to advance a stated Victorian Government policy,
  • improve an operational program, or
  • provide better services to vulnerable groups or individuals.

The responsibility to share sets the expectation that an agency in receipt of a request will cooperate to provide the data or give reasons for refusal within a reasonable time. Where this does not occur, a requesting agency may choose to issue a formal request for data under this policy. While there is no prescribed format for the formal request, it should at a minimum:

  • identify that it is being made pursuant to this policy
  • set out the purpose and public benefit, and
  • describe how the data will be held and used safely and securely.

The agency in receipt of the formal request must respond within 14 days by providing the data or setting out reasons for refusal in writing. A copy of the refusal should be sent to the Secretary, Department of Government Services (DGS). These arrangements are based on the process for the CDO to make a formal request under the VDS Act, giving all Victorian government agencies a similar mechanism to issue a formal data request.

A legitimate reason for refusal includes where:

  • the sharing would contravene a law or legal obligation (such as a privacy or data protection obligation or a secrecy provision),
  • would prejudice an investigation, inquiry or legal proceeding, or
    be likely to endanger an individual’s health safety or wellbeing.

A request may also be refused if:

  • the requested data is readily available through other sources (e.g. if publicly available),
  • other rights (such as intellectual property rights) prohibit disclosure,
  • the proposed sharing arrangement does not satisfy the National Data Sharing Principles, or
  • sharing is otherwise considered too risky or sharing is inappropriate from a data ethics/social licence perspective, despite the proposed controls and in light of the expected public benefit.

The ‘responsibility to share’ requires agencies to use best endeavours to share, in light of existing resourcing. Where resourcing is a genuine constraint, agencies agree to use best endeavours to agree on how resourcing should be dealt with in light of the proposed public benefit.

Applying the National Data Sharing Principles

In addition to legal and other requirements relevant to data sharing3, Victorian government agencies should be guided by the National Data Sharing Principles in deciding whether or not to share, which are set out in the National Data Commissioner’s Data Availability and Transparency Code 2022.

The National Data Sharing Principles are based on the Five Safes Framework, which is the internationally recognised risk management framework that is the standard for, and used widely across, the Victorian Government. It promotes a principles-based approach to enable sharing of data held by the public sector in a way that delivers public benefit, while ensuring the privacy and security of Victorians’ data remains paramount.

Adopting the National Data Sharing Principles not only reflects that many of the core considerations are the same in the Victorian context4, it also ensures a nationally consistent approach wherever possible. This aligns with national reforms aimed at streamlining the sharing of Commonwealth government data. A consistent approach facilitates uniformity in data sharing conditions and streamlines governance.

Scope of this policy

The policy applies to all Victorian public service bodies, as defined in the Public Administration Act 2004 (which includes Victorian departments and administrative offices) and Victoria Police. Departments and Victoria Police commit to implement this policy within their agency by signing the VPS Data Sharing Heads of Agreement.

The Heads of Agreement also provides a common framework that parties can use to document their particular data sharing arrangements. Over time, any Victorian public sector bodies (including statutory bodies or independent and oversight bodies) can elect to come within the remit of this policy by signing the Heads of Agreement.

While use of this Heads of Agreement (and its template annexures) to document particular arrangements helps foster consistency and expedite sharing, it is not mandatory. Signatories are free to document such arrangements using alternative instruments or agreements. In addition, this Heads of Agreement does not affect any existing data sharing arrangements that signatories have in place.

This policy also does not apply to ‘restricted data’ as defined under the VDS Act. Restricted data refers to data relating to the identity of confidential sources or those included in a witness protection program, national security or the disclosure of investigative measures or procedures.

Where to go for help

DGS is available to assist agencies to navigate this policy, the National Data Sharing Principles and the Heads of Agreement. It also provides other resources and templates where they are required. Queries can made directly to DGS at data.insights@dpc.vic.gov.au.

The Office of the Victorian Information Commission (OVIC) and Health Complaints Commissioner (HCC) can assist agencies with issues concerning personal information, information security and health information respectively.

OVIC and HCC have a wide range of guidance to help VPS agencies understand their privacy and information security obligations on their websites: www.ovic.vic.gov.au and www.hcc.vic.gov.au. OVIC has also put out information sharing and privacy guidance.

Governance and review

This policy was approved by the Victorian Secretaries Board (VSB) on 18 December 2024.

Material changes to the policy will be returned to VSB for approval.

Footnotes

[1] This policy adopts the same use of the term ‘data’ as defined under the Victorian Data Sharing Act 2017, namely “any facts, statistics, instructions, concepts or other information in a form that is capable of being communicated, analysed or processed (whether by an individual or by a computer or other automated means).

[2] The Victorian Social Investment Integrated Data Resource, which comprises linked administrative and law enforcement data, capturing how Victorian’s use selected government health, human services, education and justice services.

[3] Including any obligations relating to privacy or data protection.

[4] Noting that where there are definitional differences between the Commonwealth Data Sharing Principles and Victorian law and policy (e.g. the definition of ‘personal information’), Victorian definitions shall apply.

Updated

Back to top