1. Broad description
The Australian Bureau of Statistics (ABS) is receiving a small, but growing, number of requests from overseas researchers for access to microdata.
There are two types of access sought: individual researchers seeking access for research projects, and requests to add Australian data to international databases. The Luxembourg Income Study (LIS) is a long-standing example of the latter type of request.
While granting of access to microdata to overseas researchers will remain a matter of judgement, a policy has been developed to provide guidance on when such requests might reasonably be considered.
2. Why is it good practice?
Increasingly comparisons with other countries are being used to inform policy. It is why Australia is an active participant in organizations like OECD and other international collaborations with worthwhile objectives. Often these studies require access to microdata to achieve their research objectives.
The ABS can legally release microdata internationally under specified conditions. As well as legal requirements, there is the issue of public acceptability. To maintain the trust and confidence of respondents, there have to be assurances that their data is safe and being put to good use.
The policy statement provides a decision making framework to allow individual decisions on research access to be made on a consistent basis.
3. Target audience
The international research community but particularly international agencies.
4. Detailed description
For data to be released internationally, two key conditions should be fulfilled.
(i) The study should be of interest to Australia. While this would always be a matter of judgement, some examples of work meeting this criteria might include: producing international comparisons in an area of topical interest; an overseas organization undertaking policy relevant work on behalf of Australia; methodological work that might lead to improved data collection practices and methods in Australia; and research that is relevant to Australian policy.
(ii) The recipient organization and person should be trustworthy. While this also remains a matter of judgement a 'threshold' criteria may be that the organization has recognised international standing in the relevant field.
Unless the above two conditions are fulfilled, access should not be provided.
Even in these situations our Remote Access Data Laboratory (RADL) would be the preferred option if practicable. For requests made by individual researchers, access should only be granted through RADL.
The organization receiving the microdata may want to provide access to other researchers outside their organization to support the international study. They cannot do this legally. Each request should come to the ABS for consideration.
The process of granting access proceeds in two stages: an "approval in principle stage" which assesses the usefulness of the project and trustworthiness of the applicant, followed by an "approval" stage which involves signing of appropriate undertakings.
Where it is found that researchers or organizations have breached conditions of undertakings made, sanctions will be applied. Doing so can reduce the risk of further breaches by the relevant researchers/organization as it acts as a deterrent to others' breaching their undertakings.
There will be a graded series of sanctions as follows:
1) for minor breaches, issue a warning to the individual in breach of an undertaking and their organization (where there is suspicion rather than proof of a breach, this approach might be taken);
2) remove data access from the individual in breach of an undertaking, either in perpetuity or for a fixed length of time (e.g. three years);
3) remove data access from all researchers from the offending organization, or in the case of ABS microdata being part of an international study prohibiting further access to this data, either in perpetuity or for a fixed length of time (e.g. three years);
4) advising the researcher's managers, or other persons of authority, of the breach and the sanction;
5) publicising, to the relevant international research communities, that an organization has been in breach of their undertaking in relation to ABS microdata and that they are prohibited from using ABS microdata.
Which sanction to apply would remain a matter of judgement; however, the factors to consider would be:
1) whether the breach was intentional or not;
2) the nature of the breach;
3) the breadth of the breach (one researcher only as against multiple researchers);
4) the length of time that the breach had been occurring before detection.
5. Supporting legislation
Microdata is released under the provisions of Clause 7 of the Ministerial Determination (see References).
There is nothing in these provisions which prevents release to a person or organization residing outside Australia. We have been reluctant to do so because legal sanctions against breaches could not be applied.
Each release to a person or organization should be approved by the Australian Statistician or delegate within the ABS (at present the Deputy Australian Statisticians).
Although legal sanctions may not be possible, there are other sanctions that could be used. The most powerful (and easy to apply) is to withdraw access to all ABS microdata services.
It provides a publicly defensible basis as to how Australia might participate in international research studies involving microdata. Previously, as an abundance of caution, we had provided virtually no microdata access to international researchers.
It provides a clear statement to the international research community on the ABS position.
It provides a clear statement of the ABS position to staff who might be collaborating with international researchers. They know what is allowable and what is not allowable and discussions can proceed on the basis of that understanding.
The risk of actual identification is very small. The most likely breach is that the recipient of microdata may pass the microdata on to other researchers including those in Australia who are not authorised by the ABS to access the data.
If this happened, it might lead to perceptions about the security of microdata. This in turn could affect response rates and hence the quality of ABS statistical collections.
A copy of the policy statement can be obtained through email@example.com.
30 Aug 2013