The following can help you understand:

  • If it is appropriate your specific dataset to be hosted and used on our nationally-funded eResearch infrastructure
  • The legislative landscape in Australia with respect to human-derived data
  • Specific requirements in different Australian jurisdictions and laws affecting trans-border data flows
  • Circumstances when sharing of human-derived data for research purposes is permitted, and when it is not
  • Your responsibilities as a data custodian in ensuring data is secure
  • The responsibilities of infrastructure providers (like us) in providing tools and services so you can ensure human-derived data is secure
Interactive tool to assist you understand if your specific dataset can be hosted and used on our nationally-funded eResearch computational infrastructure within the requirements of your ethics approval and institutional policiesRead More
Discussion paper outlining the Legal, Best Practice and Security Frameworks for consideration when using human-derived data in research in Australia.Read More
Summary of legislation protecting individuals against the release of personal sensitive information to unauthorised parties – These cover situations both within the health sector (i.e. when personal health information from a patient is collected for the purposes of providing care), as well as situations when data derived from an individual is used in research. Includes privacy and health legislation and covers issues such as informed consent, ethics approval and trans-border data flows.Read More
Summary of the security requirements of an IT system intended to handle personal health information (including for research purposes) in Australia – as based on the 2015 Australian Guidelines for the Protection of Health Information (published by the Health Informatics Society of Australia) and the Australian Government’s Information Security Manual (ISM) (published by the Australian Signals Directorate).Read More

Guides describing technology services required when protecting
human-derived data

Outlining what each service does, when it should be used, and what the Australian controls are for that service.

Note: our infrastructure and associated technology services are currently suitable for storing data where individuals are not readily identifiable. Please contact us to find out more.

User Identity Management describes the service components required to accurately identify users of an IT system.Read More
User authentication is the act of determining whether someone is, in fact, who they declare they areRead More
Access Control provides methodologies to ensure access to information is controlled in order to preserve confidentiality and integrity of information.Read More
Anonymisation (or de-identification, confidentialisation) is a process that removes all personal identifying information from data that represents an identifiable individual. Read More
Encryption is a method to render digital data unreadable by anyone other than authorised users. It can be used to provide a layer of security by making the data unreadable to anyone who is not authorised to view it.Read More