Philip Hamilton, Politics and Public Administration

Key issues
Since mid-2018, Coalition Government statements have foreshadowed a Data Sharing and Release (DSR) Bill, which will provide a statutory foundation for interim DSR measures introduced in 2018–19.
The Government’s digital identity initiative, GovPass, is currently being tested through pilots. A report by a House of Commons committee on the UK’s underperforming digital identity program highlights issues that may be relevant to Australia’s digital identity initiative.
The number of ICT-related procurements and projects may increase due to caps on the value and duration of ICT-related contracts.

Governments around the world are undertaking digital projects, but academics have noted there is debate about the extent to which public administration is being transformed by the adoption of digital technology. (The Parliamentary Library has recently published a guide to relevant Australian Government initiatives since 2015.)

This brief highlights a range of public sector digital transformation issues likely to be of relevance to the 46th Parliament.

Selected digital transformation projects

In November 2018 the Coalition Government published its Digital Transformation Strategy (DTS), Vision 2025: We will Deliver World-leading Digital Services for the Benefit of all Australians (See also the Minister’s speech and media release).

The DTS outlined three strategic priorities (‘Government that’s easy to deal with’, ‘Government that’s informed by you’, and ‘Government that’s fit for the digital age’), each with objectives to be achieved by 2025. Two key projects identified in the DTS are data sharing by government entities, and digital identity.

Data sharing by government entities 

The OECD has observed that ‘public bodies produce and commission huge quantities of data and information. … By encouraging the use, reuse and free distribution of datasets, governments promote business creation and innovative, citizen-centric services’.

A key document in the development of an Australian position on this issue is a March 2017 Productivity Commission (PC) report which discussed ‘the benefits and costs of options for increasing availability of and improving the use of public and private sector data by individuals and organisations’. The Coalition Government’s May 2018 response adopted the three key features of the PC’s proposed framework.

• a National Data Commissioner (NDC) to ‘implement and oversee a simpler, more efficient data sharing and release framework’
• new legislative and governance arrangements for data sharing and release (DSR) and
• a new Consumer Data Right (CDR) to ‘give citizens greater transparency and control over their own data’.

The CDR is discussed in The data economy in this Briefing Book.

In July 2018, a Government issues paper foreshadowed a DSR Bill that would ‘streamline the process for sharing public sector data and improve data safeguards across the public service’. Working closely with the Office of the Australian Information Commissioner (OAIC), a National Data Commissioner (NDC) would monitor and enforce the provisions of the DSR Bill and associated legislative instruments.

In 2018–19 the Coalition Government implemented several interim DSR measures that would subsequently be given a statutory basis through a DSR Bill. An interim NDC was appointed in August 2018 and members of a National Data Advisory Council were appointed in March 2019. Also in March, the Minister for Human Services and Digital Transformation released Sharing Data Safely guidelines, along with a best practice guide to assist government agencies’ to safely and effectively’ share and release data in accordance with five key Data Sharing Principles:

• Projects: Data is shared for an appropriate purpose that delivers a public benefit.
• People: The user has the appropriate authority to access the data.
• Settings: The environment in which the data is shared minimises the risk of unauthorised use or disclosure.
• Data: Appropriate and proportionate protections are applied to the data.
• Output: The output from the data sharing arrangement is appropriately safeguarded before any further sharing or release.

A DSR Bill may be introduced in the 46th Parliament. Key issues in the development of DSR governance arrangements are likely to be: the extent to which data will be stored or shared in a form that enables identification of an individual; whether data has been ‘de-identified’; and, if de-identified, whether that process is effective, and whether data can be ‘re-identified’.

These issues have been canvassed in an investigation by the OAIC of a government data release potentially vulnerable to decryption, and the Bills digest for the Privacy Amendment (Re-identification Offence) Bill 2016 (the Bill did not progress beyond its second reading in the Senate). A leading Australian lawyer in the field of data and data analytics has commented on the digital governance problems facing government agencies, particularly in relation to data linkage and decision-making.

Digital identity

A 2018 World Economic Forum report noted the centrality of digital identity in a digital economy. A recent McKinsey report included an overview of digital ID systems in operation around the world as at January 2019.

In Australia, one objective of the Coalition Government’s DTS is that by 2025 people ‘will be able to choose a secure and easy to use digital identity to access all digital government services’.

Established in November 2016 as the successor to the Digital Transformation Office, the Digital Transformation Agency (DTA) has carriage of GovPass, the government’s digital identity initiative. A key component of GovPass is the Trusted Digital Identity Framework, which sets out rules and standards for a federated system of Credential Service Providers, Identity Service Providers and other participants. Participants could include, for example, Digital iD, a project developed by Australia Post.

In March 2019, it was reported that ‘there are seven more pilots to test out the digital identity system’, with three in process and four to commence by the end of the 2018–19 financial year. The pilots will involve: grant management systems; the Australian Business Register; AUSKey; the Unique Student Identifier; the myGov website; and Youth Allowance and Newstart Allowance recipients.

In May 2019 the UK’s House of Commons published a report by its Committee of Public Accounts on GOV.UK Verify, the UK Government’s digital identity program, which has underperformed in terms of adoption by consumers and by government services. Reported areas of concern that may be relevant to Australia include: tension between the agency developing the digital identity solution and the agencies that will use it; lines of accountability within and between agencies when something goes wrong; and the potential for consumers with less online access and skills to be excluded from or to experience challenges with digital identity.

Regulation as a Platform

A business unit of the CSIRO, Data61, is undertaking Regulation as a Platform (RaaP), a proof-of-concept project to convert regulatory rules into machine-readable logic, with the aim of reducing costs, time and complexity associated with regulations.

ICT procurement

The Department of Finance continues to be the lead agency on whole-of-government general procurement policy. However, in November 2016 responsibility for ICT procurement policy was transferred to the DTA, which manages an ICT procurement portal.

Coalition Government policies have aimed to increase opportunities for Small and Medium Enterprise suppliers through participation in the Digital Marketplace and the Hardware Marketplace, and a decision in 2017 to cap Government ICT contracts at a maximum value of $100 million or three years’ duration.

Corruption, fraud, and contract mismanagement, particularly in relation to ICT, are areas of risk that have been highlighted in recent reports by the  Australian National Audit Office (ANAO) and the NSW Independent Commission Against Corruption. Constraints, such as capping contracts’ value or duration, may tend to reduce overall risk and contain the consequences of project failure. On the other hand, if caps succeed in increasing the number of ICT suppliers and the number of ICT-related procurements and contracts. there could conceivably also be an increase in the number of smaller-scale risks.

Monitoring ICT projects

The Coalition Government’s DTS promised a public dashboard of performance metrics to track the progress of DTS-related projects. Until the dashboard becomes available, a number of sources collate information about various ICT projects:

• the DTS lists major projects that will contribute to digital transformation over the next two years, with additional information provided on the DTA’s roadmap webpage
• the DTA monitors all digital and ICT initiatives with a budget of more than $10 million and not classified as secret or top secret. Limited information on these has been made public, in November 2017 and May 2018
• the report of an inquiry by the Senate Finance and Public Administration References Committee into digital delivery of government services includes information to June 2018
• the Parliamentary Library has published a summary of the Public Service Modernisation Fund and
• the Library’s ParlInfo database includes media reports about ICT projects and related news.

Cybersecurity in government entities

Under the Protective Security Policy Framework, government entities seek to achieve information security through attention to four key areas: sensitive and classified information; access to information; safeguarding information from cyber threats; and robust ICT systems. Entities are guided by the Australian Government Information Security Manual and an online hub for cyber security information, both produced by the Australian Cyber Security Centre within the Australian Signals Directorate (ASD).

The ANAO conducts performance audits of selected entities’ cyber resilience and cybersecurity arrangements with another report due in May 2019. After the ANAO reports, the Joint Committee of Public Accounts and Audit (JCPAA) conducts inquiries into entities’ cyber resilience and cybersecurity arrangements, for example in 2017 and 2019.

In March 2019 the DTA announced a Whole-of-government Hosting Strategy within which a new DTA Digital Infrastructure Service aims to ‘reduce data sovereignty, ownership and supply chain risks’. Media commentary highlighted that the new strategy seems to create ambiguities around the responsibilities of the DTA and ASD, and around the status of cloud data storage providers that provide some or all of their services from outside Australia.

For discussion of other cyber issues, see Cybersecurity and cyber-resilience and Regulation of online content: cybersafety and harm in this Briefing Book.

Further reading

DTA, Vision 2025: We will Deliver World-leading Digital Services for the Benefit of all Australians, DTA, 2018.

P Hamilton, Public sector digital transformation: a quick guide, Research paper series 2018–19, Parliamentary Library, Canberra, 2 April 2019.

P Hamilton and S Speldewinde, The Public Service Modernisation Fund: a quick guide, Research paper series 2017–18, Parliamentary Library, Canberra, 14 November 2017.

JCPAA inquiries into government entities’ cyber-resilience and cybersecurity arrangements (2017 and 2019).

A Flannery, Public sector data, the proposed Data Sharing and Release Act and implications for governments, Mondaq, 17 January 2019.

 

Back to Parliamentary Library Briefing Book

For copyright reasons some linked items are only available to members of Parliament.

---

© Commonwealth of Australia

Creative Commons

With the exception of the Commonwealth Coat of Arms, and to the extent that copyright subsists in a third party, this publication, its logo and front page design are licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Australia licence.