Minimum you need to do
Identify the data you need to collect, ensuring you comply with data collection legislation and policy.
Recruit data specialists
Consider what data skills you need during the different phases of your project. Plan when to recruit data specialists if required.
A data expert can determine:
- what data you’re collecting and why
- how data is being transmitted
- where and how to store the data
- how to keep the data
- how to use and share the data
- how to dispose of the data.
See Data.NSW’s data skills learning resources for NSW Government employees.
Identifying and collecting data
Know what data you need
First, understand and map out:
- the data you need or that your service will be collecting
- the systems and responsible agencies.
Use the business outcomes you’ve set for your digital product or service. Consider how you will measure these outcomes and what data you need to achieve them. For example, you may need to collect details about the customer to produce the service for them.
When mapping out the data you need to collect, understand existing data sets that you could make use of.
The NSW Government Internet of Things Policy sets out what to consider when you’re assessing the data you need, to design your project’s data requirements.
Identify data sensitivity
Understand what data you collect is personal information. You need to know how you will store, access and disseminate it.
When you collect personal or health information you need to know about the legislative rules for getting customer consent. You must comply with privacy legislation and principles and ensure you build a secure digital service.
You must classify data and information you receive according to your agency’s information classification and handling policies. Apply protective markings where required. If your agency has no specific policy, refer to the NSW Information Classification, Labelling and Handling Guidelines.
Identify usage and sharing
Consider how you will use or share the data your service generates.
To ensure you plan for any use and sharing of the data, consult with stakeholders like
- business owners
- risk and compliance teams
- security teams
- information management.
Collecting personal or health information
Comply with privacy legislation and principles when you collect, store, use or disclose personal or health information. Only collect as much personal or health information as you need to fulfill a specific purpose.
When you collect more data or more frequently than you need, you create a storage burden, and increase privacy and security risks.
How to collect the data
You may need to work with service providers to design devices and configure software so that you can collect and use the data you need.
Consider how you will collect the data. Channels may include an online form, file upload, sensors, APIs, or websites. Use open formats where possible and ensure data is encrypted if required.
You should determine:
- if any of the data you need to collect is available from another source and whether you have permission to use it for your purpose. Determine how you will integrate it a secure way
- if it’s possible to verify a detail from another source and return the result, rather than collecting and storing the data again
- how often you will collect the data and whether you will need to update data you collected before
- how customers can request access to and retrieve their data.
The data you need may already exist. For example, you can access government data available via NSW Government data portal. Make sure you have the necessary permissions to use the data before you collect it again.
Consider data quality
- Determine the level of data quality you need. Build mechanisms to ensure that quality in your data collection channels.
- Talk to your data expert about existing data standards where possible.
- Create metadata to describe the data, you collect.
Know who the data owner is
You need to identify or decide on the data custodian for the data you’re collecting. The NSW Data and Information Custodianship Policy sets out their responsibilities for data and information assets.
Comply with legislation and policy
Your agency will have its own data and information requirements.
Talk to your agency’s teams to understand how your service needs to comply with:
How to show you’ve met the need
You will have:
planned for what specialist data skills you need and when to recruit
identified the data you will need, or your service will collect, if it’s personal information and how you will store, access and disseminate it
identified and consulted the data custodian from the outset
consulted your agency’s data, security, privacy and legal experts at the outset to know the legislation and policies that apply to you.