The National Blood Authority Act 2003 states that the National Blood Authority (NBA) is ‘to liaise with, and gather information from, governments, suppliers and others about matters relating to blood products and services’ and to provide information, advice and assistance to various stakeholders under the national blood arrangements.
Data and information governance refers to the overall management of the availability, usability, integrity, and security of data. A sound data governance arrangement must be comprehensive and include a governing body, a defined set of procedures, and a plan to execute those procedures. Governance arrangements will exist at all levels within the sector and must be able to demonstrate their compliance against all required standards and community expectations.
The governance framework for data captured and managed at the national level needs to be able to guarantee and demonstrate:
- transparency in decision making on data collection
- control and obligations relating to the data held
- data storage
- data access and control
All data held in national systems that are funded under the national blood arrangements are managed by the NBA on behalf of all governments. All data containing personal information will be managed in accordance with the Information Privacy Principles from Section 14 of the Privacy Act 1988 (Cth).
To ensure obligations are met the NBA has developed a National Blood Authority Data and Information Governance Framework that defines the NBA’s governance principles and arrangements for the NBA’s own management of data and information, and for the NBA’s dealings with data stakeholders in the blood sector. In general these governance arrangements are relevant to blood sector data and information that is, or may usefully be, collected, analysed, reported, published and managed systematically and held by the NBA in some form of database, data linkage collection or other structured data sets. It does not preclude governance policies within jurisdictions or organisations for data that is not managed or held by the NBA. This document was endorsed by the Jurisdictional Blood Committee (JBC) as at 6 March 2015 as an overarching document, subject to jurisdictional bilateral data sharing agreements being completed. It is an evolving and living document that will be reviewed every two years, or when there are material changes either to the data governance under the national blood arrangements or to laws that impact on data governance. Any updated data governance document will be endorsed by JBC.
To ensure that the NBA meets its obligations under the Notifiable Data Breaches scheme introduced under the Privacy Act 1988 (Cth) on 22 February 2018, the NBA has developed a Data Breach Response Plan. Please note that this Plan supersedes the data breach response process set out in pages 20-23 of the NBA Data Governance Framework, which is currently under review.
- Data Breach Response Plan (pdf) (658.75 KB)
- Data Breach Response Plan (docx) (1.01 MB)
The NBA is also required to comply with the Information Publication Scheme and Freedom of Information Act 1982.
For more information or to submit data requests refer to Data Requests.