QPP 6 - Use or disclosure for public interest research

Overview

All Queensland government agencies must¹ handle personal information in accordance with the Queensland Privacy Principles (QPP) in the Information Privacy Act 2009 (Qld) (IP Act).

What is personal information?

Section 12 of the IP Act provides that personal information means information or an opinion about an identified individual or an individual who is reasonably identifiable, whether it's true or recorded in a material format.

The individual does not need to be directly identified in the information for it to be personal information. It is sufficient if they can reasonably be identified by reference to other information.

The personal information of one individual may also be the personal information of other individuals. OIC refers to this as mutual personal information, and examples include a marriage certificate, which contains personal information of both parties to a marriage, or a vocational reference that includes personal information about both the author and the subject of the reference.

Refer to Key privacy concepts – personal and sensitive information for more information.

Use and disclosure

An agency can use or disclose personal information for the reason it was collected (the primary purpose). An agency can only use or disclose personal information for a secondary purpose as set out in QPP 6.

Use and disclosure are both defined in the IP Act. Use and disclosure are both defined in the IP Act. Refer to Key privacy concepts – use and disclosure for more information.

QPP 6 – Use and disclosure for public interest research

Under QPP 6.2(g) personal information can be used or disclosed where:

• the personal information is necessary for research or the compilation or analysis of statistics in the public interest
• the use or disclosure does not involve the publication of all or any of the personal information in a form that identifies any individual
• it is not practicable to obtain the express or implied consent of each individual the subject of the personal information before the use or disclosure; and
• if the personal information is disclosed to another entity, the agency is satisfied on reasonable grounds that the relevant entity will not disclose the personal information to another entity.

Health agencies and health research

In addition to disclosure under QPP 6.2(g), health agencies can collect, use and disclose personal information which is health information for research or the compilation or analysis of statistics relevant to public health or public safety.

Refer to Health agencies – collection, use or disclosure of health information for more information.

De-identified or unidentified data

The privacy principles only apply to information that can be linked to an identifiable individual. If the information can be de-identified, or broken down into aggregated unidentified data such as statistics, the use or disclosure can proceed without having to consider the QPPs.

Refer to Privacy and De-identification for assistance on de-identifying information.

Consent and planning for future research needs

As a general rule, it is preferable for personal information to be used for research with the consent or reasonable awareness of the individual.⁴

Where an agency collects or holds information with research value, potential future research needs should be considered. Where appropriate, the use of personal information for future research can be built into the information provided under QPP 5.

Research in the public interest

Before an agency can rely on the QPP 6.2(g) public interest research exception, it must first consider:

• whether the work can be undertaken with unidentified or de-identified information instead of personal information
• what method will be used to ensure the final product is effectively de-identified
• for disclosure, what steps the agency will take to ensure it can be satisfied that the recipient will not disclose the information to anyone else
• whether the information will be transferred outside Australia as part of the research; if so, it must comply with section 33 of the IP Act - refer to Disclosing personal information out of Australia for information
• whether it is impracticable to seek the consent of the potential subjects; and
• whether the work is in the public interest.

Key criteria for QPP 6.2(g)

Necessary

When considering whether the use or disclosure is necessary, an agency must consider to what degree the personal information is needed for the research.

It will be a question of degree, to be determined having regard to the purpose of the research, its intended outcomes, and the extent to which it is dependent on the personal or health information.  If de-identified information can or would serve the same purpose, then the use or disclosure of the information is not necessary.

Research

Research generally involves diligent and systematic inquiry or investigation into a subject in order to discover facts or principles.  It must begin with a clearly defined goal around which the study is designed.  The data gathered as part of the research must be aimed at assisting the researcher towards achieving that goal.

It should be more than a reorganisation or restatement of the facts contained in the data; it must use a clear procedure to analyse a body of information or data and extract new meaning from it or develop unique solutions to problems or cases.

Statistics

Compilation or analysis of statistics is the act or process of collecting numerical data or undertaking a detailed examination of the elements or structure of numerical data, especially in or about large quantities, and inferring conclusions about the whole from conclusions reached from the whole or a representative sample.

In the public interest

For research to be in the public interest, it must be done ethically. The results it is aimed at achieving, the questions it is attempting to answer, or the knowledge it is seeking to gain must be of potential benefit to more than just the agency which holds the information or the individual conducting the research.

Research in the public interest would commonly involve something beneficial to the well-being of society as a whole, or a specific segment of it, with an emphasis on areas for which the government has responsibility.

Research that may be in the public interest could include research into:

• public health issues
• public safety issues
• social welfare issues
• criminal matters, such as trends, prevention, effectiveness of deterrence measures
• protection of children and disabled or disadvantaged members of   society
• environmental health, protection and improvement
• better delivery and increased effectiveness of government services.

All proposed research projects where personal information is considered necessary must be individually assessed to determine if they are actually in the public interest. When making this assessment, agencies should consider how the public interest is being defined, eg does it go beyond the agency’s own needs/potential benefit to consider the greater implications for the public as a whole.

Agencies should also consider how the public is expected to benefit from this research. Will it:

• bring greater knowledge, insight, or understanding
• improve social welfare, public safety, or individual well-being or minimise a serious harm; or
• enhance the delivery or improve the effectiveness of a government service.

Other relevant considerations include:

• is there a risk or potential cost to the community if the research is not conducted
• the potential subject of the research is at any risk of harm as a result of their personal information being used in this way; and
• the research is being conducted in an ethical way, consistent with the accepted standards for research involving human beings.

Not practicable to obtain consent

Consent is the simplest way of using or disclosing personal information for a purpose not contemplated at the time of collection. The public interest exception in QPP 6.2(g) can only be relied on if it is not practicable, or is impracticable, to obtain consent.

Not practicable does not mean difficult or undesirable. To be impracticable, it must be impossible, or extremely difficult, to seek consent. The fact that seeking consent is inconvenient or would involve expenditure of some effort or resources is not sufficient.

The impracticability of obtaining consent must not be confused with the undesirability of obtaining consent.  For example, it is not sufficient that, if consent were sought, refusal by some individuals would make the research project more difficult.

Whether it is impracticable to seek consent will depend on the individual circumstances. When making this determination, the following are relevant considerations:

• the age of the information
• the size of the subject pool
• whether the individuals concerned are likely to have moved or died
• the lack of current or ongoing contact with the individuals, and a lack of sufficient information to determine their current contact details (bearing in mind the obligation to ensure information is accurate and up to date before use); and
• the resources required to obtain consent would be a significant drain on the agency or researcher to the extent that the research could not be done.

Satisfied the relevant entity will not disclose

Where agencies are disclosing personal information under QPP 6.2(g) rather than using it themselves, they must be satisfied on reasonable grounds that the entity receiving it will not disclose it to anyone else.

In addition, agencies should ensure the entity will:

• appropriately safeguard the information against loss, misuse, and unauthorised access
• not use the information for any other purpose; and
• return the information or destroy it at the conclusion of the research.

This could be achieved by way of a contract, Memorandum of Understanding, Deed of Privacy or other instrument that binds the recipient of the information to deal with it in a specific way.

Agencies and entities discussing disclosure under QPP 6.2(g) may find Accessing personal information from government - a guide for researchers useful.