Physical and Technological Security
Data linkage relies heavily on the use of an individual’s personal information. As a result, community support for data linkage requires confidence that the privacy of an individual’s personal information will be protected, and that the linkage of the information will not result in outcomes against the interest of the individual, or their community.
Strict security processes are adhered to at the Department of Health offices. Find out more about our protocols to ensure physical and technological security using the tabs below.
Physical Security
The Department of Health employs a layered security approach. Access is gained after passing through a number of areas of increasing restriction. The entry foyer of the building is manned during working hours when it is also accessible to members of the public.
Entry beyond the foyer requires the use of an access control card or an escort. Visitors to the Department of Health must identify themselves, obtain a photo visitor pass from the Department of Health WA security desk and be accompanied by a staff member at all times.
The Data Linkage Services teams are located on a restricted access floor at the Department of Health WA offices which require an access control card, with the Data Linkage and the Data Outputs teams in separated areas.
Local servers are located in a secured server room within a restricted area on a restricted access floor of the building. Access to this area is on a strictly need-to-access basis, requires separately authorised permission on the access control card, and is monitored and audited.
Technological Security
Incoming and Outgoing Data
- Data transfer is through secure encrypted portals.
- Linkage keys are encrypted.
- Data passes through quality assurance checks before release.
- The local intranet is protected from intrusion initiated from external (and internal) parties by several layers of network security and monitoring.
Server Security
- Data is subject to regular secure (encrypted) back up, with storage at a secure off-site facility.
- Servers and databases are regularly patched.
- Servers are further protected from intrusion attempts initiated from within the local intranet by an additional layer of monitored firewalling.
Access
- Data is stored on secure servers with strict, needs-based access restrictions.
- Personal computers are monitored by a corporate virus and malware checking system and employ an automatic locking protocol.
- Login passwords are changed regularly.
Security Review 2017
In January 2017, Data Linkage Services contracted a security review of its systems and processes, carried out by an independent and external expert. The scope of the review comprised all systems and resources within the remit of the Data Linkage Services.
The report from this review can be found on the Publications page.
Cloud Migration 2020
Following the conduct of the 2017 Security Review of the Western Australian Data Linkage System (WADLS) environment, a need was identified to modernise data linkage service systems. This would resolve significant performance issues due to aging infrastructure, and was necessary in light of the volumetrics of daily linkages required to support the State’s pandemic and vaccination response efforts in 2020.
Migration to a secure, cloud-based platform was deemed necessary to mitigate several technical, maintenance, performance, cost and security risks with respect to the current ‘on-premise’ environment, which needed to be promptly addressed to ensure the continued safe and satisfactory operation of the WADLS in alignment with best-practice industry standards.
The migration, which was partially sponsored by the Population Health Research Network under the National Collaborative Research Infrastructure Strategy, was undertaken as part of a 24-month collaboration across ISPD teams.
Since the server migration, there has been a significant increase in WADLS processing ability, with seven (7) times increase in speed of system outputs in comparison to previous environment.
Security for Data Applicants
In addition to the physical and technological security protocols followed by Department of Health staff members, all applications for linked data must include a detailed security plan. This plan is reviewed closely by Data Custodians at the feasibility assessment stage, and the Research Governance Office.
For more information on mitigating risks for misuse, interference, loss and unauthorised access, refer to the Information Access Use and Disclosure Policy Resource Compendium.