Criterion 7. Do no harm | digital.gov.au

Criterion 7 – Do no harm

Understanding how a service impacts users’ digital rights and privacy will protect them from adverse and unintended consequences.

Your responsibilities

To successfully meet this criterion, agencies will need to:

protect users’ digital rights
understand privacy impacts
understand the limits of data.

When to apply

Apply Criterion 7 throughout Discovery, Alpha, Beta and Live to identify and manage existing and emergent risks to users.

Adhere to the criterion through the entire life of a service to minimise and, ideally, eliminate negative impacts on users, even if unintentional.

Questions for consideration

Are there any adverse or unintended consequences foreseeable?
Which user rights will be most affected?
What data is drawn upon for decision-making?
How will the findings of a Privacy Impact Assessment be addressed?
How is the collection, use and storage of data being made clear to users?
How is users’ informed consent being obtained?

How to apply criterion 7

Uphold digital rights: Consider how the service might impact the digital rights of users. Build with pre-emptive measures in mind, such as net neutrality, access to information without censorship and freedom of online assembly. Identify users facing greater personal risks and make sure they’re provided with the means to access, communicate and contest the service transparently or anonymously. If rights are breached, move quickly to implement changes that prevent future harm.
Consider flow-on effects: Consider the implications of the service beyond its immediate impacts. Workshop environmental, economic or social impacts and undertake scenario planning to explore unforeseen issues and opportunities.
Undertake a Privacy Impact Assessment: Undertake a Privacy Impact Assessment to capture issues. Mitigate unwarranted and unauthorised surveillance, data collection and malicious data breaches and share these actions with users.
Obtain consent: Where required, seek and obtain informed consent from users prior to collecting, storing or disclosing any of their data. Consider opt-out options and build the service to require as little user data as possible.
Be transparent: Communicate how data will be used or may be used in the future at the time of consent. This includes how it may be shared with other people or between services and secondary or less obvious uses.
Use data ethically: Data should only be collected and used for the stated purpose that the user agrees to. Account for how data models, datasets and algorithms may produce discriminatory results and provide transparent detail to users on how decisions and calculations are made. Before sharing data, apply the DATA Scheme’s Data Sharing Principles to help assess whether it would be safe to do so.
Use qualitative and quantitative data: Quantitative data, which is numeric or measurable, helps us understand what is happening on a service. Qualitative data, which is descriptive or observable, helps us understand why. Use both to fully understand the story and match any correlation with a provable causation. Do this before making important decisions.

Guidance to do no harm

Regularly undertake privacy impact assessments and plan to incorporate these service improvements. Use methods or tools such as:
- Develop a standardised framework for conducting privacy impact assessments. The framework should outline the steps to identify and assess privacy risks associated with new projects or services.
- Involve relevant stakeholders, including legal, compliance, IT and user representatives, in the privacy impact assessment process. This can help identify potential privacy risks and ensure assessments are comprehensive.
- Establish processes for ongoing monitoring of privacy impacts as the service evolves. Regularly review and update the assessment to reflect changes in data practices, technology, or regulations.
- Map out how data will be collected, processed, stored, and shared throughout the service lifecycle. Understanding these data flows is crucial to identifying potential privacy impacts.
Collect, store and use data ethically. Embed these methods into your ongoing processes and clearly communicate to users how their data is stored and used:
- Adopt a data minimisation principle and only collect and store data that’s necessary for the service's functionality. This limits exposure to privacy risks.
- Evaluate the quality of the data collected. Ensure that data is accurate, relevant and up to date to avoid misinterpretations and misuse.
- Establish clear data retention policies that outline how long the data will be stored and the criteria for data deletion. This prevents unnecessary accumulation of data over time.
- Implement role-based access controls to limit access to sensitive data. This reduces the risk of unauthorised access and enhances data security.
- Establish and publish ethical guidelines regarding the collection, use and sharing of data. These guidelines should prioritise user privacy and consent.
- Conduct regular audits of data collection and usage practices to comply with ethical guidelines and regulations.
- Develop clear and concise privacy notices so users know how their data is collected, used and shared. Ensure these notices are accessible, easy to access and understand.
Document your findings and recommendations to apply criterion 7:
- Clearly document privacy risks, potential impacts and mitigation recommendations.
- Create actionable plans to address risks, including technical controls and policy revisions. Establish ongoing monitoring to update assessments as the service evolves
- Map the data lifecycle, including collection, processing, storage and sharing, to identify potential privacy issues.
- Make sure the data is collected and documented in a centralised knowledge repository.
- Thoroughly document findings of the privacy impact assessment, include identified risks, potential impacts on user privacy, and recommendations for mitigating those risks.
- Create action plans to address findings of the privacy impact assessment. This includes implementing specific technical controls, revising policies, or enhancing user communications regarding data practices.

Digital Service Standard