 So, welcome everyone to another meeting of the Australian sensitive data interest group. This is an interest group that's co-facilitated by the ARDC and the Australian Data Archives. I'd like to begin by acknowledging and celebrating the first Australians on whose traditional lands we're meeting and pay my respect to Elders past, present and emerging at some different peoples all across Australia. But for me, I pay my respects to the Wajapnonga people. Steve, who is one of our co-chairs of this interest group, will be talking to us today about the Cardray conceptual framework. So the way that the Cardray project is conceptualising and operationalising the FiveSafes model, which is a really interesting piece of work. So I'm, yeah, I'll stop talking and let Steve tell us about it. Alrighty, yes, I'm off mute, so I'm going to resume the share that I've got on. Can I just get confirmation, Nicola, that the screen is, the slides are coming through? The slides are coming through. Excellent, yeah. So it's always the best of intentions, you share, you test and still got to make sure afterwards. OK, I'd like to acknowledge that I'm on the lands of the Ngunnawal people here in Canberra and acknowledge, you know, Blair's past, present and emerging of the Ngunnawal people. I'm joining you today, yes, to talk a bit about the Cardray conceptual framework and tell you a little bit about the project and where it's come from, who's involved and then get into really, you know, what the intent of the Cardray project is and how we've gone about thinking about how we might apply fundamentally the FiveSafes in an academic environment. I've got a, you know, a cast of thousands and the partners we have there. I'm actually going to come back to a repeat of, you know, that in a little moment as well to talk that through. I'm going to talk for about half an hour today. Nikola's going to make some strange noises or Kristen is at around about, you know, 25 past the hour so that we've got plenty of time for discussion at the end. I've got a lot of content and I will probably glide over some of it in the interest of time. But as I say, I'm really talking to the outcomes of the framework report, which I'll touch on in a moment if you're interested, you know, in reading 60 pages or so of how we're thinking about this and providing comments. So I'll come back to that in a moment. As I say, we have, you know, lots of people online. I know many of you just say, if I just ask people, it's quite helpful to have where you're from as well and if people are able to rename just to indicate their organization as well, it's quite useful to get a sense of where our community is coming from as well. If I could just ask that in advance, if the opportunity is there. I know there's a bunch of colleagues from my team here at ADA and I know many of you and look forward to meeting more of you as well as part of the interest group. Okay, so Cadre, let's make sure, yeah, okay. A little bit about the project itself. We'll talk about an overview of the framework, how we're conceptualizing the five safes. You might go, well, hasn't this been done before? Yes, this is really kind of a review of where some of the thinking has gone. And really then how we turn it into an operationalizing the five safes to become something that goes from what is fundamentally a principles-based model. Its origins are with actually the Office of National Statistics in the UK, in a collaboration with my partner organization in the UK, the UK Data Archive, or actually the origins of where the five safes came from. And we've been working with some of the originators of the model itself to think about how do we extend this from a model that supports access to government data to one that actually might support data sharing more generally, particularly amongst the academic community. And I'll talk to some of the context as to what drove that as well. So a key element of cadre, and I'll get into quite what we're doing though, is the partners we have involved. So we have a number of universities who are involved. I'm at the ANU, the Center for Big Data and Health who run the Erika system at the University of New South Wales, Louise Jormann and her team. I'm here, Iani and the Swinburne Social Data Analytics Lab and Research Graph with Peter Vatz who work closely with that team. The Graduate School of Education at the University of Melbourne, Jiminy McLeod, Kate O'Connor and Nicole Davis. And from the University of Queensland, Mark Weston and the Institute of Social Science Research who've been a lot of our advisory committee. We're doing some further work with them as well. We have government agencies instead of Health and Welfare, the Institute of Family Studies who in the context of the Data Act, the Data Access and Transparency Act, are two of the accredited integrating authorities of the six that exist in Australia. And we have a number of research providers as well. ARDC as a major partner, Australian Access Federation, as a key technology provider, ARNET, Research Graph and Oren, Australian Urban Research Infrastructure Network as well. And it's really this collaboration which kind of drives the thinking of what Cardray is trying to do. Which is, as I said, how do we turn from a principles-based model to a model where we can actually share information about enabling access to data. So Cardray started through a $1.9 million investment. Here's the formal acknowledgment slide, but it's important to understand this as well. Investment from Australian Research Data Commons is part of the Inquis National Strategy, and we've matched co-investment funds from project partners. So we're looking at a project budget of a bit over $3.8 million overall over a two-and-a-half-year period. And I want to acknowledge the work I'm going to talk about today really comes from a collaborative effort from the Cardray Conceptual Working Group, WorkPackage One Working Groups. And Greg Darcy, I have to acknowledge verbally because he was involved with this work as well. But to say, a wide cast who've really provided strong input from across that range of community participants, this really is how do we understand the movement between the different parts of the research and academic and government sector to coordinate on these efforts. So why Cardray? Well, the context of this really was the Five States and the Dat Act that's just passed. So we've heard from in this interest group on a regular basis from the Office of the National Data Commissioner. Really, this was the driver also for establishing Cardray as well, which was to say we could see there was now a kind of both a legislative framework, but also an impetus for thinking about coordinated access to sensitive data. But some limitations on that as well, which I'll turn to. What we're trying to do is sort of work on information requirements based approach to support going from principles to practice. How are we going to scale this up when we actually have to put some of this work in place? And we're not limiting ourselves here to government data. In fact, how do we actually coordinate between academic environments as well as government and progressively private and non-government sector as well to support access to qualitative and quantitative social science research data and then more broadly research data, the research data. And really looking at a mechanism for enabling decision support from managing decisions around access to sensitive data through a dashboard type model, supported by a number of key technologies, which I'll turn to at the end. So the inspiration certainly was the Office of the National Data Commissioner work program as a foundation for access to government data. It kind of provided a driver for us to be able to engage in these conversations with both the academic and government sector. But the big gap that we have is, say, being principles-graced, Hi Jenny, welcome, is that there really isn't integrated infrastructure that exists to support turning principles into practice here. And that's part of what cadre is trying to do. We are not trying to provide a secure data lab. We're not trying to provide data integration services. What we're trying to do is provide information exchange environment for enabling the management and coordination of data sharing between academia and government. So fundamentally an information model that allows the exchange of that information effectively between those who might provide data, those who might provide data access services, such as those secure service providers, and research and users. And we're taking a broad remit here on researchers, first and foremost academia, but those certainly sitting inside government agencies. ADA has a strong user community inside state and federal government and certainly into those other sectors as well. And what are some of the logistical challenges of that. And fundamentally it's trying to deal with the challenges from the absence of that infrastructure to scaling access procedures, coordinating secure services. What if I've got my content in one system and I need to move it to another? Connecting into the full stack of infrastructure providers that might exist and then coordinating some of the underpinning NRI and this is where AAF, Arnett and ARDC and Oren start coming into the equation here as well. That we have these national investments. How do we make best use of and provide relevant information to those NRI investments? So the value to engage is from improving the access process and building trust in the systems itself, filling the gap between the infrastructure that already exists, connecting the docs fundamentally. So there's an information exchange platform to operationalize the five states framework and establish a shared and distributed sensitive data access management platform for the social sciences and related disciplines is the drivers that's there. And it's really building upon the framework that came out of the Office of the National Data Commissioner. So what in the end do we intend to do? We're trying to increase the speed at which social sciences and related disciplines get access to sensitive data. We're trying to reduce the risk time and costs associated with providing access and for data holders as custodians. It should support a risk management framework and accessing data for researchers. How do we speed up the process of requesting, exchanging information, exchanging knowledge about services, secure settings, personal background, etc. in a trusted environment. So how are we doing this? Through a shared and distributed data management platform and common accreditation and information exchange protocols, building off foundations like the single sign on an AAF models that have already been well established, extending those to think about how do we connect into things like scolics and research for exchanging known information about publications and practices. How do we extend that into other environments like ethics systems, potentially the data place platform and exchanging information on projects and the like. So what do we try to do? Enable data owners and users to address their core concerns around the governance, creation, management and sharing of sensitive data and be able to eventually share and move sensitive data safely between the different elements within the overall research environment. So if we're thinking about that as a user experience, moving from where people are completing one-off standalone manual processes often involving emails, paper form signed documents into a coordinated environment where we can share and reuse information from projects, data and outputs in a coordinated and integrated way, you already notice about me. You have my awkward information, why can't we leverage that information that's there? So for custodians, how do they coordinate to move from one-off isolated projects to a transparent, auditable framework for sharing upon approved projects and data sharing agreements in understanding the context for an application to be able to coordinate people, projects and data into a coordinated system to enable that information to be delivered instead of on one-off basis into a system that allows establishment of identity, single sign-on services, leveraging national identity providers through seamless transfer of information and progressively into managing outputs. So we know where outputs have gone, we can tie them to projects, people and the settings that generated them. So we have both a means for understanding the flow of information into and out of secure settings but also to understand then potentially the value added that comes from enabling access to research data in this way through the transfer and coordination of that information and the work we're doing, particularly with Research Graph and Swinburne and Amir is really valuable in this regard to understand what's the longer-term research and policy impact of these sorts of data access models. If you want to know more, I'll come back to them. There's a project website cardray5safe.org.au and you can get in on that. Yolanti Jones, who's our community outreach officer, is online as well, is on the call and is more than happy to talk to anyone and everyone about what we're doing. So yeah, we'll see Yolanti clapping her hands there. But fundamentally what we say is really a value proposition to move us through the exchange of information about things we already know, ethics approvals, identity, managing possibly coordinated training. So acknowledgement of approved and accredited training into time systems, into secure services, and exchanging that with a number of partner providers of secure environments. ADA here becomes a user of the cardray service as does Oren, Data Co-op and Arnet and Research Graph. So we're all working into this coordinated exchange to progressively enable those outputs to be effectively managed over time leading to publication. And that we should be able to progressively fill the gaps on what is largely a very large knowledge graph fundamentally as a graph model for really enabling that exchange of information about information across the five safes. And permanent identifiers, sorry, persistent identifiers become a key part of this story, which I'll come back to at the end of the presentation. Okay, so right now we're on the conceptual model. We're working on our technical architecture and early software development and engaged in outreach and training. I'm focusing here on the conceptual model, but we'll have, if you're interested, the outreach and training will be talking more at E-Research at a workshop on the Monday, the E-Research conference. Okay, I'll skip over that one. So the framework itself is built upon this publication, so I'll have links at the end. Yep, your aunties dropped the link into the chat as well. This is really, the presentation is really an overview of what we found in the conceptual framework. And it's trying to do two things. Draw together how academia, government and E-Research providers think about the five safes as a conceptual model and what's the sorts of information you need have there. And then trying to connect it to the sorts of information resources that we either have or could potentially develop that would allow us in the longer term to build up that connected graph. So if you're not sure at this point, the five safes themselves, there are two broad areas. The original work was done by Felix Ritchie and colleagues outlining the five safes itself. Progressively, the Office of the National Data Commissioner has turned that into the data sharing principles and the principles that are defined in the National Act. We wanted to take that further again and say, okay, well, how do we then think about that as more generic principles? These are legislated under the Data Act, but are they also transferable into other data sharing arrangements that we might consider? So we went back into the original framing of the five safes and said, you know, how does this work? How might the specifics work? And then said, okay, what might we need to extend actually in this as well? So firstly, one of the keys to the five safes is that they're both joint and separable. The model is designed that you should be assessing each of the safes as a safe person, safe project, safe data, safe settings and safe outputs independently, but that you also need to consider them jointly, that it's not a, you know, just on one or the other, that these things often interact pretty effectively. So less safe data could potentially be enabled access through more safe settings and safer controls over people and vice versa. So they are jointly and severably accessible and that becomes important in understanding, you know, things going forward, those joint assessments that are occurring. So what we are trying to understand that, say, the five safes have understood reasonable principles, but there's inconsistency in their application in specific circumstances. And back to my point about the range of partners, you know, even amongst the group, you know, group of partners, how do we actually articulate what we mean by a safe person or a safe project is going to vary. So we're not trying in this framework to say, this is what a safe person is. What we're trying to do is say, what is the information you would want to be able to make an assessment? Marcus, I'd say on your question there, yes, we're engaging conversations with the ABS on this. So let's say the early days, but you know, absolutely, we can talk to that. So the principles are there, how do we actually put those into practice becomes, you know, becomes pretty key. And let's say, and it's saying, you can choose what you determine to be a safe person, what is the information you would need to make that assessment. And then when we do that comparison, we actually find there are some common information requirements across a lot of groups, or variation, particularly between academia and government, and between different research methodologies. And this is where the work, particularly from our qualitative research colleagues at Melbourne Union became particularly informative when you're using different methodologies, the sensitivities and that the research traditions are going to inform your assessment as well. So the content working group identified indicators of interest for information requirements, and then say, and then we talk through those in detail in the conceptual framework itself. So I'm just trying here to summarize the framework. I want to make this point at this point as well, which is this is a living document. We are iterating on this over time. And we welcome feedback input discussion about this. There are some specific limitations and things missing from the framework that we readily acknowledge. And the most obvious of those is actually Indigenous contributions here. And we're working, I'm part of the Indigenous data network work in the HASS Commons, where we're going to be exploring this with Indigenous data network as well. So comments, feedback input is utterly desirable from our point of view. We want this continue to evolve as our understanding evolves. So in that context, the sorts of things were coming up. And I will say, again, in interest of time, I might flash over some of the specifics here, but I'll highlight some particular examples. There's some pretty good discussions on each of the areas that I say I'll invite you to read in the framework itself. Do they have technical skills, experience training using confidential data? Do we follow up procedures? But the sorts of things that the content working group, what's your past record like? Often in data sharing, particularly amongst academics, what have you done before? Who do you work with? Institutional affiliation becomes a particularly critical one. And I'd say that becomes quite important under the data act as well. Under whose remit and under whose rules are you actually undertaking your work? And there are some examples of this. The Global Alliance for Genomic Health are both in the Inter-University Consortium of Political and Social Research. My colleagues at the University of Michigan, the US Social Science Archive, have developed this idea of researcher passports, and that's one that's kind of picking up. GA for GH is part of the Elixir Biomedical Infrastructure in Europe, and we're drawing on a lot of their work. I might not seem to work on certain screens. So safe people, our safe projects go. I've lost it. Okay, safe data. We have things like confidential, what might it might include in assessments of safe data, confidentiality and privacy, obviously sensitivity and security. The sorts of things that were coming up from the content working group, what utility is, is the data actually useful for the purposes of, is it faithful in critical ways to the original data and is it analytically valid? If you do make it accessible under, if you do happen to remove, anonymize some of the content, is there relevant contextual information to enable access to it more effectively? Does treatment undermine actually undermine its usability? Is the data quality integrity degraded? There is often the safe data discussions, this trade-off between privacy and utility fundamentally, and how do we manage that trade-off effectively? And there are lots of models for doing this, and we're not proposing one specific approach. How do access conditions place constraints on access to the data, including those at the time of data collection? And what are the impacts of all of particular different tated types, both the type of data that you've collected, whether it's interviews, or specifically, if it's video data, what are the implications for privacy? It doesn't mean that it can't be used, but what are the trade-offs you have to make there? Access to conditions start becoming a very interesting sort of discussion. I'll pick up quickly on those because this feeds into the GA for GH discussion as well. The sorts of things that custodians are often looking to place limitations on or manage in terms of risk framework is user characteristics, certain types of users, certain types of purposes, safe projects fundamentally, so we don't like commercial use, or commercial use under certain circumstances under approved circumstances. Might be time limitations, might be you need review of outputs, while the documentation might need confidentiality agreements, it might need specific data sharing agreements, like these might need to be negotiated, but there's certainly things that could possibly be established as in the information model, and how do we manage the movement and the acknowledgement of that information? Safe settings really is all parties taking reasonable steps to ensure data will be used in an appropriate, safe and secure environment. We didn't dig too far into safe settings. Other than to say, well, how do we get some broad description of the type of safe setting that we're dealing with? This is one that will probably come up further for those who are interested as the accreditation of data service providers goes through under the ADDAT Act. We can expect to see a lot more conversation on this, but things like the physical environment, the IT environment, and the training in the use of those settings, is that a characteristic of the setting? I've been trained to use the shore environment, or is it a characteristic of the person? It's actually a bit of both. This is this joint inseparable discussion starts to come through. What's useful is, say, we're now starting to see models starting to come through for trying to capture at least a broad brush ways of describing those different contexts. A bit of work from George Alter who used to run the ICPSR and colleagues in the UK working on the Science and Technology Council, the joint facilities in the UK. I've been thinking about this. Excuse me, I'm recovering from cold. This is one way. They've got a quick way of describing three elements, access methods, and you may disagree with these, and we debate these in the paper, but we can describe broad classes of the type of access method that you have, remote access, a remote service, where you submit a batch code and it gets a return, an enclave. You may have other models, but there are ontologies we can probably build, and I'll go into some more of those a bit later on. Similarly, where it's likely to come up, this is one of the scalability problems, is how do we actually put together a model around safe outputs? Checking content on the way out of a secure environment prior to it being released. Some of you run these sorts of services. There's a heavy manual process usually involved in a lot of, particularly the virtual lab environments. In some technologies, they get hardcoded into a particular technology rule. The ABS Table Builder has an explicit way of expressing what is fundamentally a safe outputs model. Any database query system is really going to have some expression of what is safer on safe output or notions of safe. So we might want to look at ways of describing those. Fundamentally though, we had five broad areas for review. We went through the overall approach and you can read through some of the discussion of how people think about those in the framework, specifically how it might apply to qualitative data sources in point of view of the social sciences, and this was specifically the work of the associate team at University of Melbourne. What sorts of extensions we might need to consider to the five safes, and we have two in particular, and where are the joint and several applications? Where are the interactions that occur? And then what sorts of information and data models could we possibly use for this? Excellent. I'm going to move forward quickly to say that there's some quite clear qualitative data implications that provide some interesting challenges, not insurmountable challenges, and Julie and the team have actually written quite extensively, a couple of publications, what will be one coming soon around, particularly applying the five safety qualitative data that we'll be looking to publish soon, that will be an output of this. The two particular extensions we think though that are needed, and this fits in very nicely with sort of our partner model, is really around organisations and groups. So particularly organisations, who do you work for? What's your affiliation? How do we have good models for expressing that in the academic sector? An AAF manages a lot of this as an access and authentication provider, along with the institutional connections into those services across the academic sector and some of the government sector as well. Any sort of single style model is really premised around this notion of affiliations and access and authentication. But we need to better understand the roles of people in organisations to really allow us to establish things like legal status, resources and infrastructure. What does that bring with you? And this is really expressed pretty clearly in the data act as well. Many of your institutions might be seeking accreditation under the data act and data place. Fundamentally what they're doing is accrediting your institution rather than you as an individual. You can only get access by virtue of first your organisation being accredited first, providing those sorts of structures there. So how do we finally provide an exchange model for that? The second one is groups. So how do we deal with the fact that people work within teams and organisations, those often cross organisations? We have projects that aren't actually very well expressed anywhere. We have data, we have them in data sets and we often have them in collections. All these things often require grouping, particularly the grouping of people becomes the starting point for that. And we're looking at technologies that allow us to do a better job of that grouping and particularly one that's called CI logon that I'll touch on in a moment. We see a lot of interactions though. You can't really understand people. Data custodians tend to assess the characteristics of the person, what sort of organisation they work for, and understand the project. So for example, a researcher working in a for-profit company that's conducting research on a pro bono public benefit basis, is that acceptable or not? Or is the benefits largely private? So those interactions occur similarly with data and settings, settings and outputs and like. We work through where some of those interactions actually occur where you might have to have signals for, this depends a lot on that, there's a lot of conditionality that actually tends to occur. And a good expression of that is how we understand thinking about safe data and safe settings, the sort of processing we do on data that's going to be open, accessible through open data systems, things like a secan or data.gov and the like need much heavier processing if there's disclosure risk, then it's going to be the case one that's going to be accessible through a safe setting in particular. But then you also want to be thinking about what processing do you need to be doing on reviewing the outputs coming out the other end. So we have different interactions going on as we go through. And so really to say what we end up with is the five-safe model. And an articulation of how we're thinking about the five-safe but particularly the extensions into safe organizations and safe groups and enabling us to understand those groupings of settings within data projects within groups as an expression that eventually becomes an information exchange of the cadre platform. That's that these are the sorts of elements we want to be exchanging across our system through our graph based model. So that's a broad overview of the conceptual framework itself. I'll quickly touch on that. I want to couple the little bit of the operationalization of the five safes. I'll take about five more minutes that open up for questions. Let's say just to point out that there is and we're starting to incorporate this into our information model for cadre. The basics of there are some frameworks there that we can really use. And I'll touch on a couple, the data use ontology and the data tag suite that we've done a quick evaluation of to see how useful they are for our environment and what sorts of technologies might sit behind them as well. We do have, and I won't get into detail, the AAF really provide a lot of the starting point for this, the Australian Access Federation that we all use in coordinating access across our systems already. So that's a really nice building block for what we want to do. But then how do we start expressing some of those more specific types of content we might need for sensitive data access? So the data use ontology is one really helpful one here. This is developed to say by this Global Alliance for Genomic Health under the Elixir EU program. And it's specifically designed to try target extraction of virtual cohorts from cohort databases in health and medical research. And so they have a series of expressions of basically consent information fundamentally. You might have an open access model, but if you want to limit access, you need a way of expressing fundamentally what is the consent model that was there and how can you articulate their ultimate goal is to try and automate that. We won't be totally automating this, but we do need to at least have an information exchange to transfer that information. And it turns out that model is really quite helpful and extensible into other domains other than health and medical. So this notion of general research use, a lot of the modifiers use, this is the overall view of the data use ontology. The modifiers in particular are really largely domain agnostic, not for profit use, not for non-commercial use and the like. Where you would want to be expressing things as in, you know, in the box health, medical, biomedical, you could simply express something for, might be social sciences or it might be ecology, etc. You can imagine an extension of this ontology into specific domains. And we took that and said, okay, would that work? Can we start matching that to our conceptual model and actually winds up fairly well as a way of expressing some of the excess expectations that occur in our conceptual framework. And so we applied that to a couple of our example data sets. And this is kind of a first-cut mapping of that. They line up reasonably well for trying to articulate what might be the information you need about expressing who can access content, what sort of projects are acceptable and the like. The second of these is the data tag suite. How do we think about the settings in which the content might be accessed as well? How do we enable authentication accesses reasonably well understood, but particularly we're interested in this notion of authorization. So how do you actually, what is the expression of the agreement that you are allowed to access this data? And this is really what the data tag suite tries to explore. And it does align with Jo and some other standards as well. So they talk about data authorization being particularly the extension here is how do you actually get the acceptance of what is essentially a form of contract between the user and the provider and the custodian. How is that expressed? And fundamentally what we need to be doing is bringing together the access conditions and the proposal of users into an alignment model. And then both the data tag suite and the duo model are really premised around that. So there's a really nice read through how they think then about how you might link both the technology and the systems of provision with the access requirements and into an overall framework. We try to express that throughout the framework itself. So there's an overview of authentication models, our of the types of data access models I just talked about. This is fundamentally a simple description of what is safe settings. You'd want a more expressed version of this, but as a starting point for trying to express an overall view, this is a good starting point. We would look at how you extend that. We took that, we applied that to some of the cases we have within a strain data archive, our access models. It seems to line up fairly well and we continue to apply that across our partners. And we were also able to say, well, look, combining the duo and the DATS models, we can get a fairly good expression of the access arrangements and the licensing and access conditions that exist for a couple of our sample data sets. And 10 to Men is a project that's run by Australians who are family studies, where they have a fairly complex access procedure. It's kind of one of our work-to-use cases that's in the framework itself. But ultimately, this is where we want to be going. This is really quite useful from the point of view of actually managing this at a national and international level is the frameworks that we're seeing do seem to be actually, there are some domain-specific needs. There are a lot of generic requirements. And duo, this is really what they're trying to achieve. Don't worry too much about the dot points down the bottom, but how do we match on the right-hand side the requirements of data custodians for expressing what's acceptable use with, on the right-hand side, the requesters, what do I want to do with the data, which is my proposed use and my expression of, my alignment with the five states with what parts of the five states am I willing to accept on the left-hand side. So fundamentally, duo and the GFH are trying to get to how do I automate this process. We're trying to look at how do you at least align the information gathering to LA to do that. All right, I'll skip forward because there's some obvious ways you could kind of collect that. But really where we get to is we have nicely a pretty good alignment of the sorts of five plus two states that we're interested in. We have an expression of the information model itself. Nicely, we also have been able to identify the likely sources we could get for both the expression of access requirements and where the information as to intended use and intended users might come from. And it works, aligns very well actually with the identifier models that we have already in place. Orcids for people, DOIs for data and probably outputs, organizations, the raw research organizations models, probably raids, we're still clarifying this for projects. We're interested to see the raid development that's now occurring. We don't have a good model for groups here, what the identifier on groups might be. Likely be much more dynamic, so we'll have to be still working that one through. But again, we have an information source based upon the technology I talked about earlier, CI logon, which might provide the foundations for us to actually be able to do that. And so we've been able to both identify the information requirements and progressively skip over the relationship diagram. And this is where I'll conclude, it's really now starting to come together in the model and technology. So there are, we're really trying to leverage existing technologies where possible. So CI logon and it is probably our foundation group and access management technology. This is, comes out of the, out of Illinois, I can't remember the specific organization, they're presenting as well at e-research if you're interested. But particularly AAF have brought this to Australia. And there we're actually in pilot now with the HASS commons, with Cardray and with the Human Genome Project, which is part of the Australian Biocommons. We're looking at a data request and resource access management model called RIMS. It's coming, that's coming out of the Elixir program in Finland. I can never remember the details of the acronym there. This is already in production at the Garvin Institute in Australia and in the Elixir program and we're piloting that as well within the Human Genome Project and Cardray. And colleagues on my team on the call are doing the work at the moment to actually move that forward. And then the piece of work we'll be doing is sort of a bespoke development, is really a dashboard model for enabling that decision support. So this is new development, particularly working, I mean across the partners, particularly with input from Swinburne and Research Graph, I mean Janamir and Peter Vatts from AAF and all of our friends within the program as a whole. So the next steps really are bringing it all together. We've got a technical design and we say we're doing working on our pilot implementation at the moment and there'll be more on this soon. So more to follow and say hopefully in the new year we'll be looking at doing a bit of a show and tell on that as well. I've got more but I think I'll leave it at this point to open up the fall. Thanks, Steve. And yeah, we do already have a question in the chat but if anyone else has any questions then now's the time to throw them in. But can you explain or provide a few words about how ONDC's current consultation on the data code relates to this important work? The former is causing some angst at the Indigenous data network as it appears to make it more difficult for Indigenous groups to access their government research data about their own communities. Thanks, Andrew. Look, I haven't gone far enough into the code yet to be able to say that. I mean what I would say is really the code itself, data place and the data act were kind of the impetus for this work but this is not actually an implementation to directly support the data act. That said, I think what learnings we can actually get from at least some of the conceptual work we've done here should really inform a response to the code itself. So I think how we might think about access control, the governance of access control and the like that's relevant here probably is informative for thinking about the code itself. So unfortunately, I haven't had time to look enough into the code at this point, being too hands with other parts of what the ONDC is doing in fact. Yeah, but there are sort of coordinate efforts certainly going on through through the IDN that I encourage people to respond to. I think the IDN is also pushing to extend the consultation period on the code itself. Yeah, we have a note here, submissions for that data codes due tomorrow. And yeah, thanks from the audience for that answer. Are there any other questions? I might pick up a little bit further on Marcus's work. Question that came before. I sort of mentioned about relationship with the ABS. So you might notice, I mean in terms of our government agency partners Marcus, we did say we kind of leveraged activities we were already doing. And in terms of thinking about how and who to bring on board in the first ages. So we already had the ABS, sorry, we already had AFS and HW in the mix. And so trying to manage three big government agency partners in that process we thought might be a little bit challenging. But as I say, we've talked particularly to some of the Microdata Access group in the ABS, some of the university partnerships team that are at the ABS as well. And are looking aggressively as to how we continue to bring them into the mix there. As I say, we're also working quite actively with the ABS in another program. The IRIS, which is Integrated Research Infrastructure for Social Science. And the two are kind of converging. So progressively there's quite a bit of engagement going on there. Also people like John Newman, who was actually seconded to the ONDC at the moment, but was quite instrumentally involved while he was at the ABS, has had a bit of a look at this work too. No, I just thought there'd be a good partner here for something that academia needs to be really useful if academia could be proactive in this space because it's a gap in the whole national infrastructure and something that happens. And it would reduce my work, which is securing sensitive data in databases by more than 50% probably. Yeah. And so I mean, there's an interesting way of thinking about it as well. I mean, which kind of touches on Sandra's question earlier as well is what if, you know, one of the incentives that we're thinking about here is what if we think about a government as a user of data rather than as a provider and custodian of data? Oh yeah. You turn this model around and so Sandra, this is kind of an answer to you, which is you turn this model around if you're thinking about communities, communities providing access to their data for government. There's quite an interesting way of then thinking through how governments might be considered trusted users. Are they safe people and safe organizations? So that's why we think it's actually quite useful as the principles that are relevant here are quite useful because it starts you thinking then it doesn't have to be a one-way street here. And that's where you'd find the ABS would be thinking the same way. They're a consumer as well as a provider of data. Yeah, exactly. And a lot of agencies have a similar way of thinking on that in fact. So let's say on both sides, one of the having worked with across the fence, I've always worked in the university sector but worked pretty actively with agencies for many years is the thinking's usually going on both sides of the fence as it were, but the outcomes are kind of developed in parallel rather than collaboratively. The more we can do that, the better. I'm happy. No, I make the ABS happy to chat about this offline. Yeah, yeah. Cheers. All right, we're heading towards the end. Are there any last pressing questions? It's a quick comment, Erin. Brilliant. Some great work. Is the Introductory Five Safe Training course able to be shared with the broader university community just yet? Well, with your university, yes, Kim. We're actually going to be doing the first pilot on the... Can you give the date, Yolanti? I think it's the 28th of... We're doing a first run of it at Melbourne Uni in a face-to-face. We'll be doing another face-to-face session at ANU in the weeks to follow. In an online session, I think we're looking at the 11th of October and then we'll also be doing some work at e-research as well. So it's pilot to be clear at this point. So we are looking for feedback on that as well and we are engaging with a lot of partners on... So with CERP and Erika on possible exchanges of... Knowledge exchanges here, but absolutely, we'll be looking to roll that through. As a very interesting question above that I missed, that I think maybe requires a longer answer than we can give, but I think it's a really interesting point for discussion. Any general thoughts from cadre analysis so far on safe data sets, on the feasibility of describing or codifying what kinds of things make genuine data genuinely sensitive beyond the obvious e.g. personal privacy? Also, where is individual consent e.g. medical trials have this problem? Can I give the two 10-second answers on those? On part one, yeah, I can't remember specifically what I wrote in the framework there. We do... I mean, that's really the point of that first state section of that review is sensitive or how you think about what you're looking for in an assessment is fundamentally expression of different people's notions of sensitive. The medical consent and individual consent, that's what GOI was trying to deal with quite literally. How do you have an expression of that? That's the model that they're really looking towards. So I'd encourage, you know, I'm happy to provide links to that. Brilliant. Thanks, Steve. Okay, I think we will start to wrap up here. One of the things I wanted to just quickly do in our last few minutes is just throw to the group for any suggestions for potential future topics that you might be interested in hearing about. It would be... I think it's a good idea for us to check in with you every now and then and see what people are most interested in hearing from the group in the future. So a few topics that are already under consideration. We're looking into working with Indigenous data, working with defence data, and there are a couple of interesting e-research sessions coming up, including one that we're running on the point of intersection between data classification and security protections. But if anyone has any other things that they would be interested in us looking into, yeah, now is the time to give us some suggestions. So we've got here working with geospatial data. Does anyone have anything else that they would like to throw in? And this is this will be an ongoing. So we'll ask you again next time, but... Could we maybe prod Marcus for yeah a bit more detail and say working with geospatial data, what kind of topics or what kind of presenters might be interesting? Interesting. All right. Get someone from ABS Geography or Geospatial Solutions. I think it's still called that. Perhaps from the... I used to be the manager of the ASGS. And yeah, the relationship between what you can output at what spatial scale. I'm now working medical or health research at the University of Canberra and the research is stymied by the amount of information that's available at the scale that health actually operates at. So that is my interest. Geographic scale and data availability. So I could talk to you about who you could talk to at the ABS about perhaps that conversation. Fantastic. We'll be in touch. That sounds really interesting. Cheers. Cool. Well, then we'll close there. Thank you so much, Steve, for the presentation. And thank you, everyone, for the really interesting discussion afterwards. And we'll catch you again soon. Thanks, everyone.