Commonwealth Consolidated Acts Commonwealth Consolidated Acts(1) The criteria for accreditation are the following:
(a) the entity has appropriate data management and governance policies and practices and an appropriately qualified individual in a position that has responsibility for data management and data governance for the entity;
(b) the entity is able to minimise the risk of unauthorised access, sharing or loss of data;
(c) the entity has the necessary skills and capability to ensure the privacy, protection and appropriate use of data, including the ability to manage risks in relation to those matters;
(d) any additional criteria prescribed under subsection (2).
(1A) In addition to the criteria set out in subsection (1), it is a criterion for accreditation as an ADSP that the entity has the necessary policies, practices, skills and capability to perform the following data services:
(a) de - identification data services;
(b) secure access data services;
(c) complex data integration services.
(2) The rules may provide for additional criteria for accreditation covering any other matters the Minister considers appropriate.