In the wake of the privacy concerns over the 2016 Census, Attorney-General George Brandis has proposed changes to the national Privacy Act 1988 (Cth). The legislative change will make it a criminal offence to re-identify anonymised data that has been published by the government.
Privacy is important. If your website needs a privacy policy or you would like your existing privacy policy revised, contact a LawPath consultant. Alternatively, access our ready to use and customisable Privacy Policy.
What does it mean to “re-identify de-identified government data”?
All data that is released by the government is anonymised, so that individuals marked in the data cannot be identified. The proposed reforms mean that it will now be illegal for anyone to link this data back to the individual. Additionally, the changes make it a crime to “counsel, procure, facilitate, or encourage anyone” to re-identify de-identified data. Publishing or communicating “any re-identified dataset” will also be a criminal offence.
How difficult is it to re-identify anonymised data?
Statistical Linkage Keys (SLKs) provide basic anonymity for people participating in large studies for research purposes. The Australian Bureau of Statistics used SLKs to render user data anonymous, allowing personal records such as “John Smith 01/01/90 Male” to be converted into serial numbers like “HIYU010074”. However, privacy concerns arise because there is potential for this de-identified data to be linked back to the individual.
The dilemma
Brandis affirmed that the government’s publication of large amounts of data is vital in enabling researchers to “improve research” and policy makers to “deliver better policies”.
While these amendments seek to further protect the privacy of individuals marked in data released by the government, it is unclear whether these changes will provide enough of a deterrent against malicious hackers. In light of recent data breaches and changes to the 2016 Census, issues of individual privacy and big data remain a primary concern of the government. As Brandis states, “with advances of technology, methods that were sufficient to de-identify data in the past may become susceptible to re-identification in the future.”
Let us know your thoughts on the proposed changes to the Privacy Act by tagging us #lawpath or @lawpath.
