New laws that would make it easier for government departments to share data about citizens should include requirements that data is de-identified.
The Office of the Australian Information Commissioner (OAIC) made the recommendation in a submission to the Senate Finance and Public Administration committee looking at the Data Availability and Transparency Bill currently before parliament.
"Data sharing should occur on a de-identified basis where possible, to minimise the privacy impacts of the scheme for individuals," the OAIC said.
"The OAIC recommends that the Bill includes requirement that data custodians must not share personal information where the data sharing purpose can reasonably be met by sharing de-identified information."
Under the proposed legislation, government departments would be able to share data more easily between each other and with external bodies but only for the express purposes of delivering government services, informing policy, and research and development.
The scheme precludes this sharing of data for law enforcement purposes.
Laying out the rules
Before data is shared with "an accredited user", its holder will have to assess whether its use is consistent with five data sharing principles that help determine: if the intended project falls within the bounds of public interest; that the data is only given to the right people; that it is shared in a controlled environment; that it is adequately protected; and that the outputs of the data sharing use are agreed upon.
Parties will then enter into a 'data sharing agreement' which will be made publicly available, along with a register of accredited users, by the National Data Commissioner.
In its submission about the legislation, the OAIC recognises that "data held by the Australian government is a national resource which can yield significant benefits for the Australian people" but thinks more caution should be taken when preparing to share and use that data.
"Proposals to share data containing personal information will necessarily carry certain privacy risks, including the loss of control by individuals and the potential for mishandling of personal information," the OAIC said.
"Privacy risks can be heightened in relation to Government-held personal information,which is often collected on a compulsory basis to enable individuals to receive a service or benefit or is otherwise required by law.
"Such data is often sensitive or can become sensitive when it is linked with other government data sets."
De-identification is a way of treating the data such that the risk of future identification of individuals when it is combined with other data sets is greatly mitigated.
Lowering the risk
The problem of treating data in a way that lowers risk of identification while maintaining the data's usefulness is one the ACS Data Sharing Committee has been investigating in recent years.
The NSW government began using a data sharing framework developed by the ACS committee when publishing data about local COVID-19 cases last year.
Dr Ian Oppermann, NSW Chief Data Scientist and ACS President told Information Age at the time the framework helped take the guesswork out of data de-identification.
“When wide data sets have been released historically, people sit around together and say, 'Well what do we feel comfortable with releasing?’ – and that’s true if you’re a bank, or a credit card company, or a telco, or a government,” he said.
“The problem is that everyone’s intuition, their ‘abdominal computer’, is different so there’s been no way of telling just how safe the data really is.”
In its current form, the Data Availability and Transparency Bill does not include reference to de-identification, nor to a framework that would help make data more safe when shared and combined with other sets.
The OAIC thinks the legislation ought to align with the Privacy Act's definition of 'de-identified': "personal information is de-identified if the information is no longer about an identifiable individual or an individual who is reasonably identifiable".
"Such an approach is technology neutral and would enable the data custodian to apply the most appropriate de-identification technique to the data to ensure that personal information is protected and that the information will still be useful for its intended purpose after the de-identification process," the OAIC said.
In its submission to the senate committee, the Law Council of Australia also raised the issue of de-identification, saying the Data Availability and Transparency Bill should contain an "explicit requirement" for data to be made de-identifiable, and that de-identification ought to be the "default or prima facie position prior to any sharing".