Commonwealth Attorney-General George Brandis has announced that the Government intends to introduce amendments to the Privacy Act 1988 that will “create a new criminal offence of re-identifying de-identified government data”. A media release issued by the Attorney-General states that the new legislation will be introduced in the Spring sittings of Parliament, which are currently in session. He also said that the change would be retrospective in scope, applied from the date of the announcement (28 September 2016).
In the media release, Attorney-General Brandis said:
“The publication of major datasets is an important part of 21st century government providing a great benefit to the community. It enables the government, policymakers, researchers, and other interested persons to take full advantage of the opportunities that new technology creates to improve research and policy outcomes.
Our ability to deliver better policies and to solve many of the great challenges of our time rests on the effective sharing and analysis of data. For this reason, the Coalition Government has promoted the benefits of open government data, in accordance with the Australian Government Public Data Policy Statement, and published anonymised data on data.gov.au…
In accepting the benefits of the release of anonymised datasets, the Government also recognises that the privacy of citizens is of paramount importance.
It is for that reason that there is a strict and standard government procedure to de-identify all government data that is published. Data that is released is anonymised so that the individuals who are the subject of that data cannot be identified.
However, with advances of technology, methods that were sufficient to de-identify data in the past may become susceptible to re-identification in the future.”
The Guardian Australia reported that the “impetus for the release appears to be a Medicare dataset which could be used to identify particular doctors and service providers which was published by the Department of Health”. A group of researchers from Melbourne University apparently discovered it was possible to reidentify some of the people involved using the dataset. The dataset was removed from the website and the Office of the Australian Information Commissioner has announced an investigation into the circumstances of the data breach.
ITnews reported that the news was followed by a backlash from the IT security industry who raised concerns that the new legislation could affect researchers with legitimate concerns about the encryption and anonymisation of government data. A spokesperson for the Attorney-General told iTnews that researchers would be provided for in the legislation:
“The need for researchers to test the effectiveness of de-identification techniques or conduct other research into encryption or information security has been considered and will be addressed in the legislation”.
TimeBase is an independent, privately owned Australian legal publisher specialising in the online delivery of accurate, comprehensive and innovative legislation research tools including LawOne and unique Point-in-Time Products.
FREE legislation news, delivered weekly.
Sign up now.#WeLoveLegislation Tweets
NEW information resources - great for training.