The zero-sum game: data privacy or data analytics?

It’s no secret that securing data is now one of the cornerstones of modern governance; it is reshaping and accelerating how local agencies deliver value to their communities. By leveraging large language models (LLMs) and agentic AI, they can derive better insights faster, streamline operations, and understand patterns in citizen needs, enhancing the quality and efficiency of government services.

To make the most of these technologies, however, agencies may be feeding personal and sensitive citizen data into AI models — and herein lies the challenge. While this data enhances citizen experiences, public service agencies face the added responsibility of keeping this information secure. Recent OAIC research revealed that the Australian Government reported the second-highest number of data breaches across Australia in the first half of 2024.

Balancing efficiency and privacy with agentic AI

As data privacy and AI regulations evolve, agentic AI — capable of making routine decisions, predicting trends or personalising citizen services autonomously — could revolutionise the public sector by boosting efficiency. However, it also raises significant data privacy and security concerns. Public sector organisations must protect sensitive citizen data, especially when feeding it into AI models. This requires robust data management and compliance with evolving regulations.

To navigate these changing regulatory demands and prepare for future growth, public sector agencies should consider investing in data management solutions that enhance governance, risk and compliance to protect sensitive information and maintain public trust. Yet, the promise of AI’s value, coupled with the massive amount of personal data the public sector handles, seems to be at odds with current data privacy mandates. Councils, understandably, are struggling with what appears to be a zero-sum game — do you use the data to elevate value and delivery for citizens, or dial back on usage to avoid possible risks?

Privacy by design: a solution to the zero-sum game

One possible solution to this conundrum could be integrating data privacy into the core of business operations — a concept known as ‘privacy by design’. This approach embeds privacy measures into IT systems and council practices from the outset. By managing the entire data lifestyle — from collection to disposal — public sector agencies can ensure compliance with privacy regulations and protect sensitive information.

Below are some key steps to implementing a privacy-by-design strategy:

1. Adopt a consistent approach: Establish clear and consistent privacy practices across all people, processes and technologies involved in managing data.
2. Be proactive, not reactive: Embed privacy measures into IT systems and business processes during the design phase. This ensures costs remain resilient to evolving regulations.
3. Know your data, know your intent: Understand what data you have about citizens, how it was obtained and the purpose it serves. Whether purchasing, collecting or using data, this knowledge is essential for compliance. More than that, be clear about the intent on how the data will be used and make sure it is ethical.
4. Take ownership of the entire data lifecycle: Define guidelines for how data is collected, stored, used and secured. Regularly evaluate these strategies to ensure they comply with privacy regulations in the public sector.
5. Deploy a modern data platform: A modern data platform can, for example, automatically identify and tag sensitive data, such as personally identifiable information. These platforms can apply consistent security controls across all environments, allowing organisations to innovate while maintaining data security.
6. Leverage agentic AI for privacy automation: Integrate agentic AI to automate privacy management tasks. By continuously monitoring data flows and applying privacy rules in real time, agentic AI helps maintain compliance with regulations and reduces the risk of human error.

Turning challenges into opportunities

Implementing modern data management solutions provides the tools and infrastructure needed to harness AI’s power while maintaining compliance and protecting citizen data. It is essential for public sector organisations to stay ahead of these changes, ensuring that their data management practices are robust, compliant and capable of supporting the innovative use of AI while safeguarding citizen privacy.

*Vini Cardoso is CTO for Cloudera Australia and New Zealand. With an enterprise architecture lens, Vini bridges the gap between technology and business strategy, acting as a trusted advisor to large organisations to develop innovative approaches to deal with their data and analytics-related priorities.

Top image credit: iStock.com/MF3d