Dept of Health to improve data privacy
The Australian Information Commissioner and Privacy Commissioner has concluded his investigation into a 2016 incident that saw improperly de-identified MBS and PBS datasets published on data.gov.au.
The Department of Health informed the OAIC in late September 2016 that the datasets were potentially vulnerable to re-identification.
The Commissioner noted that “the risk of re-identifying medical providers whose information was in the dataset was not sufficiently low, and that the Department’s processes for assessing the risks associated with publication were inadequate” and that therefore, “in the course of publishing the dataset, the Department breached the Privacy Act 1988”.
The Department and the Commissioner have agreed an enforceable undertaking, which will “require the Department to continue to review and enhance its data governance and release processes with oversight from the OAIC,” with the Commissioner adding that this is “an appropriate regulatory outcome for his investigation”.
The Commissioner noted that the breaches were unintentional, and that “the Department’s decision to publish the dataset was made on the understanding that the privacy interests of all relevant individuals were protected”.
The Commissioner also noted the Department’s cooperative manner, the “quick and comprehensive” steps it took to limit the privacy impact of the incident, and the improvements it has put in place to boost its data governance and release processes.
The federal government has implemented a Process for Publishing Sensitive Unit Record Level Public Data as Open Data, and the Privacy (Australian Government Agencies – Governance) APP Code 2017, to take effect in July, will provide extra privacy protection standards for government agencies.
Additionally, the OAIC and Data61 recently jointly published the De-identification Decision-Making Framework, which provides guidance to organisations on meeting their ethical and legal responsibilities when it comes to sharing or releasing datasets.
LockBit named nastiest malware of 2024
LockBit, a ransomware malware known to have been used to attack Australian targets, has been...
Proofpoint email security tools pass IRAP assessment
Following on from its launch of Australian data centres last year, Proofpoint has completed an...
Government introduces landmark cybersecurity legislation
The Australian Government has introduced legislation to create Australia's first standalone...