Dept of Health to improve data privacy


By Jonathan Nally
Thursday, 29 March, 2018
Dept of Health to improve data privacy

The Australian Information Commissioner and Privacy Commissioner has concluded his investigation into a 2016 incident that saw improperly de-identified MBS and PBS datasets published on data.gov.au.

The Department of Health informed the OAIC in late September 2016 that the datasets were potentially vulnerable to re-identification.

The Commissioner noted that “the risk of re-identifying medical providers whose information was in the dataset was not sufficiently low, and that the Department’s processes for assessing the risks associated with publication were inadequate” and that therefore, “in the course of publishing the dataset, the Department breached the Privacy Act 1988”.

The Department and the Commissioner have agreed an enforceable undertaking, which will “require the Department to continue to review and enhance its data governance and release processes with oversight from the OAIC,” with the Commissioner adding that this is “an appropriate regulatory outcome for his investigation”.

The Commissioner noted that the breaches were unintentional, and that “the Department’s decision to publish the dataset was made on the understanding that the privacy interests of all relevant individuals were protected”.

The Commissioner also noted the Department’s cooperative manner, the “quick and comprehensive” steps it took to limit the privacy impact of the incident, and the improvements it has put in place to boost its data governance and release processes.

The federal government has implemented a Process for Publishing Sensitive Unit Record Level Public Data as Open Data, and the Privacy (Australian Government Agencies – Governance) APP Code 2017, to take effect in July, will provide extra privacy protection standards for government agencies.

Additionally, the OAIC and Data61 recently jointly published the De-identification Decision-Making Framework, which provides guidance to organisations on meeting their ethical and legal responsibilities when it comes to sharing or releasing datasets.

Image credit: ©iStockphoto.com/alengo

Follow us and share on Twitter and Facebook

Related News

Cobalt Iron nabs EU patents for security techniques

Cobalt Iron has secured patents from the European Patent Office for new cyber event...

World-first 'Cybercrime Index' ranks countries by threat level

The first ever World Cybercrime Index identifies the globe's key cybercrime hotspots by...

Careless employees cause 80% of Australian data losses: report

While organisations are investing in DLP solutions, a report by Proofpoint shows that those...

Content from other channels on our network

The fire on Marley's Hill

Sanctions on Hytera halted by appeals court

MXene-based compound to enable 3D-printed antennas

Long-range drones used to surveil bushfires in NSW

Luxembourg DoD adds satcom ground infrastructure

Zendesk launches AI-powered customer experience solution

How breakfast influences student achievement

Fujitsu establishes security consulting division

Ingram Micro Experience 2024 open for registrations

Secure-by-design software development for digital innovation

Future Made in Australia Act welcomed by climate orgs

An interconnected ASEAN Power Grid: report

What Australia thinks about the energy transition

Call for improved train lighting to save lives

Foiling hackers in the smart home era

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd