Office of the Australian Information Commissioner - Home

Australian Government - Office of the Australian Information Commissioner
Australian Government - Office of the Australian Information Commissioner

Main menu

New guide paves way for better data privacy management

The Office of the Australian Information Commissioner (OAIC) and CSIRO’s Data61 have released a guide to assist organisations to de-identify their data effectively. The practical and accessible guide is for Australian organisations that handle personal information and are considering sharing or releasing it to meet their ethical responsibilities and legal obligations, such as those under the Privacy Act 1988.

‘The interpretation and application of data has the potential to positively transform our lives and bring about great social and economic benefits. However, we need to remember that many of these data sets are made up of individuals’ personal information. So when we think about releasing it we need to anticipate the risks to ensure we are protecting the rights of individuals,’ said Timothy Pilgrim, Australian Information and Privacy Commissioner.

‘Deciding whether data should be released or shared – and if so, in what form – requires careful consideration. A range of factors needs to be considered, from ethical and legal obligations to technical data questions. Integrating the different perspectives on the topic of de-identification into a single, comprehensible framework is what this guide is all about.’

Dr Christine O’Keefe, the lead author of the guide and Research Scientist at Data61 explained, ‘at CSIRO’s Data61 we are a trusted advisor to government and industry organisations and we help them access the power of their data by applying deep science, engineering and design to derive insights from it and make it accessible to others without compromising privacy.

At present, there is no publicly available, comprehensive risk management guide in Australia to assist organisations with de-identification. That’s why we have set out to create this standalone guide as an adaptation of the existing UK version, the Anonymisation Decision-Making Framework — and make it freely available.

‘The community is increasingly conscious of how their data is being used, as well as the risk of data breaches, which underlines how important it is to ensure that de-identification is carried out well,’ said Dr O’Keefe. The De-identification Decision-Making Framework focuses on assessing and managing re-identification risks within the context of the data release or share. It encourages organisations to think more broadly and consider the data release environment as well as the techniques and controls applied to the data.

Commissioner Pilgrim added, ‘de-identification is one solution for sharing and releasing data while meeting legislative demands and community expectations. It is an exercise in risk management, rather than an exact science, and it’s important that we strike the right balance between maintaining useful data and making sure it’s safe.’

‘The OAIC looks forward to engaging further with organisations and technical experts on de-identification,’ said Commissioner Pilgrim.

About the Office of the Australian Information Commissioner

The Office of the Australian Information Commissioner (OAIC) has a range of regulatory responsibilities and powers under the Privacy Act 1988Freedom of Information Act 1982 and other legislation. The OAIC is headed by Timothy Pilgrim PSM, who is the Australian Information Commissioner and the Australian Privacy Commissioner. Commissioner Pilgrim is supported by a Deputy Commissioner, Assistant Commissioner Dispute Resolution, Assistant Commissioner Regulation & Strategy and the OAIC staff. Visit www.oaic.gov.au and join the conversation via @OAICgov.

About CSIRO’s Data61

CSIRO’s Data61 is addressing the challenge of how to create Australia and the region’s data-driven future with science and technology by partnering with industry, government and universities globally to deliver economic, societal and environmental outcomes. As Australia’s largest digital innovation group, Data61’s capabilities range from: cybersecurity, confidential computing, IoT, robotics, machine learning and analytics, software and programming to behavioural sciences and more. For further information, visit www.data61.csiro.au and @data61news.

– ENDS –

OAIC media contact: Alison Wares        M: 0407 663 968        E: media@oaic.gov.au

Data 61 CSIRO media contact: Kate Powl        M: 0472 875 092        E: kate.powl@csiro.au