Staying vigilant: A new tool to mitigate against data re-identification risks
By Katherine ArmytageTara Dhanushkoti & Darcy Gilligan• 29 January 2021 • 2 min read
Many Commonwealth agencies rely on de-identification as a strategy to ensure that disclosure of Commonwealth datasets, including through release to the public, do not adversely affect individuals’ rights to privacy.
CSIRO has announced that a new privacy tool, the Personal Information Factor (PIF), is being developed to assess the privacy and security risks involved with de-identified datasets, which may provide an additional mechanism that can be applied before datasets are disclosed.
We understand that:
- The PIF uses an artificial intelligence-based planning algorithm, and has been developed as a collaborative effort by Data61 (the CSIRO’s digital specialists), the NSW Government, the Australian Computer Society, and other groups.
- The PIF takes a tailored approach to each dataset, identifying the most suitable privacy metrics to assess the risks of re-identification for different data types.
- The PIF’s algorithm first considers various data transformation techniques, and ‘attack scenarios’ that may be used to re-identify datasets.
- The PIF’s algorithm then assigns a score representing the risk of re-identification, and if it is above a desired threshold, the PIF then recommends specific data transformation techniques to reduce this risk.
- The PIF may also assist data custodians to understand the magnitude of any risks associated with a particular de-identified dataset before any data is released to the public, and therefore may be an additional mitigation strategy to help ensure that individuals’ rights to privacy, including under the Privacy Act 1988, are preserved.
- The PIF is still being developed and is intended to be made available to the public in June 2022.
We will continue to investigate the PIF as its development progresses, and to consider its potential use in Commonwealth data. if you are interested in finding out more information on the PIF, please let us know and we will be in touch as soon as further information becomes available.
MICTA/ICTA contracting framework mandated for use by NSW Government from 1 September
MICTA/ICTA framework must be used in place of the previous ProcureIT v3.2 framework
‘Contracting out' of limitation periods – a guide for Government entities
The relevance of Price v Spoor for Government clients.
New case on clause 4.6 requests – is it a development standard?
By Joshua Same & Georgia Appleby
Recent judgment in Elimatta Pty ltd v Read and Anor  NSWLEC 75, implicating the drafting of clause 4.6 requests