It’s been a massive week for data regulation and governance in Australia.
First came the news that the government has proposed changes to the Privacy Act which would make it a criminal offence to re-identify data that has been previously anonymized or stripped of identifying markets.
Attorney-General George Brandis, who’s leading the proposal has said that the amendments were intended to “improve protections of anonymized datasets that are published by the Commonwealth government“. The changes themselves would make it an offence to “counsel, procure, facilitate, or encourage anyone” to re-identify anonymized data. Any publishing or communication of a ‘re-identified dataset’ would also be considered a criminal offence.
The amendment currently only applies to Government data which has been de-identified and made publicly available. We will keep you in the loop on the full details on implications of this amendment on private sector data as they come to hand.
This bolstering of security around Government datasets was announced just 24 hours prior to the revelation that the Department of Health had removed a dataset from its open data portal following a notification from a team of Melbourne researchers that practitioner details could be decrypted from 30 years’ worth of claims data on the Medicare and Pharmaceutical Benefits Scheme. No patient information was compromised in the decryption, nor were any of the decrypted details released but the close timing of the two incidents has not gone unnoticed.
It’s also been revealed by the ABC that Federal Government departments — that are not currently permitted to access the metadata of Australians — have attempted to work around the restrictions established in last year’s Data Retention Bill by requesting the Australian Federal Police (AFP) do the searches for them. Privacy concerns have been raised about this apparent bypass of legislation with the Attorney-General’s Department being brought into the fray over alleged advice for departments to request data from the AFP for criminal investigative purposes. The AFP has been shown to have declined those requests but this issue again highlights the tension and confusion over departmental access to individual’s metadata in the Australian government.
From government to the private sector, Fintech Australia, the peak body for fintech companies, has interposed itself in the war between Apple and the nation’s banks, arguing that the dispute highlights the need for open access in all areas of financial infrastructure. The lobby group has called out the banks for arguing so strongly for NFC access on Apple devices while continuing to block third-party access by fintech companies to bank financial data.
Amidst a week swirling with controversy over data practices, a new independent data governance industry association, Data Governance Australia (DGA) was launched on Tuesday in Melbourne.
The DGA, whose mission is to establish best practice industry standards and benchmarks around the collection, use and management of data in Australia will be chaired by former ACCC Chair Graeme Samuel and is made up of twelve founding board members from some of Australia’s largest retailers, banks and data specialists – including Data Republic, CEO, Paul McCarney.
To coincide with the launch our team interviewed Paul McCarney to discuss DGA’s mission, the potential for industry self-regulation around data governance and what he hopes to achieve alongside DGA in the next twelve months.
Until next time.