Uncategorised 23rd November 2016

Restore or build trust in data sharing-What you had to say

by Peter Timmins

Further in the series- Issues raised in Submissions on Draft National Action Plan

Commitment 2.2 Build and maintain public trust to address concerns about data sharing      

Issues raised suggest a big job ahead…..

From the PM&C round up:

Justin Warren    PivotNine (consultancy)  

This commitment entirely ignores the privacy impacts of data collection and data sharing. More data also does not automatically make for better analysis, nor does evidence based on a larger dataset lead to better policy. The negative impacts of increased data collection and integration are far too often waved away in pursuit of nebulous benefits. The recently introduced Bill to amend the Privacy Act 1988 is atrociously bad law. The burden of keeping information safe should be placed on those who insist on collection this information. Government and other entities should not collect information they cannot immediately justify a need for.
Cobi Smith     Individual  

Decisions about which data are released first and how data are presented are not neutral. What we prioritise indicates our values. This is why transparency about values is important. Active citizenship involves allowing everyday Australians to understand the values and priorities associated with how data are shared. This allows us to make our own decisions about whether those values and priorities reflect our own.
Alan Distel    Individual  

Congratulate you on your decision to adopt the International Open Data Charter. This requires responsibility assigned to implement a set of time-bound, verifiable actions. Hope to see a level of community consultation in designing the action plan, or at least leveraging feedback received via the OGP and Data Availability and Use consultations.
Jack Mahoney    OGP Support Unit  

Be specific about which ‘community’ is being referenced.

Milestone 6 – be more specific about what engagement looks like. Who is it targeted at?

Relevance talks about how the commitment will provide greater transparency on how government is using the data it collects and protecting personal information. However, milestones don’t reflect activities/plans for this.
Nigel Waters    Pacific Privacy (consultancy)  

Inference is that the amendments to the Privacy Act is an adequate means to addressing the privacy issues. ABS inclusion as a lead agency actor is questionable given 2016 census issues.

Express recognition that privacy does not just mean confidentiality and security – should also include justification for collection and sharing of personal information, and as far as possible informed consent in the first instance.

Should acknowledge that some data sharing may not be acceptable or allowed.

Caution against reference to the PC Inquiry as there will be critiques of the draft report in the upcoming months.

Recommend other NGO actors: privacy advocates (Australian Privacy Foundation, Electronic Frontiers Australia and Councils of Civil Liberties).

Supports milestone 4, specifically including more capability development on privacy impact assessments which are not done frequently or well enough.
Dr Madeleine Roberts      

Consultation on the draft NAP, combined with the Government’s recent data issues has failed to bolster the public’s confidence. There was little publicity and scant information made available to the public.

Kate Irvine    National and State Libraries Australasia  

Libraries have a long history of managing resources to ensure that the content is easily accessible for current and future users. The addition of a library representative in the expert panel to be established would enable contribution of these existing practices.

Needs to be a clear commitment shared with data users regarding the long term access to data. Assurances that this content will be managed for long term access by future users are an important component of building public trust.
Rosie Williams    Individual  

Lack of engagement of privacy experts in the open data.

The focus of data linkage seems to be to research the lives of the most disempowered individuals, while systemic abuses of the powerful are left unaddressed.
Paul Murphy    Media, Entertainment and Arts Alliance

Need for a comprehensive approach to data collection, management, storage, integrity, access and protection.
Mozart Olbrycht-Palmer    Pirate Party  

Beneficial for the purposes of bolstering public trust and confidence in government if commitments were made to inform the public of how data will be used prior to its collection.
Kat Szuminska    OpenAustralia Foundation    

Need to acknowledge reasons for mistrust and suspicions about data sharing.

Suggested milestones:
● Introduce and enforce the Mandatory Serious Data Breach Notification
Legislation
● Organise a multistakeholder forum to track success of implementing Serious Data
Breach Notifications, including identifying and oversight by relevant civil society
● Communicate open and honestly in the event of data breaches and:
– Explain without embellishment what set of circumstances and actions led to
the outcome
– Explain what the root causes of the problem were
– Explain what you are doing in the long term to ensure it doesn’t happen in the
future.
– Explain what you are going to do in the short term to ensure it doesn’t happen
soon.
● Outline timeline and milestones to report on how Government improves, when
dealing with and talking about breaches
● Offer incentives to people to report security problems
● Do not punish people who report problems. Specifically, do not introduce legislation to criminalise the de-anonymising of published data.
Ben Minerds    Individual  

Goals that actually strengthen the rights and privacy of citizens would be more appropriate such as a declaration of digital liberties or digital rights.
Natasha Molt    Law Council of Australia  

The Law Council welcomes the government’s objective of providing more targeted and effective policy, service delivery and program evaluation; however, it is noted that this will require more than just actively engaging with the community regarding how public data is being used.
Alex McConnell    Individual  

Difficult political environment at the moment around the release of data which individuals may fear could be re-identified. The outlawing of re-identification is welcome but many may see this as a paper tiger.  There need to be robust protocols around the data released and there needs to be a clear non-technical explanation of these protocols.
Kat Lane    Australian Privacy Foundation 

The Plan may not adequately acknowledge or mitigate privacy risks from re-identification of data, and privacy and personal information security concerns from potential data linkage or unprotected publication should be identified more fully throughout the document such as to be considered before data is released.

Should require ongoing future audits, checks or technical inquiries to determine if and when a given data set’s security has been breached.

The introduction of an offence against re-identification of data may be effective to discourage certain entities from engaging in re-identification, but it offers significantly less protection than ensuring all data is released is subject to a full future risk audit and the most stringent de-identification processes are undertaken.

Welcome the proposals to work with the OAIC to improve privacy risk management but important to consider involvement of outside stakeholders, and other entities like the Australian National Audit Office.

Other actors involved from non-government needs to include privacy advocates.
Christopher Biggs    

Outline how a whole of government strategy lifts the quality of practice.

Moving government data out of ad-hoc and aging department silos onto a common reference platform with clear standards and best practices is great.
Robyn Cochrane  

Inclusion of IAP2 Australia practitioners as ‘non-government actors’ and/or ‘proposal submitters/presenters’ to expert panel members may assist to progress this Commitment.
Melissa Ford    Individual    

Feedback on the issue of data integration has been overwhelmingly negative due to the risk of privacy breaches, with the majority of submissions calling for greater control rights for individuals to opt out.