Data governance is not an easy concept to get your head around. However, it’s a key to not only smart cities, but also to our own privacy. And privacy — including our data privacy — is dear to most people.
In my earlier interview with Dr Ian Oppermann, we dig further into how data sharing overlaps with privacy and into current laws on privacy. We looked at how they differ between the USA and Australia, and even within Australia.
Steve Mackay (SM): What are the legal implications of your new findings and research on data sharing? Isn’t the implication that we will inevitably require new privacy laws?
Ian Oppermann (IO): So far our work has generated interest, but has not changed the way the law is interpreted around ‘reasonable’ likelihood of reidentification. The conceptual framework has helped bring greater clarity to the problem description. And as we test more, we expect to develop better and more robust risk frameworks. However, we will need to wait and see if we get real traction with the legal world.
SM: Australian privacy law is far-reaching. The Privacy Act 1988 deals with the protection of individual privacy, using privacy principles to set up a broad, principles-based regulatory model, unlike in the US, where coverage is not based on broad principles but on specific technologies, business practices or data items.
So the Act should afford more security and privacy to the individual than US law does. Shouldn’t the focus here be on executing on the existing law rather than in cooking up new constructs?
IO: The challenge is that personal information about individuals within datasets potentially covers a very wide field and relies on judgement to determine if it is present.
In Australia, the collection, use, storage and disclosure of personal information about individuals is regulated at the federal level under the Privacy Act 1988. Personal information is defined in this Act as:
“… information or an opinion about an identified individual, or an individual who is reasonably identifiable:
(a) whether the information or opinion is true or not; and
(b) whether the information or opinion is recorded in a material form or not.”
In NSW and some other states and territories, there is a similar, but slightly different definition:
“… personal information means information or an opinion (including information or an opinion forming part of a database and whether or not recorded in a material form) about an individual whose identity is apparent or can reasonably be ascertained from the information or opinion.”
These definitions each acknowledge that the scope of personal information can be very broad, and they are framed in terms of the ability of any organisation accessing that information to identify an individual, not just whether the relevant data itself identifies the individual.
These definitions also assume that people are able to make a reasonable judgement as to the presence of personal information rather than adopting a default position.
SM:Getting data governance right, and doing it in a way that is transparent to all stakeholders, seems an important basis for smart governance and therefore for smart cities.
Thank you – not only for the time you’ve taken out to do this interview (and all the related checking and correspondence), but for your diligence and hard work on this vital issue.
IO: No worries.
This is the third and last part of our interview with Dr Ian Oppermann. Part one is here and part two here.
Dr. Ian Oppermann is the NSW Government’s chief data scientist and CEO of the NSW Data Analytics Centre. He has 27 years’ experience in the ICT sector and has led organisations with more than 300 people, delivering products and outcomes that have impacted hundreds of millions of people globally. He is a thought leader in the digital economy and is a regular speaker on big data and the impact of technology on society.
