Dept of Health to improve data privacy

By Jonathan Nally
Thursday, 29 March, 2018

Dept of Health to improve data privacy

The Australian Information Commissioner and Privacy Commissioner has concluded his investigation into a 2016 incident that saw improperly de-identified MBS and PBS datasets published on

The Department of Health informed the OAIC in late September 2016 that the datasets were potentially vulnerable to re-identification.

The Commissioner noted that “the risk of re-identifying medical providers whose information was in the dataset was not sufficiently low, and that the Department’s processes for assessing the risks associated with publication were inadequate” and that therefore, “in the course of publishing the dataset, the Department breached the Privacy Act 1988”.

The Department and the Commissioner have agreed an enforceable undertaking, which will “require the Department to continue to review and enhance its data governance and release processes with oversight from the OAIC,” with the Commissioner adding that this is “an appropriate regulatory outcome for his investigation”.

The Commissioner noted that the breaches were unintentional, and that “the Department’s decision to publish the dataset was made on the understanding that the privacy interests of all relevant individuals were protected”.

The Commissioner also noted the Department’s cooperative manner, the “quick and comprehensive” steps it took to limit the privacy impact of the incident, and the improvements it has put in place to boost its data governance and release processes.

The federal government has implemented a Process for Publishing Sensitive Unit Record Level Public Data as Open Data, and the Privacy (Australian Government Agencies – Governance) APP Code 2017, to take effect in July, will provide extra privacy protection standards for government agencies.

Additionally, the OAIC and Data61 recently jointly published the De-identification Decision-Making Framework, which provides guidance to organisations on meeting their ethical and legal responsibilities when it comes to sharing or releasing datasets.

Image credit: ©

Follow us and share on Twitter and Facebook

Related News

Macquarie joins VMware Sovereign Cloud initiative

Macquarie Telecom Group is now a member of the VMware Sovereign Cloud initiative.

Workday completes IRAP assessment

Workday has completed an Information Security Registered Assessors Program assessment to allow it...

Defence gets ISR integration capability

A consortium led by Leidos has delivered a new intelligence, surveillance and reconnaissance data...

  • All content Copyright © 2022 Westwick-Farrow Pty Ltd