Supporting Health, Education, Social, and Economic Research and Policy in South Australia and the Northern Territory

Delivering high quality linked data for evidence-based research and policy evaluation

 

Directions for Best Practice Data Sharing

The ability for Data Custodians to be able to consider and approve the release and use of de-identified sensitive - personal records, requires consideration of the risk of unauthorised access, and controls to ensure continuing safe access and use that meets the public's expectations on the use of the public's records.

An important book has been released by the CSIRO to provide Data Custodians guideance and understanding of the controls and practices to ensure that de-identified data is well managed and the risk of re-identification are well understood and adequately addressed. 

De-identification needs to be considered as a process, and the risk of re-identification of previously anonymised or de-identified data persists, with the ongoing need for this to be managed over the data lifecycle, rather than it being a one-off process.

De-identification Decision-Making Framework

In September 2017 the CSIRO, Data 61 and the Australian Information Commissioner's Office (Privacy Commissioner) collaborated on the release of the De-Identification Decision-Making Framework (2017), to assist Data Custodians and public better understand the issues, opportunties and best practices for managing the risk of re-identification when dealing with De-identified data.

This work builds on the UK Anonymisation Decision-Making Framework (2016), and refers to the Five Safes Framework which have increasingly been used by Data Custodians to assess and manage the safe release and use of 'sensitive' data in Australia.