Privacy and Public Data audit

July 14, 2020 - 9:39am

Today the Speaker of the Legislative Assembly tabled our report in Parliament on how two agencies manage privacy risks when releasing de-identified data.

The public entrusts government agencies with their personal information. All agencies must manage the risk of re-identification and protect personal information when publishing de-identified data.

Public data environments require extremely robust de-identification processes. Agencies must assess the re-identification risk in the data itself and the external environment. When public data is re-identified, it can have serious consequences for stakeholders, clients and staff.

A methodical risk management approach, supported by sound governance arrangements, helps agencies:

  • identify and manage the risk of re-identification for each dataset released on public platforms
  • apply appropriate treatments to reduce re-identification risk to an acceptable level
  • monitor and review re-identification risks and their treatments.

Our audit identified good practice and areas for improvement, and made recommendations to all government agencies.

Read the report here