Privacy in the Information Age
It is clear society has well and truly entered the Information Age and the way governments do business is changing as a result. But is privacy becoming a thing of the past?
Government is increasingly embracing new technologies and innovations with a view to improving productivity and efficiencies and providing better services to the community in an era of rising budget pressures.
Agencies are using social media platforms like Facebook and Twitter to provide information to the community and to receive information from them in return. They are also using social media tools like Yammer to collaborate on whole-of-government programs as well as communicating internally within their own organisations. More local councils than ever are using closed circuit television monitoring to help them perform functions and activities related to the prevention, detection, investigation and prosecution of offences. Police are using tablets and other mobile devices which allow them to access information in the field. More and more, government information is being stored in the cloud using private providers who may be based outside Australia. Agencies are outsourcing many of their functions to private contractors who may be required to handle large amounts of personal information when performing these contracts.
We have become increasingly familiar with such initiatives as ‘open data’ or ‘big data’ with the view to opening up government-held information to the community, business and academics as well as sharing data between agencies and organisations.
Queensland’s Right to Information Act 2009 (RTI Act) recognises that information in the government’s possession and control is a public resource. It is an intention of the Act to release government information as a matter of course unless there is a good reason not to.
The adoption of these new practices may bring about efficiencies and allow for rapid responses but it also brings privacy risks that need to be assessed and addressed before new approaches are implemented.
The Information Age brings challenges to privacy
Today, data is being created and captured at a rapid rate. Every 60 seconds:
- 98,000 tweets are sent
- 695,000 status updates are placed on Facebook
- 11 million instant messages are sent
- 694,445 google searches are conducted
- 168 million emails are sent.
While some believe that in this new Information Age, privacy is a thing of the past, most of the community still expects that their personal information will be protected wherever possible. A 2013 survey undertaken by the Office of the Australian Information Commissioner revealed that Australians are becoming more concerned about privacy risks. Forty-eight percent of us believe that online services, including social media, now pose the greatest privacy risk.
The primary object of Queensland’s Information Privacy Act 2009 (IP Act) is to provide for the fair collection and handling in the public sector environment of personal information.
Privacy obligations under the Information Privacy Act 2009
Agencies may collect whatever personal information they legitimately need to carry out their functions, but that is all they may collect. They may not collect personal information just in case, on the off chance they might need it in the future. They must tell people why they want the information, any authorities under which it is collected, and anyone to whom it will be given. This ensures there are no surprises when a marketing company sends someone advertising material.
Personal information is valuable, and its loss or unintended disclosure can have significant consequences for the individual. Agencies must protect the personal information they hold against loss, and they must ensure that it is not accessed used, modified or disclosed without authority.
The IP Act provides a road map for government agencies in conducting their business while ensuring appropriate safeguards are in place to protect Queenslanders’ personal information, to manage such risks and thus meet community expectations. Any breach of a privacy obligation brings about a loss of trust.
Privacy is not a “blocker” to the adoption of new innovations.
The big data world is driven by the philosophy that collecting and publishing as much data as possible will drive innovation and consequently be beneficial for all. The Queensland Government’s Open Data initiative recognises privacy. Its Open Data portal includes a clear message from the Premier:
“Government data will be released within set standards and accountabilities.
We will make our data available in a timely and relevant manner, unless it is restricted for reasons of privacy, public safety, security, commercial confidentiality or compliance with the law.”
Public servants need to recognise there are risks to privacy that you are obliged to consider and to manage.
I think it is useful if agencies, when considering what data to release, remember that data may include personal information or may contain information that can identify an individual.
The over-collection of information also needs to be considered. There may be a high potential value in this information, but care needs to be taken as the reality is that once information is collected it is difficult to keep it anonymous and even harder to keep it safe.
A clear use and purpose for capturing, and disclosing this information needs to be constantly considered.
The hard question to ask is, “How do we balance the socially beneficial use of big data with the harms to privacy and other values that can result?”
Characterised by a boom in technology and data, the Information Age is precisely the time for government to ensure it respects and protects the privacy of individuals.
The Office of the Information Commissioner (OIC) has guidelines, checklists, privacy case notes, and free online training that deals with privacy issues, including privacy compliance with CCTV, data de-identification and privacy impact assessments.
Staff are available to provide specific face-to-face training. Public sector officers are urged to consult with OIC staff if they require general privacy advice. OIC’s enquiries service also provides information on the operation and application of the IP Act. We are available 8:30am to 4:30pm Monday to Friday by phone and email.