Privacy and Public Data


The Office of the Information Commissioner’s audit report on privacy and public data was tabled in Parliament today (14 July 2020).


This report presents our findings on how two government agencies manage privacy risks when releasing de-identified data.


The report makes recommendations to all Queensland government agencies.


The Information Commissioner Rachael Rangihaeata said, “The public entrusts government agencies with their personal information. Agencies must manage re-identification risk and protect personal information when releasing data to avoid serious consequences for the community. Re-identification of public data shouldn’t be as easy as a Guess Who game. We expect agencies to proactively manage this risk to protect vulnerable people, including victims of family and domestic violence.


While public data supports transparent and accountable government, agencies publishing de-identified data should manage privacy risks the same way they do for risks in other activities.


A methodical risk management approach, supported by sound governance arrangements, assures agencies that the risk treatments applied to de-identified public data remain effective over time.


“The audit raised critical issues relevant to the broader sector. When public data is re-identified, it can have serious consequences for stakeholders, clients and staff.”


De-identification is technically complex and involves more than removing direct identifiers. The external environment is constantly evolving and can make assessing the re-identification risk challenging, Ms Rangihaeata said.


Key findings

Agencies need to:

  • review all published data and identify datasets containing de-identified data
  • assign a custodian to each published de-identified dataset
  • implement and maintain policies or procedures that govern de-identified data releases
  • adequately capture, assess and treat re-identification risk in published de-identified data
  • monitor the external data environment and the effectiveness of risk treatments
  • regularly review re-identification risks.

Read the full report here

Business Business & Economy Community Law & Safety Political Queensland Government Technology & Communications

Office of the Information Commissioner Queensland :
PO Box 10143, Brisbane
07 3405 1111
1800 642 753
Office of the Information Commissioner Queensland
Showing 3 recent articles for this business
Access to information supports response and recovery in times of crisis 28 September 2020 | The Office of the Information Commissioner (OIC) is encouraging Queenslanders to join communities and government around Australia and the world to celebrate International Access to Information Day (IAI Day) on 28... More information...
Audit report - Disclosure logs - Queensland Government departments 11 August 2020 | Queensland’s Office of the Information Commissioner’s audit report into the disclosure logs of Queensland Government departments was tabled in Parliament today. The audit examined whether departments have well... More information...
Privacy and Public Data 14 July 2020 | The Office of the Information Commissioner’s audit report on privacy and public data was tabled in Parliament today (14 July 2020). More information...

comments powered by Disqus

All articles submitted by third parties or written by My Sunshine Coast come under our Disclaimer / Terms of Service