Tuesday, October 18, 2016
Surely This Is A Case Of Cutting Off One’s Nose To Spite One’s Face! Just Silly.
This appeared a few days ago:
By Allie Coyne on Oct 12, 2016 5:07PM
Individuals and businesses who re-identify government data that has been stripped of identifying details face up to two years jail under new laws proposed today by Attorney-General George Brandis.
Under the bill, security researchers will not automatically be exempt from new laws, in spite of a pledge from Brandis last week that they would be protected.
Under the Privacy Amendment (Re-identification Offence) Bill 2016, reversing the de-identification of published government data after September 29 this year will be a criminal offence that can incur up to two years in prison and 120 penalty units ($21,600), or a civil penalty of up to 600 penalty units ($108,000).
The laws will not apply to government agencies, government service providers, or anyone who has been contracted to provide services on an agency's behalf, if within the course of their work.
It will also be a criminal offence to publicly disclose revelations that supposedly de-identified data is not really anonymous, with the same maxiumum penalties in effect.
Anyone who becomes aware that published de-identified government data can be reversed is required under the legislation to notify the relevant agency in writing "as soon as practicable".
Much more here:
There is also detailed coverage here:
The amendment makes the re-identification and disclosure of de-identified data offences punishable by up to two years' imprisonment, while also forcing entities to notify agencies as soon as practicable.
Australian Attorney-General George Brandis has introduced into the Senate the legislation criminalising the re-identification of de-identified datasets that are collected and published by the Commonwealth.
"The publication of government datasets, including de-identified data, enables the government, policymakers, researchers, and other interested persons to take full advantage of the opportunities that new technology creates to improve research and policy outcomes," the explanatory memorandum [PDF] to the Privacy Act amendment says.
"However, with advances in technology, methods that were sufficient to de-identify data in the past may become susceptible to re-identification in the future. The Bill is intended to act as a deterrent against attempts to re-identify de-identified personal information in government datasets and introduces criminal and civil penalties for the prohibited conduct."
The Privacy Amendment (Re-identification Offence) Bill 2016 [PDF] will be retrospectively applied from September 29, criminalising the re-identification of de-identified personal information under s16D and the disclosure of re-identified personal information under s16E, punishable by up to two years' imprisonment or 120 penalty units, or a civil penalty of up to 600 penalty units.
Lots more here:
To use another saying this really is using a “sledgehammer to crack a nut”!
Draconian penalties are only going to make sure that useful research from legitimate researchers will be supressed while criminals will be working hard to exploit information the Government puts on line. My view is that if this is passed then anyone who can re-identify will if they see it as useful for any reason and stay very quiet about it – which is just the opposite of what we really want.
What is needed in my view is a very ‘light touch’ approach so the Government can be confident data they release can’t be exploited for fun, profit or crime beyond what is intended!
What do others think?
Posted by Dr David More MB PhD FACHI at Tuesday, October 18, 2016