This appeared last week:
NSW running Data61 de-identification tool across COVID data prior to public release
The Personal Information Factor tool is claimed by the CSIRO to lower the risk of de-identified data being re-identified.
By Chris Duckett | January 27, 2021 -- 23:17 GMT (10:17 AEDT) | Topic: Security
The New South Wales government has been using a tool to help de-identify data related to COVID-19 prior to the release of that data to the public, the CSIRO said on Thursday.
The tool, dubbed Personal Information Factor (PIF), has been created by Data61, the NSW government, the Australian Computer Society, Cyber Security Cooperative Research Centre (CSCRC), and "several other groups".
"The privacy tool assesses the risks to an individual's data within any dataset; allowing targeted and effective protection mechanisms to be put in place," the CSIRO claimed.
NSW chief data scientist Dr Ian Oppermann said the tool was being used on datasets containing data on people who had been infected with COVID-19 before it was made publicly available.
"Given the very strong community interest in growing COVID-19 cases, we needed to release critical and timely information at a fine-grained level detailing when and where COVID-19 cases were identified," Oppermann said.
"This also included information such as the likely cause of infection and, earlier in the pandemic, the age range of people confirmed to be infected.
"We wanted the data to be as detailed and granular as possible, but we also needed to protect the privacy and identity of the individuals associated with those datasets."
Data61 said PIF assigns a risk score to a dataset and makes recommendations to make de-identification "more secure and safe".
The tool is also being used on other datasets such as domestic violence data and public transport usage, Data61 said.
PIF will be made available by June 22.
More here:
Given all the false starts we have seen and this comment from the real expert (in the same article):
“In a recent submission to a review of the Privacy Act, security researcher Vanessa Teague said de-identification does not work.
"A person's detailed individual record cannot be adequately de-identified or anonymised, and should not be sold, shared, or published without the person's explicit, genuine, informed consent," Teague said.
"Identifiable personal information should be protected exactly like all other personal information, even if an attempt to de-identify it was made."
I really wonder. I would be reassured if she was one of the experts giving it the tick of approval! I wonder why she was not asked?
David.
Wonder why she was not asked? Rhetorical?
ReplyDeleteI am sure under controlled conditions inside CSIRO evidence supported what everyone wanted to see. Out in the wild in use by a Health Department that cannot even keep pace with the supply of bandages - I get a sense more than one privacy breach will go unreported