Data Sharing Taskforce - Update #6

The Data Sharing Taskforce will meet again on March 16th. The focus for the coming workshop continues to be the development of frameworks to help reframe and better understand the information theoretic, regulatory and cultural challenges of sharing data. This update includes the current version of the working document

The Opportunity

The increasing digitisation of our society coupled with innovative application of analytics have led to astonishing changes in the way we understand the world, the services we create and the level of intimacy companies have with customers.

The rise of data analytics has meant that large and small players alike can generate value from the data coming from our increasingly connected, online world. Companies create value by asking questions that were once out of reach, or by customising to the level of the individual by analysing search, purchase, shipment, use, and feedback of digital products and services. 

What is true in industry is also true for government. Points of high frustration for citizens or systems which are not yet digital are in focus for reform at both state and commonwealth level. The goal of many governments is to create a “citizen centric” perspective with a single point of entry to government, and a single view of the experience of dealing with government. The use of analytics also allows government to address complex problems in new ways.

The Challenge

Many data custodians remain hesitant to share data. The main concerns are based around appropriate use and interpretation of data, concerns about unintended consequences of sharing data, concerns about accidental release of sensitive data and concerns about adherence to privacy legislation. Frameworks for trusted data sharing would help address these challenges.

Secondly, aggregation of individual data is a standard approach to reduce the level of personal information in a data set. Fundamental to the data sharing challenge is that there is currently no way to unambiguously determine if there is personal information in aggregated data. Consequently, different levels of aggregation are used by different agencies depending on a perceived value of risk associated with the data to be shared. The implications of this can be profound when thinking of the use cases which come in and out of scope depending on the level of aggregation used.

Thirdly, concerns raised by Privacy advocates as the capability of data analytics increases. When the number of data sets used to create a service, or address a policy challenge increases to hundreds or thousands, the complexity of the problem may rapidly exceed the ability of human judgement to determine if the combined data (or the insights generated from them) contain personal information.

Finally, context plays an important role in determine if linked data sets have personal information content. A linked data set may have low information content for one observer, and high for another observer who brings additional personal knowledge or history. What in a limited context may be the identification of an anonymous individual (“any” anyone), could become an identifiable person with additional context (an actual “someone”). The concern that it may be possible to associate an identified (but unknown) individual to a known person is driving privacy debate in many jurisdictions.

The Goal

Acknowledging the work being done within many government jurisdictions and within industry to develop data sharing frameworks, the goal of the Data Sharing Taskforce is to help reframe the debate around data sharing by addressing the challenges outlined above. This will be facilitated by:

?  Developing frameworks which characterise data sets based on the degree of personal information contained within them (developing a “Personal Information Factor”);

?  Developing frameworks which characterise “smart services” based on the data sets used to create them, and determining the associated Personal Information Factor;

?  Developing frameworks which describe the responsibilities, obligations, and limitations for providers of “smart services” created from different data types and their associated Personal Information Factor;

Aided by these frameworks, the Taskforce will work with the Privacy Commissioners and privacy advocates to develop robust guidelines to address the challenges outlined, with the goal of enabling highly automated data sharing.