The challenge

Sharing and releasing data can raise privacy concerns

Thanks to booming growth in online services and interconnected devices, data is constantly being generated and stored. Many organisations – both businesses and governments – are now seeing the benefit of using this data to solve problems that can improve all our lives and make them easier.

Since much of the data being generated is about people, de-identification is widely being used to reduce the risk to individuals’ privacy. De-identifying data can help an organisation to meet its ethical responsibilities, fulfil its legal obligations, and satisfy community expectations.

However, when de-identification is not carried out properly, a data release can raise privacy concerns. There’s a growing body of examples where this has been the case, so the need for well-thought-out de-identification has never been more acute.

Our response

Bringing together different perspectives on de-identification into a simple framework

The main question for decision-makers who want to share or release data is, should we release this data or not and if so in what form? Answering this question is complex, and relies on a range of considerations from ethical and legal obligations to technical data questions. Integrating the different perspectives on the topic of de-identification into a single comprehensible framework is what this book is all about.

Adapted from the UK resource The Anonymisation Decision-Making Framework, the guide is the result of a close collaboration between CSIRO and the Office of the Australian Information Commissioner (OAIC), with input from the Australian Bureau of Statistics (ABS) and the Australian Institute for Health and Welfare (AIHW).

The De-identification Decision-Making Framework guides custodians through the entire process of de-identifying data including the legal responsibilities, ethical obligations and stakeholder communications - to planning in the event of a crisis.

The results

A practical guide to help data custodians reduce privacy risk in sharing or releasing data

We’ve developed a practical guide to de-identification for government agencies and businesses including not-for-profit and private sector organisations.

Front cover of The Deidentification Decision-Making Framework

The De-Identification Decision-Making Framework

Our framework can help data custodians to identify and address the key factors relevant to their particular data sharing or release situation, including privacy risk analysis and control, stakeholder engagement, and impact management.

De-identification is not an exact science and, even using the De-Identification Decision-Making Framework (DDF), it requires complex judgement calls. The DDF is intended to help data custodians make sound decisions based on best practice, but it is not a step-by-step algorithm. We recommend that users seek expert advice on the de-identification process, particularly with the more technical risk analysis and control activities.

Download the report and appendices

Do business with us to help your organisation thrive

We partner with small and large companies, government and industry in Australia and around the world.

Contact us now to start doing business

Contact Data61

Your contact details

First name must be filled in

We'll need to know what you want to contact us about so we can give you an answer.