Big data privacy in Australia
Know the risks and be in a position to respond fast
Personal information is a new asset class according to the World Economic Forum, delivering a new wave of economic and societal value. However, even with such obvious benefits, we often hear privacy, information security and data sovereignty being used as reasons not to develop a personal data capability.
Multi-national organisations face the challenge of meeting the privacy and security laws multiple jurisdictions.
Although complex, it’s not impossible to enable a big data capability. It simply requires the same rigour businesses apply to other aspects of their operations.
The reality is that you can do a lot with personal ‘big’ data without breaching privacy laws or acting unethically. Understanding what the risks are and ensuring you can mitigate these is an important step on the journey to big data success.
Untrained users are the number one privacy risk
Education and training will go a long way to preventing privacy breaches with big data and indeed, any personal information.
Collecting personal information
- Whether collecting personal information directly via a third party or ‘creating’ it, certain mandatory matters must be notified to the individuals whose personal information it is.
- You must have an individual’s consent to collect sensitive information (unless an exception applies).
- Seeking consent to use personal information ‘after the fact’ for a secondary big data purpose can be costly and difficult; it should be built in during the design phase.
- Where health or personal information is being handled for big data activities it may be difficult to obtain an individual’s consent but it is required.
- To ensure the relevant notification is given or consent obtained (if required) your policy and wording on websites, forms and all other sources through which the personal information is submitted must be clear and accurate.
You’re accountable for the de-identification, accuracy, use and storage and sharing of information.
Hackers like ‘data-rich’ personal information
Hackers are likely to target stores of valuable and sensitive personal information. Make sure you have the correct controls in place to prevent security breaches of this type. Encryption is one example but a comprehensive ‘prevent, protect and respond’ protocol is essential.