Big data privacy in Australia
Protecting personal information
There are a number of key areas to consider when using, storing, gathering, generating or altering personal information. Keep these in mind when organising and/or assessing your big data capability and practices.
De-identifying and re-identifying personal information
This is a critical area for big data & privacy. You must have robust and current de-identification policies, procedures and methods to maintain an individual’s privacy. This includes re-identification assessments to understand how effective your solutions are.
Ignorance is not an excuse and with fines of up to 4% of global revenue for privacy breaches in the EU from May 2018, it can be very expensive.
Managing and maintaining personal information
‘Privacy by design’ is the catch-cry for big data analytics & privacy issues. The idea is to achieve culturally-embedded privacy to ensure all levels of your business are compliant. A privacy management framework, explained in our next article, is one of the steps toward achieving privacy by design.
Collection, consent, notification and use of personal information
Personal information collected can only be used for the primary purpose/s identified in the notice provided on collection, unless an exception applies.
You cannot use personal information for any purpose other than that originally identified and you can’t collect more personal information than is needed for your legitimate business activities.
Security and incident preparation
Organisations must build on their traditional security and incident controls. They must shift from the ‘perimeter approach’, where an organisation attempts to guard the entirety of its data and information systems (a bit like building a wall), to an approach that operates at the data level, wherever that data resides.
The focus must be on protecting the information ecosystem — it’s an information first, system second approach. Organisations are still accountable even when data held is outside their systems by third parties. Knowing who has responsibility for that information and where it’s kept is essential.