The Federal Government has agreed to the creation of a new privacy code to apply to the Australian Public Service following a series of high-profile and embarrassing data debacles and controversies.
Australian Privacy Commissioner Timothy Pilgrim wrote to the secretary of Prime Minister and Cabinet Martin Parkinson in March to officially request the development of a new privacy code to apply to all government agencies.
The department today officially agreed to this push, and will work with the Office of the Australian Information Commissioner to develop the code, which will be implemented next year.
“The code will be a key privacy protection mechanism which will help to facilitate the success of the Australian government’s broader data, cyber and innovation agendas,” Mr Pilgrim said in the letter. “I believe that the code will symbolise the APS’s commitment to the protection of privacy, and build public trust and confidence in the Australian government’s information-handling practices and proposed new uses of data.”
The push for a privacy code was spurred by “several high profile privacy incidents in recent times”, Mr Pilgrim said, including last year’s census fail, privacy breaches in the health department, and the ongoing Centrelink robo-debt data-matching issues.
It also comes on the back of the government’s increased focus on the use of public data and making data open to the private sector, seen through the DTA’s digital-first delivery model, the Open Government Partnership, and the Productivity Commission’s latest report on data use.
“Many APS agencies have powers to collect personal information on a compulsory basis, in exchange for the provision of services and payments. This means that individuals are not always able to exercise meaningful choice over how their personal information is used,” Mr Pilgrim said.
“These factors underline the existence of a strong need for APS agencies to enhance their existing privacy capability to enable them to better prepare for contemporary privacy issues.”
Instead of enforcing new obligations and restrictions on agencies, the code will focus on providing practical and simple ways for these departments to meet their obligations under the Australian Privacy Principles.
It will include the establishment of a privacy management plan, a dedicated privacy content officer, a ‘privacy champion’ and a written privacy impact statement for all “high risk” projects, which will then go on the public record.
There is an “urgent need” for the privacy code in order to restore public confidence and trust in the government’s use of its data, Mr Pilgrim said.
“The APS first needs to take steps to build public trust and confidence in the ability of the APS to implement its agenda consistent with community expectations, and in a way that respects privacy. There is a need to strengthen the overall privacy governance processes with APS agencies,” he said.
“I believe that if this is not done, there is a risk that the community may lose trust in the ability of government to deliver on key projects which involve the use of personal information.”
This will then allow the government to prepare for the “numerous modern privacy challenges that lie ahead”, and also ready for the implementation of the European Union’s General Data Protection Regulations next year.
These new regulations will have a “significant impact” on Australian businesses looking to provide goods or services in the EU, Mr Pilgrim said.
Mr Pilgrim also announced that his office would investigate privacy issues surrounding Centrelink’s use of data-matching with the ATO to identify discrepancies in welfare recipients’ payments.
Privacy issues related to the robo-debt scheme came to a head when the government released the personal information of a journalist to the media after she wrote a blog post critical of the government policy.
The new privacy code is also likely to impact the government’s planned drug testing of welfare recipients.
Announced in last week’s budget, the government is now working with the CSIRO’s Data61 to develop a “data-driven profiling tool” to identify three at-risk areas to conduct trial drug tests of new welfare recipients.
Concerns have already been raised over this controversial policy, with UTS Business School associate professor Bronwen Dalton saying it comes with severe privacy risks.
“It’s a violation of privacy that falls disproportionately on young people, and very poor young people. They’re just singling out young people who are getting hardly any money anyway,” Ms Dalton told InnovationAus.com
The use of data to inform algorithms that have a real world impact, as seen with the robo-debt dramas and the upcoming trial drug tests, is also a crucial point in the establishment of a public sector privacy code.
Victorian Commissioner for Privacy and Data Protection David Watts discussed this issue in a speech as part of Privacy Awareness Week over the weekend.
“Just like any other instruction, algorithms can go wrong and produce unintended or harmful results. Because these are likely to impact on us as individuals, advanced analytics cannot be treated as mystical, unchallengeable, unaccountable black boxes,” Mr Watts said in the speech.
Mr Watts called for further discussions surrounding the use of algorithms, including who is accountable for them, the data that goes into them, and their potential security and fairness.