Tech association ACS has produced a report on the way forward in a world of data sharing, outlining a basis for balancing the need for governments and business to share information while maintaining citizens’ privacy.
The Privacy Preserving Data Sharing Frameworks report, released at ACS’s Reimagination Thought Leaders Conference in Melbourne today, concluded Australia should develop a systemised and standardised safe data sharing regime with independent verification.
NSW Chief Scientist Dr Ian Oppermann, who is also ACS Vice President, said addressing whether linking deidentified datasets could lead to being able to identify someone is “a very subtle and complex challenge”.
“That challenge however underpins our ability to use smart services in the future, from smart lights to smart cities, even smart government. The work described in this year’s technical whitepaper takes us further down the path to being able to address that challenge.”
The paper outlines a framework for privacy preserving data sharing to address technical challenges as well as broader. ACS President, Yohan Ramasundara said preserving individual privacy is critical.
“This paper is an important milestone in developing a framework that gives our society the benefits of shared data while protecting citizens personal information,” he said
The report offers seven conclusions.
1. Many of the voiced concerns about data sharing are expressed as concerns about privacy. In practice they are based on concerns about the sensitivity of data and use of outputs to address these concerns.
2. The use case for data strongly influences the risk framework required and the methods (aggregation, suppression, obfuscation, perturbation) appropriate for increasing data safety.
3. It is feasible to develop a meaningful Personal Information Factor (PIF) giving a measure of personal information in de-identified, people centric data. Information theoretic metrics show promise for many common protection methods and can be enhanced to cover perturbed data.
4. Re-identification risk and levels of personal information in data are related but different concepts.
5. Understanding the relationship between different features in a dataset helps to those that have the greatest impact on data utility after protection methods are applied.
6. Development of a meaningful measure of relative utility is feasible for datasets protected through aggregation, generalisation, obfuscation and perturbation. Information theoretic metrics based on Mutual Information (between original and protected datasets) shows promise.
7. Dealing with “trajectories” (or pathways) in data is a critical to its safe use and release. promise; however, the complexity of implementation.