The Commonwealth’s foremost expert on privacy issues was shut out of the whole-of-government public data and data management policy design work ahead of last December’s policy statement and guidance to holders of public data.
Acting Australian information commissioner Timothy Pilgrim, who has also held privacy commissioner and deputy privacy commissioner roles since 1998, was informed of the policy statement only after it was fait accompli. He was then invited to make a presentation to the data unit in the Department of the Prime Minister and Cabinet to celebrate the launch of the statement, on which he was not allowed to contribute his considerable subject matter expertise.
The astonishing exclusion falls at the feet of four of the top officials in government, all of whom are well aware of the Coalition government’s open disregard for the Office of the Australian Information Commissioner — it promised to abolish the office back in 2013, but has been unsuccessful.
The Public Sector Data Management report, which directs agencies to make non-sensitive data “open by default”, was overseen by then PM&C secretary Michael Thawley and his fellow departmental secretaries Jane Halton and Drew Clarke. The new head of the Communications department, Dr Heather Smith, led the project.
PM&C’s data unit, which includes officials drawn from the Department of Communications, Finance and the Digital Transformation Office, was created by Thawley and Smith after Malcolm Turnbull became prime minister. Although the unit did not consult with Pilgrim on the whole-of-government policy’s design, it did later seek the assistance of the OAIC in promoting the data management report.
The OAIC has done its own research and policy work on better use of government-held public data, Pilgrim told a late night hearing of the Senate Select Committee on Health on Tuesday. The government hasn’t availed itself of the OAIC’s work, but the committee chair Senator Deborah O’Neill expressed interest in how OAIC’s work on “privacy by design” could assist researchers investigating social determinants of health, while maintaining community expectations of individual privacy.
“Open by default” and “privacy by design” are not incompatible. They do however, require careful planning and expertise.
The relaunched Data.gov.au will be the new one stop shop for government data, but the public data policy will have implications for state and territory data custodians as well as researchers seek to cross-match datasets.
Pilgrim said the Privacy Act is robust enough to permit such use where it is de-identified, but where the line falls on what constitutes de-identified data and how much data matching would create the potential for re-identification was a complex question to answer. Inconsistent state and territory legislation also made it more complex, he said. His office has offered to assist the committee with the work.