A decade ago, Clive Humby — a data science innovator — made headlines when he declared that “data was the new oil”. It is a great metaphor that has even more relevance today because it underlines the potential value of data, when refined, to unlock innovation and productivity across our economy.
Indeed, more technology leaders and governments are labelling data as the currency for growth and organisations across australia are sitting on a gold mine of unrefined data.
Yet when the Productivity Commission’s final report is revealed,one of the key challenges to be solved is the inherent Privacy and security complexities of opening up datasets to fuel innovation without compromising individual, government or business interests.
As Co-Founder of Data Republic, I agree that trust should be the foundation for open data to reach its full potential and this might be achieved with an exchange model rather than a highly regulated approach.
I can say that we spent a lot of time building a system based on trust that proactively addressed issues of governance, Privacy and security. In fact, our first year of operation was spent working closely with Allens Legal team to develop a legal framework to allow organisations that collect data to securely exchange it.
Undoubtedly the Commission will have its own views and recommendations when it comes to tackling these issues, but having already built a legal framework which solves the governance, privacy and security challenges of data exchange, I want to flag our learnings for the government to consider.
Consumer privacy has to come first if you are to engender trust in a data sharing framework.
De-identified data is our default position — every effort should be given to reduce risks to re-identification of individuals without their express consent.
For us this meant mandating that only de-identified data could be exchanged on our platform and where it was required to refer identifiers, that all personal information related to an individual was replaced by anonymous ‘tokens’ from data owners before data was ingested into the exchange environment.
We’ve also created various security and re-identification controls which we apply to every analysis conducted on our platform and run stringent checks on organisations contributing data onto our platform to ensure that they have the applicable privacy policies, data security and governance procedures.
The draft productivity Commission report raises important points about consumer privacy. And as we move towards greater accessibility to and greater liquidity of curated datasets, the next step will be to consider the need to develop actionable and clear policies and guidelines for businesses and government departments to protect the consumer when opening up and sharing data.
Data exchanges are governed by the Australian Privacy Principles Guidelines (APP), requiring that privacy law specialists review before, during and after solutions to ensure the data exchange process meets expectations.
In addition to abiding by these guidelines, organisations typically go through an additional layer of legal and commercial negotiations which define what data will be shared and for what purpose. The negotiations can be complicated as they define both the potential value and risk-profile of exchanges.
As a result of this complexity, data sharing agreements are often developed in an ad hoc manner or one a ‘one-off’ basis between organisations, with separate agreements drafted each time– a process that can be both costly and time consuming for organisations.
