Primary Risks Associated with Data Breach: Difference between revisions
Dahaddican (Sọ̀rọ̀ | contribs) Created page with "There are two primary types of risk associated with a data breach or disclosure event. Where the identity of a person or organisation is determined usi..." |
Dahaddican (Sọ̀rọ̀ | contribs) No edit summary |
||
(3 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
*[[2. Deposit Preparation]] | |||
**[[Collect and Prepare Data File(s)]] | |||
***[[Preparation of Data]] | |||
****[[The Privacy Act 1988]] | |||
****[[De-Identification]] | |||
****[[Primary Risks Associated with Data Breach]] | |||
****[[Common Disclosure Risk Factors]] | |||
****[[Data Protections]] | |||
****[[Data Treatment Techniques]] | |||
****[[Preferred Deposit Formats]] | |||
****[[File & Folder Naming Conventions]] | |||
****[[Double-Zipping Files and Folders]] | |||
*****[[Instructions on how to Double-Zip]] | |||
***[[Collection of Data]] | |||
There are two primary types of risk associated with a data breach or [[Glossary of Terms|disclosure]] event. | There are two primary types of risk associated with a data breach or [[Glossary of Terms|disclosure]] event. | ||
Line 14: | Line 29: | ||
==Notes== | ==Notes== | ||
Privacy Amendment (Notifiable Data Breaches) Act 2016: | Privacy Amendment (Notifiable Data Breaches) Act 2016: | ||
Latest revision as of 22:24, 19 January 2020
There are two primary types of risk associated with a data breach or disclosure event.
Where the identity of a person or organisation is determined using other public or privately held information about them, allowing for Re-identification. Or the characteristics of an individual or organisation are determined without formally re-identifying them, also known as Attribute Disclosure.
Identity means that we find a person in a dataset, attribution means that we learn something new about a person in a dataset. They can occur together, and generally accurate re-identification typically (but not always) leads to attribute disclosure. These usually occur when someone has access to either aggregate, tabulated or microdata, allowing them to manipulate the datasets to reveal previously unknown information. When reducing the disclosure risk, both elements need to be considered.
Factors Affecting Risk
Due to the varied nature of data, there are often multiple factors to consider when ensuring that your data does not pose a likely disclosure risk. These factors include not only the legislative requirements (such as the Privacy Act 1988) and therefore the data protection techniques, but also the motivation of a potential user, the future risk of re-identification due to other available data and technological advances.
Due to the fact that the latter considerations are unknowns, it is suggested that Open Access data environments are not normally appropriate for data that is derived from Personal Information, or that this data should have been passed through an extremely robust data-focussed de-identification process that ensures with a very high degree of confidence that no individual could be re-identified and no disclosure could occur.
For more information on the common risk factors that should be considered prior to depositing data, navigate to the Common Disclosure Risk Factors pages.
Notes
Privacy Amendment (Notifiable Data Breaches) Act 2016: