Primary Risks Associated with Data Breach: Difference between revisions
Dahaddican (Sọ̀rọ̀ | contribs) No edit summary |
Dahaddican (Sọ̀rọ̀ | contribs) No edit summary |
||
Line 10: | Line 10: | ||
****[[Preferred Deposit Formats]] | ****[[Preferred Deposit Formats]] | ||
****[[File & Folder Naming Conventions]] | ****[[File & Folder Naming Conventions]] | ||
****[[Zipping | ****[[Double-Zipping Files and Folders]] | ||
*****[[Instructions on how to Zip and Encrypt a file or folder]] | *****[[Instructions on how to Zip and Encrypt a file or folder]] | ||
***[[Collection of Data]] | ***[[Collection of Data]] |
Revision as of 02:20, 16 January 2020
- 2. Deposit Preparation
- Collect and Prepare Data File(s)
There are two primary types of risk associated with a data breach or disclosure event.
Where the identity of a person or organisation is determined using other public or privately held information about them, allowing for Re-identification. Or the characteristics of an individual or organisation are determined without formally re-identifying them, also known as Attribute Disclosure.
Identity means that we find a person in a dataset, attribution means that we learn something new about a person in a dataset. They can occur together, and generally accurate re-identification typically (but not always) leads to attribute disclosure. These usually occur when someone has access to either aggregate, tabulated or microdata, allowing them to manipulate the datasets to reveal previously unknown information. When reducing the disclosure risk, both elements need to be considered.
Factors Affecting Risk
Due to the varied nature of data, there are often multiple factors to consider when ensuring that your data does not pose a likely disclosure risk. These factors include not only the legislative requirements (such as the Privacy Act 1988) and therefore the data protection techniques, but also the motivation of a potential user, the future risk of re-identification due to other available data and technological advances.
Due to the fact that the latter considerations are unknowns, it is suggested that Open Access data environments are not normally appropriate for data that is derived from Personal Information, or that this data should have been passed through an extremely robust data-focussed de-identification process that ensures with a very high degree of confidence that no individual could be re-identified and no disclosure could occur.
For more information on the common risk factors that should be considered prior to depositing data, navigate to the Common Disclosure Risk Factors pages.
Notes
Privacy Amendment (Notifiable Data Breaches) Act 2016: