Primary Risks Associated with Data Breach

From ADA Public Wiki
Revision as of 22:24, 19 January 2020 by Dahaddican (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

There are two primary types of risk associated with a data breach or disclosure event.

Where the identity of a person or organisation is determined using other public or privately held information about them, allowing for Re-identification. Or the characteristics of an individual or organisation are determined without formally re-identifying them, also known as Attribute Disclosure.

Identity means that we find a person in a dataset, attribution means that we learn something new about a person in a dataset. They can occur together, and generally accurate re-identification typically (but not always) leads to attribute disclosure. These usually occur when someone has access to either aggregate, tabulated or microdata, allowing them to manipulate the datasets to reveal previously unknown information. When reducing the disclosure risk, both elements need to be considered.

Factors Affecting Risk

Due to the varied nature of data, there are often multiple factors to consider when ensuring that your data does not pose a likely disclosure risk. These factors include not only the legislative requirements (such as the Privacy Act 1988) and therefore the data protection techniques, but also the motivation of a potential user, the future risk of re-identification due to other available data and technological advances.

Due to the fact that the latter considerations are unknowns, it is suggested that Open Access data environments are not normally appropriate for data that is derived from Personal Information, or that this data should have been passed through an extremely robust data-focussed de-identification process that ensures with a very high degree of confidence that no individual could be re-identified and no disclosure could occur.

For more information on the common risk factors that should be considered prior to depositing data, navigate to the Common Disclosure Risk Factors pages.


Privacy Amendment (Notifiable Data Breaches) Act 2016: