[Linux-aus] Census data risks - retention and correlation of records (Was: Linux Australia Membership Team - Website Survey March 2016)
Nathan Bailey
web at polynate.net
Tue Mar 29 21:55:23 AEDT 2016
On 29 March 2016 at 17:34, Kathy Reid <kathy at kathyreid.id.au> wrote (in her
website survey thread):
> Your responses are completely anonymous. Unlike say, an upcoming
> nationwide census. But that's a different topic ;-)
Is this something we should respond to, in our broader role? It's not
really an 'open' issue, it's kind of the opposite of data freedom in a
sense, but it is about data privacy...
I am quite unhappy about (a) the change in policy and (b) the lack of
consultation in the change.
For those who are unaware - the ABS now intend to retain your personal
information (previously destroyed) *and* correlate it with other data.
This change in policy was quietly announced in mid-December (Christmas
season), and has only recently hit the news (see news.com.au article
<http://www.news.com.au/finance/economy/australian-economy/census-day-is-about-to-get-a-lot-more-personal/news-story/15f2d7b141ce6818cd1d3687e34d4f95>
and
ABC
<http://www.abc.net.au/news/2016-03-15/berg-census-privacy-threat/7244744>).
This despite:
i) ABS already having a current example of leaked data
<http://www.afr.com/business/banking-and-finance/financial-services/nab-inside-trader-lukas-kamay-sentenced-to-seven-years-20150316-1m0j9d>
which
was *not* detected internally
ii) DHS having 63 cases of data breaches in one year
<http://www.theaustralian.com.au/national-affairs/investigations-found-to-be-in-breach-of-australian-public-service-code-of-conduct/story-fn59niix-1226688378866>
iii) SA police having 100 cases of data breach *each* year
<http://www.abc.net.au/news/2016-02-29/sa-police-force-members-accused-of-snooping/7208394>
and, as a working example, the US census data already being hacked
<http://www.slate.com/blogs/future_tense/2015/07/24/anonymous_claims_responsibility_for_census_bureau_hack.html>
.
How many websites, financial institutions, insurers and government agencies
use your name, address and date of birth for security? That's all in the
census, along with your earnings.
An ABS census hack would be the most comprehensive identity theft of all
time...
It is just too risky to provide key personal information on every single
Australian in a database that could be exploited by staff or hackers, and
there really is no good reason to do so. The ABS should return to their
previous policy of destroying personal identifying data and only retaining
census data itself.
-N
PS: I responded to the LA website survey <http://opinahq.com/app/c/67076>
before responding to this email, so should you ;-)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linux.org.au/pipermail/linux-aus/attachments/20160329/a32be4c1/attachment-0001.html>
More information about the linux-aus
mailing list