Sensitive data are data that can be used to identify an individual, species, object, or location that introduces a risk of discrimination, harm, or unwanted attention. Major, familiar categories of sensitive data are:
The Australian National Data Service (ANDS) advises on issues to consider when dealing with sensitive data,. Some of these are:
De-identification aims to allow data to be used by others without the possibility of individuals being identified. Data de-identification may be used to:
Data that is still identifiable (i.e. contains personal information) needs to be managed carefully, through access control and data security measures. (Read more here.)
Definitions In Australia, in addition to the Commonwealth legislation, almost each state and territory has its own privacy legislation. The Office of the Australian Information Commissioner offers links to all this legislation.
The Commonwealth Privacy Act 1988 (Part II, Division I, Section 6) defines:
personal information as “information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual, or an individual who is reasonably identifiable.” Common examples are an individual’s name, address, telephone number, date of birth, bank account details and commentary or opinion about a person.
identification information about an individual as: the individual’s full name, alias, date of birth, sex; current, last known or previous address or employer, or driver’s license number.
identifier of an individual as a number, letter or symbol, or a combination thereof, that is used to identify or verify the identity of the individual, but does not include the individual’s name. For instance, an identifier of an individual may include a Medicare number or Hospital/Medical Record Number. de-identified as “personal information is de-identified if the information is no longer about an identifiable individual or an individual who is reasonably identifiable”.
De-identified information is no longer considered personal information under the Privacy Act 1988 and can be shared.