The current landscape

Currently there is a shift in Australia towards increasing consumer rights around data protection which recognises that data belongs with the individual and we are seeing in a lot of data driven industry sectors that organisations are looking to capitalise on that data and monopolise their markets using it to inform automated decision making and inhibiting competition. The more data, the more fine-grain improvements in the decision-making that leads to new service offerings that create barriers to entry for others.

There is also a big emphasis on data portability but not just portability of a profile, also the portability of transaction history so that a competing provider can make a more informed offer of a package of services to compete with the incumbent and that's good for the consumer.

It is crucial for organisations to be thinking about how they handle data as an asset and how they handle data in the context of their customer relations and social license to operate.

To unlock the true potential of data and deep learning, appropriate levels of privacy must be maintained throughout the data life cycle, from generation to collection, processing, storage, management, analysis, visualisation and finally, interpretation.

Abstract image representing big data

Capabilities

Many organisations collect data that has the potential to be incredibly useful for improving productivity, economic growth, efficiency and overall quality of life for end users, yet working out how to derive these insights for the creation of better products and services, without compromising the privacy of an individual can be a challenge. At CSIRO’s Data61 we are researching and developing models and products that will allow organisations to have the best of both worlds. These safety measures can come in a few forms:

Data encryption to enable private analytics
Keyboard

One method is to use technology platforms to process data distribution or particular requests ‘without seeing the original data’ using special forms of encryptions that allow computation over encrypted data. Whether leveraging homomorphic encryption or using distributed secure multi-party computation techniques, these platforms would operate encrypted versions of the data and generate an encrypted output which, when decrypted, matches the request results as if they were performed on the original non-encrypted data. This is a technique that in some scenarios can be extremely powerful. Extracting analytics across-organisations, or even between government departments where there is a crucial need to not reveal any of the data of the participating entities, and this becomes not only possible but also robust and secure.

Privacy preserving transformation of data

When handling sensitive data sets, organisations should adopt rigorous definitions of privacy in which residual risks are quantified and well understood. They can employ algorithms that enable mathematically proven private data sharing, influencing data in such a way that the general ‘shape’ and statistical features of the data remain the same. This offers optimal privacy-utility trade-offs while giving full control over the privacy protections. Provably private algorithms relying on notions such as differential privacy are useful in several scenarios ranging from the streaming of IoT-data to the aggregation and collection of energy or transportation data.  

Risks quantification and data management framework

We have also developed quantitative and qualitative privacy risk assessment tools for stakeholders to understand the risks of re-identification associated with sharing or releasing data. The tools leverage information theory frameworks to provide accurate estimation of the residual risks associated with the sharing of sensitive data. Lastly, we’ve released a practical guide for government agencies and businesses including not-for-profit and private sector organisations to manage data privacy. While this is not a method for enhancing individual data privacy as such, our framework can help data custodians identify and address the key factors relevant to particular data sharing or release situations, including privacy risk analysis and control, stakeholder engagement, and impact management.

Explore our work

Consumer Data Right

As technical advisor for the Data Standards Body, we designed technical standards to support consumer-driven data sharing as part of the 'Consumer Data Right' legislation. Standards for data sharing are critical to supporting an efficient, safe and convenient system for the transfer, holding and use of data across industries. They are also necessary for ensuring that the system is, at its core, customer-focussed and customer-driven. This has uses in every industry from health to law enforcement, banking and big business.

Our work on Consumer Data Standards.

N1 Analytics

N1 analytics offers privacy solutions to researchers, enterprises, governments, and any users of data. The platform uses algorithms to draw insights from encrypted data by producing “alternative datasets” that avoid exposing the actual underlying information. This technology will generate incredible value for businesses by allowing them to extract more data without compromising customer privacy.

Read more about N1 Analytics.

Data Airlock

Data Airlock makes it possible for sensitive, illegal or offensive data such as child exploitation materials to be analysed without exposing researchers to the harmful data. Developed in collaboration with the Australian Federal Police and Monash University, the technology aims to make identification of such materials more efficient and accurate.

Our work on Data Airlock.

SenDA

SenDA has the potential to revolutionise workplace efficiency while safeguarding data. The workflow tool is designed to make it easier to create, review, track and action requests to access to sensitive, granular-level data. All the while preserving confidentiality and effective data governance.

Our work on SenDA.

R4: the Re-identification Risk Ready Reckoner

The ability to re-identify data, including ‘de-identified datasets’, is a key risk in the digital landscape. Data61’s R4 or the Re-identification Risk Ready Reckoner is a powerful risk-assessment tool that evaluates the potential for re-identification of records in datasets to support data custodians and managers make better decisions on what data can be shared and in what context.

Our work on R4.

Front cover of The Deidentification Decision-Making Framework

The De-Identification Decision-Making Framework

De-Identification Decision Making Framework

De-Identification Decision Making Framework is a practical and accessible guide to de-identification for those who handle personal information and need to share or release it, in partnership with the OAIC.

Work with us

The right sort of privacy-preserving technology will be profound. It will allow an organisation to derive insight across encrypted data without getting exposed to personally identifiable information and to derive insight without moving the data. The privacy-preserving technology and research that we're working on is a fundamental key to unlock that value.

Do business with us to help your organisation thrive

We partner with small and large companies, government and industry in Australia and around the world.

Contact us now to start doing business

Contact Data61

Your contact details

First name must be filled in

We'll need to know what you want to contact us about so we can give you an answer.