Publication
“AI and sustainability - cure or curse?”
While AI can help resolve data issues in sustainable investing, it can create problems such as information breaches and inherent bias in data.
Global | Publication | October 2016
In a swift follow up to an announcement on September 28, 2016 by the Commonwealth Attorney-General, a bill has been introduced into the Senate to amend the Privacy Act 1988 (Cth) (Privacy Act) to introduce prohibitions on the re-identification of de-identified government information. A copy of the Privacy Amendment (Re-Identification Offence) Bill 2016 (Cth) (Re-identification Bill) is available here, along with a copy of the explanatory memorandum.
The Re-identification Bill prohibits the re-identification or attempted re-identification of de-identified information released by, or on behalf of, Commonwealth Government agencies, as well as prohibiting the disclosure of any such re-identified personal information. If the Re-identification Bill is passed in its present form, re-identification of previously de-identified government information will be a criminal offence that can incur up to two years in prison or a fine of A$21,600. Alternatively, the same conduct can be the subject of a civil penalty of up to A$108,000 for individuals or up to A$540,000 for bodies corporate. The new offences in the Re-identification Bill will operate retrospectively from 29 September 2016 (the day after the initial announcement).
The Re-identification Bill also includes secondary obligations for entities which re-identify previously de-identified government information to notify the Commonwealth agency that originally released that information, and not to otherwise disclose that re-identified information, with civil penalties of up to A$36,000 for individuals and up to A$180,000 for body corporates applying for a breach of these obligations.
The Re-identification Bill includes exceptions for:
Any person or entity working with de-identified government information now needs to take extra care to ensure that this information is not re-identified, even inadvertently. Anyone undertaking cryptology or information security research relating to de-identified government data should consider whether to apply for a ministerial exemption to permit their activity, particularly if the de-identified personal information included in the government data being worked on has only been encrypted or masked in a way that could be decrypted or revealed in the course of research activities.
Prior to the announcement of the Re-identification Bill, there was some concern that it could impair legitimate security research, which now appears to be well-founded given the need for researchers to specifically apply for an exemption covering their activities. We will continue to monitor the progress of the Re-identification Bill in this regard.
The timing of the Commonwealth Government’s other major proposed privacy reform, the introduction of a mandatary data breach notification scheme, is still unclear at this time. As mentioned in our previous legal update, the bill for the introduction of such a scheme is scheduled for introduction to and passage by the Commonwealth Parliament by December 1, 2016. As the introduction of the Re-Identification Bill shows, privacy reform remains high on the Government’s legislative agenda.
Publication
While AI can help resolve data issues in sustainable investing, it can create problems such as information breaches and inherent bias in data.
Publication
In this edition of Regulation Around the World we review recent steps that financial services regulatory authorities have taken as regards investment research.
Publication
Our Asia Competition Law facts sheets provide insights into the main competition law regimes across Asia, reflecting the experience and reach of our Asia competition team in an ever changing and increasingly complex competition law environment.
Subscribe and stay up to date with the latest legal news, information and events . . .
© Norton Rose Fulbright LLP 2023