Your personal data is being shared, whether you like it or not

Australians OK with police sharing data to solve crimes – but other use cases are problematic

A slew of revelations about the expanding exploitation of personal data – by police and government agencies, among others – suggest that Australians are justified in their concerns about unauthorised use of their personal data.

Those concerns surfaced in the recent Unisys Security Index 2019, which found that 57 percent of the 1049 surveyed Australian consumers were concerned about unauthorised access to their personal data – and 29 percent said they had suffered a data breach in the last year.

The overall index rose 2 points over the last year, to 175 out of a possible 300 points – a record in the 13 years that the index has been compiled. This was, the Unisys analysis concluded, driven by growing concern about identity theft and bank card fraud. Australia’s security index was 155.

Globally, consumers are more concerned about bank card fraud than national-security threats like war, terrorism, and natural disasters – although many consumers reported being more concerned about attending large public events due to security fears.

These fears had seen two-thirds of Australian respondents agree that sharing of personal information amongst law enforcement agencies to solve a crime was acceptable – yet recent revelations have suggested that information sharing is more rampant, and less well-controlled, than many of those consumers would have anticipated.

A recent review of the functioning of the Telecommunications (Interception and Access) Act 1979, for example, found that the ACT police force approved 116 requests for stored telecommunications data during a two-week period in October 2015.

Further examination revealed that the police had actually undertaken 3249 unauthorised telecommunications data requests during the 2015-16 financial year – leading the force into an investigation and a commitment to “ensuring access to telecommunications data is conducted appropriately and transparently.”

Yet increased access to data is creating other opportunities for data sharing that demurring Australians may never have anticipated.

A controversy has emerged, for example, around newly announced plans for Centrelink to analyse Medicare doctor attendance and prescription claims in a data-matching process to corroborate claims for benefits.

Data matching is nothing new for Centrelink – which maintains a number of protocols for its data-matching activities – but access to Medicare data would potentially open the floodgates to the interchange of sensitive personal information.

The government itself is already under fire for compromising this information, with revelations that it sent letters to more than 50,000 Australians with past bipolar diagnoses, referencing their past lithium treatment and inviting them to participate in a Queensland Institute of Medical Research (QIMR) genetics study.

These revelations highlight the increasing concentration of personal information and its potential value for legitimate and illegitimate uses – and the subjectivity with which Australians view these uses.

Some 57 percent believe doctors should be able to share their healthcare histories with other healthcare providers to get a “complete view of the individual’s health”, but just 16 percent support banks doing the same.

Fully 38 percent of Australian respondents said they would not support any of the use cases for government, employer and private-sector monitoring offered to them – including monitoring travel to plan road and public-transport infrastructure, retailers monitoring purchases to offer personalised deals, banks contacting customers with offers for loans or insurance after making a large purchase, and more.

Yet while 15 percent of the Australian Unisys survey respondents said they had stopped dealing with an organisation after it suffered a data breach in the last year, there is no such option around government data or access to data.