Australia: Revisiting data in a post-COVID world: Privacy and security

COVID-19 has presented new and unique challenges across both the private and public sector. For local governments, the shift of workforces into their homes and consequential repopulation of suburbs during working weeks, as well the shut down or pivoting of local economies, presents the opportunity for local governments to revisit how data sets can be used to refocus internal work streams and promote growth in local businesses in the post-COVID world. Central to leveraging data to emerge from COVID-19 is privacy and security protections and policies, particularly when local governments collaborate with the private sector to create particular data sets.

Using data to prepare local governments for a post-COVID world

Government has been moving toward smart cities and smart communities for a number of years now. With COVID-19 shifting workforces to working-from-home life, cities and their internal maintenance may look considerably different in the near future – and so too might the smart city. Data, and local governments collaborating with analytic firms to make sense of this data, can help local governments save money by reallocating resources where necessary. For example, for streamlined rubbish collection, public transport and to decrease traffic congestion by monitoring use of roads post COVID-19.

Creating data sets to help local economies recover from COVID-19

We are yet to experience the full economic effects of the global pandemic, however it's a reasonable prediction that some businesses will not survive, others will pivot and new businesses will emerge in the post-COVID world to meet new and unique demands. Open data has been driving innovation for a number of years. Now may be the perfect opportunity for local government to collaborate with private industry, including start-ups, to drive innovation by focusing on collecting and providing new and relevant data sets (perhaps informed by new needs).

Privacy concerns

Where local governments are collecting data, collaborating with the private sector to create particular data sets, or releasing new data sets, they should conduct a Privacy Impact Assessment (PIA) to assess the privacy impacts of these activities and the ways in which local governments can avoid or minimise any negative privacy impacts. NSW local governments are not strictly required to conduct a PIA under the Privacy and Personal information Protection Act 1998 (NSW). However, the above data use and commercialisation activities are clearly data intensive, and so conducting a PIA can help local governments identify and minimise the privacy risks associated with these activities. As a first step, it will be important to consider whether all data will be sufficiently de-identified. Even if no personal information will be collected as part of the relevant data sets, local governments may wish to conduct a PIA anyway to ensure that their processes avoid the collection and use of personally identifiable information.

Key takeaways:

• a post-COVID world may present opportunities for local governments to create and provide new data sets to streamline internal resource allocation as well as prompt innovation.
• central to collection and release of data sets are privacy compliance and security considerations.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.