Proposed changes to the national Privacy Act would make it a criminal offence to re-identify government data that has been stripped of identifying markers.
Attorney-General George Brandis today said he intended to introduce the amendments to the privacy legislation in the current spring sitting of parliament, which runs until December 1.
The changes would also make it an offence to "counsel, procure, facilitate, or encourage anyone" to re-identify anonymised data.
Publishing or communicating "any re-identified dataset" would similarly be considered a criminal offence.
Updated: The proposed changes were announced less than 24 hours before the Department of Health revealed it had removed a dataset from its open data portal after researchers notified the agency that practitioner details could be decrypted.
Update 2: The government has since said it intends to exempt security researchers from the new criminal offences.
Brandis said the amendments were intended to "improve protections of anonymised datasets that are published by the Commonwealth government".
"The publication of major datasets is an important part of 21st century government, providing a great benefit to the community," he said in a statement.
"It enables the government, policymakers, researchers, and other interested persons to take full advantage of the opportunities that new technology creates to improve research and policy outcomes."
But he said the government recognised that the privacy of citizens was of "paramount importance".
"It is for that reason that there is a strict and standard government procedure to de-identify all government data that is published. Data that is released is anonymised so that the individuals who are the subject of that data cannot be identified," Brandis said.
"However, with advances of technology, methods that were sufficient to de-identify data in the past may become susceptible to re-identification in the future."
The changes, should they be passed into law, would apply from today.
.jpg&h=271&w=480&c=1&s=1)
