Privacy Commissioner warns the ‘John Smiths’ of the world can acquire ‘digital doppelgangers’

Australia’s privacy commissioner has found that government agencies down under didn’t make enough of an effort to protect data describing “digital doppelgangers” – people who share a name and date of birth and whose government records sometimes contain data describing other people.

Commissioner Karly Kind on Monday used her LinkedIn account to report that she recently awarded $10,000 in compensation to a complainant whose healthcare records became “intertwined” with those of a person who shared the same name and date of birth.

“Intertwinement primarily occurs when staff incorrectly add personal information to the wrong account, or a third-party provider submits a claim for the wrong customer,” she wrote.

Kind suggested “hundreds” of Australians share the same name and date of birth, and that when their government records become intertwined they “may suffer not only inconvenience but real harm.” She mentioned the possibility of health practitioners being denied access to accurate records, and difficulties accessing “financial aspects of health and government services.”

“Although only a small subset of Australians may be affected, the potential harm is significant,” she wrote.

For one such person, identified as “ATQ” in a complaint about intertwined data, their medical records included info about three people who shared their name and birthday, after four mistakes by government workers.

Australia’s public health insurance scheme, Medicare, caps some payments. Intertwined records meant ATQ was warned they were close to those caps and would soon have to pay more for healthcare, based on activity their ‘digital doppelganger’ had undertaken and which had mistakenly been recorded on their file.

ATQ filed a complaint about this in 2019, and relevant agencies have since taken steps to prevent records becoming intertwined.

But Kind found some of those efforts “actually impede the complainant’s use of government services, a consequence that would ideally, but may not realistically, be avoided.” We’re guessing that valiant efforts at master data management by database admins couldn’t address all possible human error.

• Australia moves to drop some cryptography by 2030 – before quantum carves it up
• Canvassing apps used by UK political parties riddled with privacy, security issues
• Australia lays fiendish tax trap for Meta – with an expensive escape hatch
• Europe coughs up €400 to punter after breaking its own GDPR data protection rules

In a determination about the complaint, Kind found that Australian government agencies “interfered with his privacy on multiple occasions, compounding the distress that he has suffered over time.”

She also found “the inadequacy of the steps taken by the respondent to protect the complainant’s personal information from further unauthorised access and disclosure has caused the complainant to experience continuing feelings of stress.”

Commissioner Kind awarded the complainant AU$10,000 ($6,100).

Doppelgangers for good

Australia is crawling with digital doppelgangers right now: The Commonwealth Scientific and Industrial Research Organisation (CSIRO) last week used the term to describe digital twins – virtual recreations of systems that are used to simulate performance.

CSIRO evoked doppelgangers in a discussion about how digital twins are being used to simulate people in scenarios such as modelling responses to medical treatment, creating virtual athletes, or digital workers who are used to simulate activities that could create workplace injuries.

“Building a digital doppelgangers requires a lot of very personal data. This can include scans, voice and video recordings, or performance and health data,” the org warned, adding that legal rights are being revisited as more doppelgangers are deployed.

“The power of this technology is inspiring,” CSIRO boffins wrote. “But ensuring a future in which we live happily alongside our digital doppelgangers will require governments, technology developers and end-users to think hard about issues of consent, ethical data management and the potential for misuse of this technology.”

While also avoiding the bad doppelgangers identified by Commissioner Kind. ®