On-Prem

Public Sector

Privacy Commissioner warns the ‘John Smiths’ of the world can acquire ‘digital doppelgangers’

Australian government staff mixed medical info for folk who share names and birthdays


Australia’s privacy commissioner has found that government agencies down under didn’t make enough of an effort to protect data describing “digital doppelgangers” – people who share a name and date of birth and whose government records sometimes contain data describing other people.

Commissioner Karly Kind on Monday used her LinkedIn account to report that she recently awarded $10,000 in compensation to a complainant whose healthcare records became “intertwined” with those of a person who shared the same name and date of birth.

“Intertwinement primarily occurs when staff incorrectly add personal information to the wrong account, or a third-party provider submits a claim for the wrong customer,” she wrote.

Kind suggested “hundreds” of Australians share the same name and date of birth, and that when their government records become intertwined they “may suffer not only inconvenience but real harm.” She mentioned the possibility of health practitioners being denied access to accurate records, and difficulties accessing “financial aspects of health and government services.”

“Although only a small subset of Australians may be affected, the potential harm is significant,” she wrote.

For one such person, identified as “ATQ” in a complaint about intertwined data, their medical records included info about three people who shared their name and birthday, after four mistakes by government workers.

Australia’s public health insurance scheme, Medicare, caps some payments. Intertwined records meant ATQ was warned they were close to those caps and would soon have to pay more for healthcare, based on activity their ‘digital doppelganger’ had undertaken and which had mistakenly been recorded on their file.

ATQ filed a complaint about this in 2019, and relevant agencies have since taken steps to prevent records becoming intertwined.

But Kind found some of those efforts “actually impede the complainant’s use of government services, a consequence that would ideally, but may not realistically, be avoided.” We’re guessing that valiant efforts at master data management by database admins couldn’t address all possible human error.

In a determination about the complaint, Kind found that Australian government agencies “interfered with his privacy on multiple occasions, compounding the distress that he has suffered over time.”

She also found “the inadequacy of the steps taken by the respondent to protect the complainant’s personal information from further unauthorised access and disclosure has caused the complainant to experience continuing feelings of stress.”

Commissioner Kind awarded the complainant AU$10,000 ($6,100).

Doppelgangers for good

Australia is crawling with digital doppelgangers right now: The Commonwealth Scientific and Industrial Research Organisation (CSIRO) last week used the term to describe digital twins – virtual recreations of systems that are used to simulate performance.

CSIRO evoked doppelgangers in a discussion about how digital twins are being used to simulate people in scenarios such as modelling responses to medical treatment, creating virtual athletes, or digital workers who are used to simulate activities that could create workplace injuries.

“Building a digital doppelgangers requires a lot of very personal data. This can include scans, voice and video recordings, or performance and health data,” the org warned, adding that legal rights are being revisited as more doppelgangers are deployed.

“The power of this technology is inspiring,” CSIRO boffins wrote. “But ensuring a future in which we live happily alongside our digital doppelgangers will require governments, technology developers and end-users to think hard about issues of consent, ethical data management and the potential for misuse of this technology.”

While also avoiding the bad doppelgangers identified by Commissioner Kind. ®

Send us news
44 Comments

Canvassing apps used by UK political parties riddled with privacy, security issues

Neither Labour, Conservatives, nor the Lib Dems offered a retort to rights org's report

TSA’s airport facial-recog tech faces audit probe

Senators ask, Homeland Security watchdog answers: Is it worth the money?

Coordinates of millions of smartphones feared stolen, sparking yet another lawsuit against data broker

Fourth time’s the harm?

DeepSeek rated too dodgy down under: Banned from Australian government devices

As American big tech companies lashed for their slow efforts to prevent harms

The curious story of Uncle Sam's HR dept, a hastily set up email server, and fears of another cyber disaster

Lawsuit challenges effort to create federal-wide centralized inbox expected to be used for mass firings

DeepSeek's R1 curiously tells El Reg reader: 'My guidelines are set by OpenAI'

Despite impressive benchmarks, the Chinese-made LLM is not without some interesting issues

CDNs: Great for speeding up the internet, bad for location privacy

Also, Subaru web portal spills user deets, Tornado Cash sanctions overturned, a Stark ransomware attack, and more

Court rules FISA Section 702 surveillance of US resident was unconstitutional

'Public interest alone does not justify warrantless querying' says judge

How to leave the submarine cable cutters all at sea – go Swedish

Clear rules and guaranteed consequences concentrate the mind wonderfully. Just ask a Russian

GM parks claims that driver location data was given to insurers, pushing up premiums

We'll defo ask for permission next time, automaker tells FTC

Allstate accused of quietly paying app makers for driver data

Insurance giant sued by Texas for using surveillance without consent to jack up premiums, deny coverage

Is that a bird’s nest, a wireless broadband base station, or both?

Everything in Australia is deadly, in this case giant eagles guarding eggs in places wireless broadband techs need to reach