Technical details of "hashing" anonymisation process

Timothy Goddard made this Official Information request to Inland Revenue Department

The request was successful.

From: Timothy Goddard

Dear Inland Revenue Department,

In a news article on Radio New Zealand today by Phil Pennington, a number of statements from the IRD are recorded claiming that the data released is anonymised by "hashing":

https://www.rnz.co.nz/news/business/5274...

I would like to be able to scrunitise the claims that the processing steps taken effectively anonymise the data released to these companies. Accordingly, I am requesting technical documentation you hold on:

* The data format in which data about individuals are released to Google, Facebook (Meta), and LinkedIn. Details of exactly how this data is transferred are not required, just the format this data is in.
* Which personal identifiers (e.g. name, date of birth, address, IRD number) are either directly included in those lists, or are used as input to any hashed or encrypted field in those lists.
* The technical specifications of hashing and encryption processes applied.
* Any internal analysis on the risk of re-identification of these hashes (excluding legal advice subject to privilege).

Those are broken in to bullet points to make the scope clear, but please don't feel they need to be answered one-by-one. A single document could well answer multiple points.

Kind regards,

Tim Goddard

Link to this

From: oia
Inland Revenue Department

[IN CONFIDENCE RELEASE EXTERNAL]

[IN CONFIDENCE RELEASE EXTERNAL]

Dear Timothy

 

Thank you for your request under the Official Information Act.  

 

We will respond within the 20-day statutory timeframe.  You can expect to
receive a response no later than 07/10/2024.

 

Your reference number is 25OIA1281.   

 

Kind regards  
Governance and Ministerial Services | Inland Revenue - Te Tari Taake

 

 

 

From: Timothy Goddard <[FOI #28336 email]>
Sent: Monday, September 9, 2024 11:13 AM
To: oia <[IRD request email]>
Subject: 25OIA1281 Request Goddard

 

External Email CAUTION: Please take CARE when opening any links or
attachments.

 

 

 

 

 

 

 

Dear Inland Revenue Department,

 

In a news article on Radio New Zealand today by Phil Pennington, a number
of statements from the IRD are recorded claiming that the data released is
anonymised by "hashing":

 

[1]https://aus01.safelinks.protection.outlo...

 

I would like to be able to scrunitise the claims that the processing steps
taken effectively anonymise the data released to these companies.
Accordingly, I am requesting technical documentation you hold on:

 

* The data format in which data about individuals are released to Google,
Facebook (Meta), and LinkedIn. Details of exactly how this data is
transferred are not required, just the format this data is in.

* Which personal identifiers (e.g. name, date of birth, address, IRD
number) are either directly included in those lists, or are used as input
to any hashed or encrypted field in those lists.

* The technical specifications of hashing and encryption processes
applied.

* Any internal analysis on the risk of re-identification of these hashes
(excluding legal advice subject to privilege).

 

Those are broken in to bullet points to make the scope clear, but please
don't feel they need to be answered one-by-one. A single document could
well answer multiple points.

 

Kind regards,

 

Tim Goddard

 

-------------------------------------------------------------------

 

This is an Official Information request made via the FYI website.

 

Please use this email address for all replies to this request:

[2][FOI #28336 email]

 

Is [3][IRD request email] the wrong address for Official Information requests
to Inland Revenue Department? If so, please contact us using this form:

[4]https://aus01.safelinks.protection.outlo...

 

Disclaimer: This message and any reply that you make will be published on
the internet. Our privacy and copyright policies:

[5]https://aus01.safelinks.protection.outlo...

 

If you find this service useful as an Official Information officer, please
ask your web manager to link to us from your organisation's OIA or LGOIMA
page.

 

 

-------------------------------------------------------------------

 

This email and any attachment may contain confidential information. If you
have received this email or any attachment in error, please delete the
email / attachment, and notify the sender. Please do not copy, disclose or
use the email, any attachment, or any information contained in them.
Consider the environment before deciding to print: avoid printing if you
can, or consider printing double-sided. Visit us online at ird.govt.nz

References

Visible links
1. https://www.rnz.co.nz/news/business/5274...
2. mailto:[FOI #28336 email]
3. mailto:[IRD request email]
4. https://fyi.org.nz/change_request/new?bo...
5. https://fyi.org.nz/help/officers

hide quoted sections

Link to this

From: oia
Inland Revenue Department


Attachment image001.png
8K Download

Attachment 25OIA1281 Signed Response Goddard.pdf
572K Download View as HTML


[IN CONFIDENCE RELEASE EXTERNAL]

[IN CONFIDENCE RELEASE EXTERNAL]

Tçnâ koe Timothy Goddard,

 

Please find attached Inland Revenue’s response to your 9 September 2024
request for information under the Official Information Act 1982.

Nâku noa, nâ,

Governance and Ministerial Services | Inland Revenue - Te Tari Taake

 

 

This email and any attachment may contain confidential information. If you
have received this email or any attachment in error, please delete the
email / attachment, and notify the sender. Please do not copy, disclose or
use the email, any attachment, or any information contained in them.
Consider the environment before deciding to print: avoid printing if you
can, or consider printing double-sided. Visit us online at ird.govt.nz

Link to this

Things to do with this request

Anyone:
Inland Revenue Department only: