News: 1738564213

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Privacy Commissioner warns the ‘John Smiths’ of the world can acquire ‘digital doppelgangers’

(2025/02/03)


Australia’s privacy commissioner has found that government agencies down under didn’t make enough of an effort to protect data describing “digital doppelgangers” – people who share a name and date of birth and whose government records sometimes contain data describing other people.

Commissioner Karly Kind on Monday used her [1]LinkedIn account to report that she recently awarded $10,000 in compensation to a complainant whose healthcare records became “intertwined” with those of a person who shared the same name and date of birth.

“Intertwinement primarily occurs when staff incorrectly add personal information to the wrong account, or a third-party provider submits a claim for the wrong customer,” she wrote.

[2]

Kind suggested “hundreds” of Australians share the same name and date of birth, and that when their government records become intertwined they “may suffer not only inconvenience but real harm.” She mentioned the possibility of health practitioners being denied access to accurate records, and difficulties accessing “financial aspects of health and government services.”

[3]

[4]

“Although only a small subset of Australians may be affected, the potential harm is significant,” she wrote.

For one such person, identified as “ATQ” in a complaint about intertwined data, their medical records included info about three people who shared their name and birthday, after four mistakes by government workers.

[5]

Australia’s public health insurance scheme, Medicare, caps some payments. Intertwined records meant ATQ was warned they were close to those caps and would soon have to pay more for healthcare, based on activity their ‘digital doppelganger’ had undertaken and which had mistakenly been recorded on their file.

ATQ filed a complaint about this in 2019, and relevant agencies have since taken steps to prevent records becoming intertwined.

But Kind found some of those efforts “actually impede the complainant’s use of government services, a consequence that would ideally, but may not realistically, be avoided.” We’re guessing that valiant efforts at master data management by database admins couldn’t address all possible human error.

[6]Australia moves to drop some cryptography by 2030 – before quantum carves it up

[7]Canvassing apps used by UK political parties riddled with privacy, security issues

[8]Australia lays fiendish tax trap for Meta – with an expensive escape hatch

[9]Europe coughs up €400 to punter after breaking its own GDPR data protection rules

In a [10]determination about the complaint, Kind found that Australian government agencies “interfered with his privacy on multiple occasions, compounding the distress that he has suffered over time.”

She also found “the inadequacy of the steps taken by the respondent to protect the complainant’s personal information from further unauthorised access and disclosure has caused the complainant to experience continuing feelings of stress.”

[11]

Commissioner Kind awarded the complainant AU$10,000 ($6,100).

Doppelgangers for good

Australia is crawling with digital doppelgangers right now: The Commonwealth Scientific and Industrial Research Organisation (CSIRO) last week [12]used the term to describe digital twins – virtual recreations of systems that are used to simulate performance.

CSIRO evoked doppelgangers in a discussion about how digital twins are being used to simulate people in scenarios such as modelling responses to medical treatment, creating virtual athletes, or digital workers who are used to simulate activities that could create workplace injuries.

“Building a digital doppelgangers requires a lot of very personal data. This can include scans, voice and video recordings, or performance and health data,” the org warned, adding that legal rights are being revisited as more doppelgangers are deployed.

“The power of this technology is inspiring,” CSIRO boffins wrote. “But ensuring a future in which we live happily alongside our digital doppelgangers will require governments, technology developers and end-users to think hard about issues of consent, ethical data management and the potential for misuse of this technology.”

While also avoiding the bad doppelgangers identified by Commissioner Kind. ®

Get our [13]Tech Resources



[1] https://www.linkedin.com/pulse/beware-digital-doppelganger-carly-kind-thnie/

[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z6Ch21pb01qdnHHrD3PpjwAAAdQ&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z6Ch21pb01qdnHHrD3PpjwAAAdQ&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z6Ch21pb01qdnHHrD3PpjwAAAdQ&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z6Ch21pb01qdnHHrD3PpjwAAAdQ&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[6] https://www.theregister.com/2024/12/17/australia_dropping_crypto_keys/

[7] https://www.theregister.com/2025/01/30/uk_canvassing_app_issues/

[8] https://www.theregister.com/2024/12/12/australia_news_bargaining_incentive/

[9] https://www.theregister.com/2025/01/13/data_broker_hacked/

[10] https://www6.austlii.edu.au/cgi-bin/viewdoc/au/cases/cth/AICmr/2025/19.html

[11] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/publicsector&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z6Ch21pb01qdnHHrD3PpjwAAAdQ&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[12] https://theconversation.com/digital-doppelgangers-are-helping-scientists-tackle-everyday-problems-and-showing-what-makes-us-human-247574

[13] https://whitepapers.theregister.com/



I say twin, you say doppelganger

that one in the corner

The more syllables you use to say the same thing, clearly the cleverer you are and the more serious you are about the issues.

Unless they are trying to say that the way forward, to avoid *accidentally* mixing their data, is to just smoosh them all up: make all the "John Smiths" perfectly the same, proper doppelgangers.

PS

Don't these government agencies bother with, you know, simple ways to tell two people with the same name & d.o.b. apart? Even though I'm pretty sure I'm the only Corner in the Village (ovoid architecture, very popular around here) I still get asked "what is the first line of the address?". If that failed, at least I'd be aware of the potential problem (hosting a clan reunion that had gone on just a bit too long) and could nudge the government agent.

It doesn't help

Inventor of the Marmite Laser

That they're all called Bruce.

Tim99

Nah, some of us are called Shiela.

Tough Problem

Persona

We had this issue many years ago at work. Two girls with the same full name started work on the same day. All their ids for multiple system were getting mixed up or being flagged as duplicates and generating alerts. I phoned them to establish who had which primary id only to discover they had the same date of birth too! In the end I used their postcodes to disambiguate them.

Re: Tough Problem

Bendacious

I'm curious if they were male colleagues, would you have described them as "two boys"?

Re: Tough Problem

rafff

Idiom

My father had an assistant in his shop who, until the day she retired, was always referred to as "the girl".

And it is always a "girls' night out", regardless of age, marital status etc.

mark l 2

This can be a serious problem if the police and DBS service mess up their criminal records checks. Back in the early 2000s when i worked for the local education authority we had a job applicant who according the DBS check was currently serving a 15 year prison sentence for armed robbery. Which unless the prison system was allowing convicted armed robbers to wander out and take job interviews was clearly not correct.

I don't know how it was resolved in the end because although we wanted to employ them, we couldn't when they failed the DBS checks even though it was obvious that the criminal record was for a different person. So we left it with the HR dept job to get back on to DBS and get the cluster fsck sorted.

The UK Home Office's e-visa system has the same problem

David Harper 1

As reported back in September by the Open Rights Group and the3million (https://the3million.org.uk/sites/default/files/documents/Loss%20and%20Liability%20-%20Glitching%20immigration%20status%20as%20a%20feature%20of%20the%20British%20border%20after%20Brexit%20-%20Sep2024.pdf) and more recently in the Independent (https://www.independent.co.uk/news/uk/home-news/evisa-uk-immigration-status-help-b2678643.html).

The Home Office's euphemism for this is entanglement. It sounds almost quaint until you remember that it means that your personal data is being shown to a complete stranger, or a complete stranger's personal data is being used to deny you the right to return to your home in the UK.

Not my problem

Anonymous Coward

I know for a fact that my surname - rare but not unknown in the UK - when coupled with my first name is unique in the UK. (Not the world though).

My son, I know for a fact has a globally unique surname. Something he could sell to SEO snake oil outfits if he so chose.

Anonymous Coward

I know that there are many people who share my name (in its entirety) and some that also share my date of birth. I did the check after Hospital Consultant reports seemed to summarise consultations for completely different symptoms and advice (double-incontinence from what turned out to be Cauda Equina, listed as a slipped disc that had got better). This happened twice (and I had my wife attend as witness the second time), but it turned out the Consultant was just incompetent and not correctly identifying the start and end of consultation on his dictaphone. Despite his reprimand, my medical records have never been corrected (it's too hard to work out which was the correct consultation, and the NHS will not allow an additional consultation to correct the issue!)

Boots opticians

Andy Non

I got caught with this a while back at Boots opticians. They found my record on their system with my old address on it. The optician started the eye test based upon my previous prescription with them and I couldn't even read the single big letter at the top of the chart. He checked my details, yes it was my record on the computer with my old address, date of birth, land line number etc. But the medications were wrong as were some other details. He compared my new retina scan with "my" previous retina scan and it was obviously that of a different person. Boots had somehow merged my old record with someone else's record. Not been back to Boots opticians since.

Headley_Grange

Thank goodness this is only an Australian problem otherwise think of the pain it would cause in countries with 2x or even 10x the population.

There is nothing more silly than a silly laugh.
-- Gaius Valerius Catullus