Australian Bureau of Statistics
Survey Participant Information - How The ABS Keeps Your Information Confidential
The ABS depends on the goodwill and cooperation of Australians, businesses and other organisations to provide information in response to its many data collections. A critical way of maintaining such cooperation and goodwill is by ensuring that information supplied remains confidential while being used as a valuable resource for the production of statistics and supporting statistical research.
RESTRICTING USE OF INFORMATION TO STATISTICAL PURPOSES
Consistent with the Census and Statistics Act, information collected by the ABS is restricted to use for statistical purposes only. This means that the information cannot be used for any administrative, regulatory, law enforcement, adjudicatory, or other purpose that affects the rights, privileges, or benefits of a particular identifiable individual or organisation.
AVOIDING INADVERTENT DISCLOSURE IN PUBLISHED STATISTICS
The Australian Statistician is required to compile and analyse the statistical information collected under the Census and Statistics Act and to publish and disseminate the results so that the statistics derived from the information collected are available to the public. When releasing statistics it must be done in a manner that is "not likely" (in a legal sense) to enable the identification of a particular person or organisation. This requires the application of statistical methods which avoid identification while allowing sufficient detailed information to be released to make the statistics useful. These methods have been developed by statisticians in universities and statistical agencies around the world, including ABS statisticians. They are continually being further developed.
The following basic techniques are applied to tables of statistics likely to contain cells which should be kept confidential.
1. Limiting the detail available (eg collapsing detail in classifications, combining cells).
2. Slightly altering outputs so that results from analysis based on the data are insignificantly affected yet the original values cannot be known with certainty. This method is usually adopted for count data such as released from the population census.
3. Suppressing information.
There are a small number of explicit situations permitted by legislation where information about businesses, but not individuals or households, might be released or controlled access provided to unidentified records by persons who are not members of ABS staff. These exceptions are tightly prescribed by Determinations of the Census and Statistics Act made by the Minister. Release under a Determination also requires the approval of the Australian Statistician.
An important Determination made under the Census and Statistics Act enables the Australian Statistician to provide access to unidentifiable individual statistical records (commonly called microdata) to enable wider access to ABS data for social and economic research and analysis. In doing so, the Australian Statistician must ensure that all identifying information is removed prior to release and that the information is released in a manner that is not likely to enable the identification of a particular person or organisation.
Enabling only, not obligatory
There is no obligation on the Australian Statistician to release microdata files. The Determination is an enabling provision only, and specifies minimum conditions that must be agreed to before access to microdata can be granted, and the penalties that apply should these conditions be breached.
Range of protections for confidentialised microdata release
The ABS has adopted a manner of release for microdata that protects the data in four ways:-
i) by confidentialising the data on the records;
ii) by providing access in different ways depending on to the level of detail available;
iii) by requiring individual users and their employing organisations to sign undertakings that restrict how they use the data; and
iv) by raising awareness in users as to why it is vital to keep data confidential and what that means in practice when they are using the files and publishing results.
Confidentialising unit record files
The unit record files are confidentialised by removing name and address information, by controlling and limiting the amount of detail available, and by very slightly modifying or deleting data where it is likely to enable identification of individuals or businesses.
When considering requests for access to microdata the Australian Statistician seeks expert advice from the organisation’s Microdata Review Panel on whether the data is likely to result in identification of an individual person or business. The Microdata Review Panel consists of senior executives who consider technical assessments of risk of identification associated with any file considered for release.
The Australian Statistician personally decides, for each and every confidentialised file, whether or not to approve release. Even after that, one of the Deputy Australian Statisticians must approve release of the data to every organisation that wishes to use the data. The law requires formal undertakings from recipients which means they are subject to legal penalties if they breach conditions.
Penalties for breaching the CURF Undertaking
Any person who fails to comply with an undertaking given by that person in respect of a CURF is guilty of an indictable offence, punishable on conviction by a fine not exceeding 120 penalty units ($13,200) or imprisonment for a period not exceeding 2 years, or both.
Any inappropriate activity relating to the use or custody of an ABS CURF may jeopardise any future applications for access to ABS CURFs by an individual user and/or the user's organisation.
Modes of access
The ABS currently provides three different ways of accessing microdata, with each method providing access to different levels of detail in the data. The methods that provide the most detail are more tightly controlled and monitored. This ensures the manner in which the data are released is not likely to enable indirect identification of a particular person or organisation.
The three different modes are:-
a) Confidentialised Unit Record Files (CURFs) released on CD-ROM – these are files of individual unidentifiable records restricted to variables released in broad categories;
b) Remote Access Data Laboratory (RADL™) - This is a facility where approved users can remotely use expanded CURFs that contain more variables and/or more detail. The users submit analysis jobs to be run against the CURFs which remain on the ABS premises, with extra protection provided by the automatic logging of RADL activity and subsequent audits of this activity. The data itself remains on ABS premises and cannot be "seen" by researchers. The code submitted to the RADL facility is automatically logged and audited so that ABS retains a history of the outputs produced from each CURF; and
c) the ABS Data Laboratory (ABSDL) - supervised access is provided on ABS premises to specialist CURFs which contain the most variables and detail. All analytical output and other material is vetted before being removed from the Data Laboratory.
MAKING SURE SECURITY IS WORKING
Expertise in security and confidentiality techniques
Keeping information confidential requires constant attention. The ABS invests significant resources in establishing and maintaining building and IT security. It has methodologists and other staff developing improved technical methods for avoiding inadvertent disclosure of information in published statistics and when microdata is being used for research and analysis. Disclosure control is an issue managed by all official statistical offices around the world and the ABS contributes to international developments and information sharing.
Senior management oversight
Confidentiality practices are regularly reviewed by management. Their importance is reinforced in corporate and local area plans. Policies and practices are maintained and promoted for all staff to follow. Security is overseen by a committee of senior executives chaired by a Deputy Australian Statistician and reporting to the Australian Statistician. The Microdata Review Panel is chaired by a senior executive. Audits of practices of work areas are conducted regularly, including formal external audits. The IT security system has been certified by the Defence Signals Directorate.
Openness is also an important feature of the way the ABS operates. While particular details about security and disclosure protection methods are not able to be divulged because it would undermine their effectiveness, the ABS is open about the way it goes about its business. It strives to maintain the confidence in the organisation held by independent guardians of the public interest (such as the Privacy Commissioner) and key stakeholders by discussing its methods and potentially sensitive areas of privacy with new developments. It also lets respondents and staff know of the guarantees provided to respondents by the Census and Statistics Act.
Back to top
This page first published 23 February 2006, last updated 9 August 2012