Privacy, Secrecy, and Information Security
 

The ABS respects your right to privacy and is committed to keeping your information safe and secure. We take our responsibilities very seriously.

The ABS is subject to strong legislation protecting the confidentiality of your information, including the Census and Statistics Act 1905 which makes it a criminal offence to breach secrecy provisions.

We handle personal information in accordance with the Privacy Act 1988 and the Australian Privacy Principles, and abide by the High Level Principles for Data Integration Involving Commonwealth Data for Statistical and Research Purposes.

The ABS will never release information in a manner likely to enable the identification of a person, and will only ever release statistical information identifying a business or organisation when authorised by law, for example where a business or organisation has consented to the release of their information.

    • The ABS has a number of safeguards in place to protect your information. These include:
    • IT security arrangements that conform with the Australian Government Information Security Manual
    • Strict control of access to all ABS premises in accordance with the Commonwealth Protective Security Manual
    • Personnel security arrangements, including security checks for all ABS staff and a requirement to sign a lifelong Undertaking of Fidelity and Secrecy under the Census and Statistics Act 1905 - the penalty for breach includes fines of up to $25,200 or imprisonment for two years, or both
    • A secured internet gateway reviewed annually by the Australian Signals Directorate
    • Regular protective security risk reviews
    • An ongoing program of security audits
    • Strict control of access to information, limited to only the information that is required to perform a specific role within a project
    • Logging and monitoring of access and use of information
    • Information is only combined in a secure environment within the ABS, by a dedicated team
    Data Integration and the Separation Principle

    There are two types of information collected by the ABS or shared with us by other agencies for use in data integration projects. Personal information which could directly identify a person (e.g. name, address, date of birth) is only used to enable datasets to be linked; it is not used for analytical purposes. Other demographic information (e.g. occupation, income, health services use) may be used to combine datasets, and is also used for analysis.

    When undertaking data integration activities, the ABS applies the Separation Principle to store identifiable personal information separately from other information, and to restrict project members’ access to information according to what is necessary for their function or role. A person working on a project can only hold one role at a time. This means that personal information and analytical information cannot be accessed at the same time, and no person can ever see all of your information together at any point in the process.

    The roles required to perform data integration activities in the ABS are:
      • Librarian: prepares information for linkage
      • Linker: links information together
      • Assembler: creates files for analysis
      • Analyst: analyses linked information

    When Census information is used in a data linkage project, the ABS employs additional measures to protect privacy. Names collected in the Census are irreversibly encoded prior to linkage in a way that means you can no longer be identified by the encoded value. The approach is based on advice provided by independent cryptography experts from the University of Melbourne. The encoded value and name information are stored separately from other demographic and analytical information collected in the Census. Further, as described above, access to information is managed according to roles, which prevent any person accessing a name at the same time as other information about that person collected in the Census. These roles are:
      • Census Name Manager: securely encodes Census name information to provide to the Linker for the project.
      • Census Librarian: prepares Census information (excluding name information) for linkage. They may also undertake the general Librarian role for a project.

    Only ABS employees can perform the Census Name Manager, Census Librarian, Librarian, Linker, and Assembler roles. All ABS employees are subject to the Census and Statistics Act 1905, and have signed a lifelong undertaking to protect the confidentiality of information collected by the ABS. Significant sanctions can be applied for failure to comply with the Act.

    Analysts may be ABS officers, employees of government agencies, or non-government researchers who have been granted access under the Five Safes Framework. The approval process involves assessment of the researcher, their purpose for accessing the information, the information requested, the environment in which access will be granted, and the outputs of their research to ensure confidentiality requirements are met. Analysts are not provided access to name information, and are subject to a number of requirements under the Census and Statistics Act 1905 to use information appropriately.

    Retention of Information

    The ABS securely retains source and linked information while there is a business need to do so. This includes the use of data for statistical purposes, such as data linkage and maintenance of linked data, and research. Examples of statistical and research uses can be found here. The ABS reviews the need to retain information, and information is destroyed when there is no compelling business case for retention. This is sound business practice and consistent with the Australian Privacy Principles. Note that for the 2016 Census, names and addresses will not be retained beyond August 2020 at the latest.

    More Information

    To learn more about how we protect your privacy, please see the ABS Privacy Policies.

    For information on the full suite of measures in place for Census information, including how names are encoded to protect your identity and specific commitments about retention of information, see the Census Privacy Policy and webpage on Privacy, Confidentiality and Security.