PLIDA/MADIP Privacy Impact Assessments

The ABS and the PLIDA Board are committed to upholding the privacy, confidentiality and security of information in the Person Level Integrated Data Asset (PLIDA). The ABS continually assesses PLIDA operations for potential privacy impacts and will continue to take a privacy by design approach for PLIDA.

Privacy Impact Assessments (PIAs) are an important part of the governance and accountability framework for PLIDA. PIAs help identify and manage the privacy impacts of PLIDA. 

The ABS generally conduct updates to the PLIDA PIA every two years to assess and minimise privacy risks of PLIDA. 

PLIDA/MADIP PIAs reflect the evolution of PLIDA data and uses and are consistent with privacy best practice in Australia.

Since PLIDA was established, the ABS has undertaken several PIAs that have been published on the ABS website. The original MADIP PIA was completed in March 2018 by privacy consultant Galexia. The ABS conducted an update to build upon the original PIA in November 2019. The 2019 MADIP PIA Update was quality assured by privacy consultant Maddocks. Several project specific PIAs involving MADIP data were also conducted following the 2019 MADIP PIA Update.

A second MADIP PIA update was undertaken by Maddocks in 2022 to build upon the previous MADIP PIAs.

The MADIP PIA was updated in 2022 to consolidate the findings from PIA processes undertaken since the 2019 MADIP PIA Update and to consider planned changes or updates to MADIP. The ABS engaged independent privacy consultant Maddocks, on behalf of the MADIP Board, to conduct the 2022 MADIP PIA update.

Maddocks found that:

• MADIP continues to be compliant with the Privacy Act 1988 and the Australian Privacy Principles (APPs) and
• existing mitigation strategies were sufficient to address privacy risks.

Maddocks made six recommendations to advance privacy best practice and enhance compliance with the APPss.

Targeted stakeholder consultation

Consultation is a valuable part of conducting a PIA. The ABS and Maddocks held targeted stakeholder consultation sessions during February 2022 to inform the PIA. Consultation aimed to inform stakeholders about MADIP, including its current privacy practices and protections, and identify and discuss stakeholder views on potential changes to MADIP.

Participating stakeholders included the Office of the Australian Information Commissioner (OAIC), Commonwealth and State Government agencies, State and Territory privacy regulators, universities and research institutions, Aboriginal and Torres Strait Islander stakeholder groups, peak bodies, privacy advocates and consumer advocates.

The MADIP Board and the ABS thank stakeholders for their significant contributions to the 2022 PIA Update. You can find out more about the consultation process and stakeholder views in the Consultation Report.

Implementation progress

The MADIP Board has agreed with all the recommendations from the 2022 PIA Update. The MADIP Board Response provides a summary of recommendations together with how the recommendations will be implemented.

The 2022 PIA Update recommendations focus on actions to advance privacy best practice and enhance existing governance processes. The ABS is working with the MADIP Board to implement these recommendations over a 12-month timeframe to June 2023. The ABS will publish an implementation report in the latter half of 2023.

In October 2022, the ABS considered a proposal to link a new type of data in MADIP. In line with the recommendations from the 2022 PIA Update, the ABS:

• provided notice to the public on the ABS website
• sought views from stakeholders
• published the decision to link the new type of data, and reasons for that decision.

More information about current and past proposals to include new types of data in PLIDA can be found on the PLIDA data and legislation web page.

Further information

You can find out more about the 2022 MADIP PIA Update from the reports published to the ABS Privacy Impact Assessments web page. 

• 2022 MADIP PIA Update
• 2022 MADIP PIA Update - Consultation Report
• 2022 MADIP PIA Update - MADIP Board Response
• 2022 Supplementary Consultation Report: Private sector health data

Can I be identified in PLIDA?

No. PLIDA information is protected by the Census and Statistics Act 1905. This ensures that no information is released in a way that is likely to enable an individual to be identified.

Only aggregate statistics - not data about individuals – are produced from PLIDA.

Can PLIDA be used for enforcement or compliance purposes?

No. Under the Census and Statistics Act 1905, the ABS cannot release information in a way that will identify any individual. When releasing data, the ABS has rigorous processes and protections in place to:

• ensure individuals are not identified
• prevent use for enforcement or compliance purposes.

PLIDA data is made available to researchers under section 15 of the Census and Statistics (Information Release and Access) Determination 2018. This section does not permit direct identifiers (such as names and addresses) to be disclosed and also restricts use of the information to statistical and research purposes only. The ABS applies the principles of the internationally recognised Five Safes Framework including assessment of safe data and safe projects. Projects that seek to use data for compliance purposes would not be approved. 

How are government agencies authorised to share my information to the ABS for PLIDA?

Each agency involved in PLIDA collects personal information related to its functions or activities. This information is disclosed to the ABS for PLIDA as authorised by law for policy analysis, research and statistical purposes, consistent with the Privacy Act 1988.

For more information about the legislative authorities for agencies to share information with the ABS for PLIDA, see PLIDA data and legislation.

The ABS Privacy Impact Assessments web page provides a register of PIAs that have been conducted for all ABS projects, including ABS data integration projects and PLIDA related PIAs.

More information on the ABS privacy and security protections for PLIDA is available on the Keeping integrated data safe web page.

More information on how the ABS handles personal information for PLIDA is available on the PLIDA Privacy Policy web page.

For more information about PLIDA privacy processes, please contact us via data.integration.privacy@abs.gov.au.