Confidentiality
Definition
Confidentiality refers to the obligation of organisations that collect information to ensure that no person or organisation is likely to be identified from any data released.
Importance of confidentiality
Organisations that collect data depend on the goodwill and cooperation of the community, businesses and other organisations to provide the information. By protecting the confidentiality of the information provided, organisations that collect data help maintain the trust and goodwill of providers, and are better able to collect the required information. Maintaining public trust helps achieve a higher response to data collections and results in better quality data.
There are also legal obligations which must be met in relation to the collection, management, use and dissemination of information. In Australia this requirement is recognised in the Commonwealth Privacy Act (1988) and various state and territory privacy legislation. It is also reflected in legislation, procedures and protocols in relation to specific government activities where information is collected. Examples include the Social Security (Administration) Act 1999, the Taxation Administration Act 1953 and the Census and Statistics Act (1905). Penalties apply if the secrecy provisions set out in these Acts are breached.
At the international level, the United Nations Statistical Commission identifies confidentiality as one of the Fundamental Principles of Official Statistics, with principle 6 stating: Individual data collected by statistical agencies for statistical compilation, whether they refer to natural or legal persons, are to be strictly confidential and used exclusively for statistical purposes.
Keeping data confidential
Organisations that collect data protect the secrecy of information by implementing policies and procedures that address all aspects of data protection.
They do this by ensuring identifiable information about individuals and organisations;
- is not released publicly;
- is available to authorised people on a need to know basis only;
- cannot be derived from disseminated data;
- and is maintained and accessed securely.
To avoid the disclosure of confidential information where an individual person or organisation could be identified in a dataset, either directly or indirectly, the data are confidentialised. This involves removing or altering information, or collapsing detail, to ensure that no person or organisation is likely to be identified in the data. There are various methods used to protect the identity of individuals and organisations while at the same time maximising the usefulness of the data for statistical and research purposes.