1160.0 - ABS Confidentiality Series, Aug 2017  
Latest ISSUE Released at 11:30 AM (CANBERRA TIME) 23/08/2017  First Issue
   Page tools: Print Print Page Print all pages in this productPrint All RSS Feed RSS Bookmark and Share Search this Product

WHAT IS CONFIDENTIALITY AND WHY IS IT IMPORTANT?


This page contains the following:

What is confidentiality?
The obligation to maintain confidentiality
Managing data confidentiality
A contextual approach to confidentiality


WHAT IS CONFIDENTIALITY?

Confidentiality refers to protecting the secrecy and privacy of information collected from individuals and organisations.

This means that when information is made available, it needs to be done in a way that is unlikely to allow individuals or organisations to be identified. Maintaining confidentiality is both a legal and ethical obligation, and a failure to maintain confidentiality is called a confidentiality breach, or disclosure.

This series focuses on managing the risks of two main types of breach:

  • Where the identity of a person or organisation is determined using other public or privately held information about them. This is known as re-identification.
  • Where a characteristic of an individual or organisation is determined without formally re-identifying them. This is known as attribute disclosure.

Maintaining confidentiality (i.e. protecting secrecy, privacy and identity) is essential to preserving public trust in data custodians – the agencies that collect, manage and release data.


THE OBLIGATION TO MAINTAIN CONFIDENTIALITY

Australian Government agencies collect data from individuals and organisations as a standard part of their activities. There is a legal and ethical responsibility for agencies to respect and maintain the secrecy, privacy and identity of those providing the information.

In practice, this means implementing policies and procedures that address all aspects of data protection. Agencies should ensure that identifiable information:
  • Is not released publicly (except where allowed by legislation).
  • Is maintained and accessed securely.
  • Is available only to authorised people and on a need-to-know basis.

Legal obligations

The obligation to keep confidential the identities and characteristics of people and organisations is primarily reflected in laws governing the collection, use and dissemination of information. These laws include, for example:
  • Privacy Act 1988
  • Social Security (Administration) Act 1999
  • Taxation Administration Act 1953
  • Census and Statistics Act 1905

These and other pieces of legislation have different terminology for the process of making data available in a safe manner. However, they all require reasonable steps to be taken to limit the likelihood of an individual person or organisation being re-identified in any data that is released. Penalties apply if the secrecy provisions set out in these Acts are breached. For example, the Census and Statistics Act stipulates criminal penalties for enabling the likely identification of an individual or organisation.

Privacy legislation

In Australia, data protections are recognised in the Privacy Act 1988.

The Act sets out people’s rights in relation to the collection, use, sharing and retention of information they provide to the Commonwealth. The Privacy Act also establishes the Australian Privacy Principles (APPs) which outline how most Australian Government agencies, all private sector and not-for-profit organisations with an annual turnover of more than $3 million, all private health service providers and some small businesses must treat personal information. Importantly APP 6 limits the disclosure of personal information. Personal information is defined in s 6(1) of the Privacy Act as:

‘information or an opinion about an identified individual, or an individual who is reasonably identifiable:
  • whether the information or opinion is true or not; and
  • whether the information or opinion is recorded in a material form or not’.

Government agencies in the Northern Territory, ACT and most Australian states are bound by privacy legislation specific to their state or territory. Agencies in Western Australia are bound by the confidentiality provisions and privacy principles in the Freedom of Information Act 1992 (WA); while South Australia has an Information Privacy Principles Instruction administered by the Privacy Committee of South Australia.

Other obligations

Organisations will often have policies and principles that outline additional, non-legislative requirements for maintaining confidentiality.

In the government sector, these documents set standards for employee behaviour and provide advice on the protocols and procedures for managing information safely. For example, the APS Values and Code of Conduct explain the high levels of ethical behaviour required of Commonwealth Government employees. Agencies planning to integrate datasets can find principle-based obligations in the High Level Principles for Data Integration Involving Commonwealth Data for Statistical and Research Purposes.

Finally there is a public expectation that agencies will treat information about individuals and organisations with respect and manage it appropriately.


MANAGING DATA CONFIDENTIALITY

This series focusses on practical advice for data custodians once a decision has been made to release a dataset; the question of whether a dataset should be released is not covered.

With the increasing demand for all government agencies to provide access to their datasets, there is more need than ever to protect and manage confidentiality, while making data available in a form suitable for decision making, research and policy development. Many agencies that collect data, including the Australian Bureau of Statistics (ABS), have long and proven experience in managing data confidentiality.

All data custodians must carefully consider confidentiality requirements (i.e. secrecy, privacy and identity) before the release of any data, whether aggregate or microdata.


A CONTEXTUAL APPROACH TO CONFIDENTIALITY

As mentioned above, legislation enables data to be released provided reasonable steps are taken to prevent re-identification. This series advocates for a contextual approach to confidentiality. This means that as long as the practical result (of processes applied) is that the confidentiality of individuals or organisations is not breached, then the legal and ethical requirements are satisfied. Processes used to achieve this are heavily dependent on the surrounding context (or manner) in which the data are released. In order to maintain confidentiality each of the following should be considered:
  • The environment into which the data will be released (e.g. a public website, a secure data laboratory).
  • The method and the degree of data treatment that must be applied to prevent re-identification in that environment.
  • The balance between adequately treating the data and ensuring its usefulness.

The Privacy Act supports this contextual approach to maintain confidentiality of the data is protects (ie personal information). The notion of ‘identifiability’ is central to the operation of the Privacy Act, although there is no formal definition of when an individual is ‘identifiable’ or ‘reasonably identifiable’ in a dataset. The Office of the Australian Information Commissioner sets out a number of factors that organisations should consider when determining the identifiability of data they hold (Privacy business resource 4: De-identification of data and information) as well as providing guidance on ‘what is personal information’. Importantly these resources show that determining whether any data subjects are ‘reasonably’ identifiable in a dataset requires a contextual consideration of the particular circumstances of the case, including:
  • The nature and amount of information.
  • Who will hold and have access to the information.
  • The other information that is available
  • The practicality of using that information to identify an individual.

In some circumstances, this contextual approach may mean that a focus on treating the data will be the only practical option (such as when data are made publicly available on a website). In other circumstances, controls on the environment in which data are to be accessed, used or released may play a larger role. Understanding this context will inform decisions about what level of treatment is required for a data release.

Other context controls could include:
  • Establishing processes to authorise researchers.
  • Ensuring the purpose for which data are used is appropriate/legal/ethical.
  • Providing a secure access environment.
  • Checking the outputs to prevent disclosure in publicly released information.

For example, the ABS applies this contextual approach to confidentiality using the Five Safes Framework in order to provide researchers with secure access to detailed microdata within the ABS DataLab. A similar approach is taken by the Sax Institute in their Secure Unified Research Environment (SURE).

More detail on contextual considerations when providing access to data can be found in Part 3: Managing the risk of disclosure: the Five Safes Framework.