2914.0 - 2006 Census of Population and Housing - Fact Sheets, 2006  
ARCHIVED ISSUE Released at 11:30 AM (CANBERRA TIME) 02/04/2007   
   Page tools: Print Print Page Print all pages in this productPrint All


CONFIDENTIALITY OF CENSUS DATA

THE GUARANTEE OF THE ACT

The Census collects information relating to each person and household in Australia. It is taken to provide a snapshot of information about the community as a whole and about groups within the community. However it is not concerned with information about individuals as such. The public expects that the information they provide will be kept confidential, and this is ensured by provisions in the Census and Statistics Act 1905. Under this Act, all ABS officers are legally bound never to release identifiable personal information to any person or organisation outside the ABS.

Section 19 of the Act makes it an offence for any past or present ABS officer to divulge, either directly or indirectly, any confidential information collected under this Act. The penalty for this offence is a fine of up to $5,000 or imprisonment for a period not exceeding two years, or both.

In accordance with the Act, no results will be released in a way which would enable particular individuals or households to be identified. In addition, the ABS is obligated to comply with the principles set out under the Privacy Act 1988.

This fact sheet covers the following issues:
  • security arrangements;
  • retention of name-identified information; and
  • confidentiality of tabular data.


SECURITY ARRANGEMENTS DURING COLLECTION AND PROCESSING

For the Census, strict measures are taken in field collection, processing and output of data to guard against the release of confidential information. Census collectors are responsible for ensuring the Census forms for their Collection District are secure at all times. Completed census forms are transferred from the collection centres to the census data processing centre under secure arrangements. Full-time security personnel are employed to prevent any unauthorised access to the processing centre. After processing of the forms has been completed they are pulped under the supervision of an officer of the ABS. All records used by collectors are destroyed.

Comprehensive security arrangements are implemented on the ABS computer system. These include the use of regularly changed passwords, access control and audit trails.


RETENTION OF NAME-IDENTIFIED INFORMATION

Prior to the 2001 Census, all name-identified information was destroyed once the statistical processing was completed. However, for the 2001, and all following censuses, respondents were given the choice of having their name-identification information archived for the research use of future generations.

This change came about when the Government accepted the recommendation of the Standing Committee on Legal and Constitutional Affairs report, Saving Our Census and Preserving Our History that saving name-identified census information 'for future research, with appropriate safeguards, will make a valuable contribution to preserving Australia's history for future generations'. This was particularly true for the 2001 Census as it coincided with the Centenary of Federation.

In order to ensure the current high levels of public confidence and cooperation in the census are maintained, and to respect the wishes of those who do not want their information retained for future release, information is only kept for those persons who explicitly give their consent. If a person does not explicitly agree to their name-identified Census information being retained, their name and address is destroyed once statistical processing has been completed.

The name-identified information that is kept will not be available for any purpose including by a court or tribunal within a 99 year closed access period. It will become publicly available in the year 2100 for data from the 2001 Census, and 2105 for data from the 2006 Census.


CONFIDENTIALITY OF TABULAR DATA

Tables containing cells with very small counts may potentially result in an individual being identified. Consequently, all tables are subjected to confidentiality processes before release. These steps are taken to avoid releasing information that may identify particular individuals, families, households or dwellings without impairing the usefulness of the tables.

Introduced Random Error

For the 2006 Census, a new technique has been developed to avoid identification of individuals. The confidentiality technique applied by the ABS is to slightly adjust all cells to prevent any identifiable data being exposed. These adjustments result in small introduced random errors. The technique allows very large tables, for which there is a strong client demand, to be produced even though they contain numbers of very small cells. Details of the exact nature of the methodology applied are available from the ABS on request.

Modifications are made to totals and subtotals to preserve additivity within tables. Tables which have been randomly adjusted will be internally consistent. However comparisons with other tables containing similar data may show minor discrepancies. This is the case for both customised tables and standard products. These small variations can, for the most part, be ignored.

Care should be taken when specifying tables to minimise the number of small cells. No reliance should be placed on small cells. Aside from the effects of introduced random error, possible respondent and processing errors have greatest relative impact on small cells.

More information on random error in particular can be found in the 2006 Census Dictionary (cat. no. 2901.0), on page 200 in 'Introduced random error'. More general information on data quality can be found in the same publication on page 14 in the chapter on 'Managing Census Quality'.