Independent Privacy Impact Assessment
In July 2017, the ABS (on behalf of MADIP agencies) engaged privacy experts Galexia to undertake an independent Privacy Impact Assessment (iPIA) of the MADIP. The iPIA assesses the MADIP’s compliance with the Australian Privacy Principles, to ensure all privacy risks are identified and mitigated before the project becomes fully operational under the Data Integration Partnership for Australia (DIPA) in July 2018.
The iPIA was finalised in March 2018 and is published here along with the MADIP agencies’ response.
The iPIA acknowledges there are strong measures in place to protect privacy for the MADIP, including legislative safeguards, the separation principle, and restricting the use of data to research and statistical purposes which benefit the Australian community. The iPIA does identify some areas for improvement and provides strategies for managing, minimising, or eliminating residual privacy risks. The MADIP agencies are working on the areas for improvement.
Targeted stakeholder consultation
To support the iPIA process, the ABS held a series of targeted consultations with key stakeholders, on behalf of MADIP partner agencies. The aim of these sessions was to understand stakeholder views on key data integration issues, and contribute to building community trust and understanding of the MADIP as the project develops.
The consultations also provided an opportunity for privacy and advocacy groups, government, academics, and civil society groups to raise any issues or concerns about the project, and discuss the benefits of data integration and future development of the MADIP.
The feedback received during these consultations has been provided to the consultant to further inform the iPIA and direction of the MADIP. This consultation process also forms part of ongoing consultations held with community stakeholders about the work of the ABS.
What was the focus of the consultation meetings?
As part of the discussion, the ABS sought comments from stakeholders on three core issues, for each of which stakeholders were asked about their concerns, what could be done to minimise those concerns, and what benefits they perceived from existing arrangements:
- 1. MADIP data security and protection of privacy
2. The benefits and possible risks of combining key national public sector datasets
3. Data access arrangements and use
Stakeholders were selected based on their:
- Involvement (potential or actual) in the project;
- Representativeness of key sector(s) of Australian society;
- Special interest or expertise (including privacy and security); and/or
- Prior contribution to government consultation processes.
For more information about MADIP consultations, email firstname.lastname@example.org