Keeping integrated data safe

Print
Release date and time
24/09/2025 11:30am AEST

The ABS protects your privacy and is committed to keeping your information safe and secure. We have a strong data protection culture and extensive experience in keeping data secure as Australia’s national statistical organisation and as an Accredited Integrating Authority.

The ABS enforces a robust framework of protections that work together to protect your privacy, strengthen the security of your data, and meet legislative requirements.

These include: 

  • Legislative protections
  • Privacy protections
  • Policies and standards
  • Safe data handling practices

Legislative protections

We handle your personal information with utmost care to meet our legislative requirements and public expectations.

We adhere to the Privacy Act 1988 and to the Australian Privacy Principles (APPs), which govern how we collect and use personal information.

The ABS Privacy Policy sets out the personal information handling practices of the ABS. Additionally, the PLIDA Privacy Statement outlines the specific practices for PLIDA.

We are also bound by the secrecy requirements of the Census and Statistics Act 1905, which ensures that information collected for a statistical purpose cannot be released in a manner that is likely to enable the identification of any person or business.

Privacy protections

In addition to the Privacy Act 1988 and APPs, the Australian Government Agencies Privacy Code sets out specific requirements and key practical steps that requires agencies to move toward a best practice approach to privacy governance to help build a consistent, high standard of personal information management across all Australian Government agencies.

Privacy-by-design

We take a privacy-by-design approach in order to manage risks. This means that we assess privacy risks at every stage of data integration - project initiation and approval, the acquisition and linking of data, and access to and analysis of data.

Privacy Impact Assessments

A Privacy Impact Assessment (PIA) is a systematic assessment that helps us identify and manage the privacy impacts of a data integration project. The ABS Privacy Impact Assessments webpage contains a list of PIAs that have been conducted for ABS projects, including PLIDA. Privacy threshold assessments are undertaken to determine a project’s potential privacy impact and whether a PIA is required. The ABS conducts PIAs as required in accordance with the Office of the Australian Information Commissioner (OAIC) guide to undertaking a PIA.

Policies and standards

High Level Principles for Data Integration

All of our data integration activities are conducted in line with the seven High Level Principles for Data Integration, which are the established protocols for the safe and secure integration of Commonwealth data for research and statistical purposes.

Our data integration projects:

  • only occur where they provide significant benefit to the public;
  • are only conducted for statistical and research purposes (not for compliance, monitoring or enforcement purposes);
  • must minimise any potential impact on privacy and confidentiality; and
  • are transparent – the datasets involved and research purposes are listed on the ABS website.

Government security standards

The ABS adheres to Australian Government standards for information, personnel, and physical security. Our data integration systems and processes conform to the IT security arrangements set out in the Information Security Manual, which is part of the Australian Government's Protective Security Policy Framework.

Data breaches

A data breach occurs when personal information that is held by an organisation is lost or subjected to unauthorised access or disclosure. In the unlikely event of a data breach, the ABS will respond in accordance with the Notifiable Data Breaches Scheme.

Safe data handling

The Separation Principle and Functional Separation

The ABS collects two types of information for use in data integration projects:

  • Linkage information – which usually includes personal identifiers such as name, address and date of birth, or other identifiers like Australian Business Numbers. This information is only used to enable datasets to be linked; it is not used for analytical purposes
  • Analytical information – which includes variables of interest for analysis, such as occupation, income and health services use, or business type and industry. Analytical information is primarily used for analysis but may also be used to help with linking datasets

The Separation Principle is applied when we undertake data integration activities. This means personal identifiers are stored separately from other information, and no one can view both personal identifiers and analytical information at the same time.

We adhere to the Separation Principle by implementing functional separation (or roles) in all data integration projects. This means that staff undertaking data linkage projects only have access to the information that they need to perform their assigned role - no one has access to the identifying details of an individual or business at the same time as other information about that individual or business.

  • Librarian/Linker: Prepares the data for linkage and finds links between datasets
  • Assembler: Creates files for analysis
  • Analyst: Analyses the linked information

Combining the Linker and Librarian Functional Roles 

As of July 2025, the Linker and Librarian Functional Roles have been combined for the purpose of linking data to PLIDA.

When the Multi-Agency Data Integration Project or MADIP (the precursor to PLIDA) was first established, the Librarian and Linker roles were setup as separate functional roles. This historical feature and was implemented by at a time when MADIP was one of the first enduring national data integration projects in Australia.

Other accredited data integrators (such as the Australian Institute of Health and Welfare (AIHW) and the Australian Institute of Family Studies) have started integrating data but do not apply a similar distinction between these two roles. Further, the ABS does not apply the distinction in Librarian/Linker roles for other projects where it is the accredited data service provider (ADSP) under the Data Availability and Transparency Act 2022, which sets out a robust framework based on international standards for data sharing. One such project is the National Disability Data Asset, which uses a single role to perform Librarian and Linker functions. 

To assess the privacy impacts of combining the Librarian and Linker functional roles, this change was investigated as part of the 2024-25 PLIDA Privacy Impact Assessment Update (the PIA). The PIA found that combining the Linker and Librarian roles will not lead to increased privacy risk (the current level of privacy risk will be maintained). This is because, provided that the combined Linker/Librarian role does not have access to both the linkage information and analytical data at the same time, the ABS will continue its adherence to the separation principle. In practice, both the Linker and Librarian roles will only access and handle identifying information about data subjects, and never their analytical information. Importantly, all ABS personnel performing the combined Librarian/Linker role will remain subject to all existing mitigation strategies, including:

  • secrecy provisions under the Census and Statistics Act, and legal obligations of confidentiality and use of data imposed on public servants
  • restrictions on access to data stored in ABS IT systems (i.e. technical measures to implement the separation principle), and
  • requirements to undertake training about their role and the handling of data for that role, which includes training on privacy obligations.  

For more information, please visit the ABS Privacy Impact Assessments page.

An image showing how the Separation Principle is being implemented for data integration activities now that the Linker and Librarian functional roles have been combined. The image also shows how the Separation Principle was implemented when the Linker and Librarian functional roles were separate.

An image showing how the Separation Principle is being implemented for data integration activities now that the Linker and Librarian functional roles have been combined. The image also shows how the Separation Principle was implemented when the Linker and Librarian functional roles were separate.

 Under the previous arrangements, the Librarian Role was responsible for:

  • Receiving linking data (personal identifiers) in original form
  • Standardising and anonymising data

Under the previous arrangements, the Linker Role was responsible for:

  • Receiving anonymised linking data from the Librarian Team
  • Finding links between datasets using anonymised personal identifiers

Under the current arrangements the single Linker/Librarian Role is responsible for:

  • Receiving linking data (personal identifiers) in original form.
  • Cleaning and standardising data
  • Finding links between datasets using personal identifiers

Under the current and previous arrangements, the Assembler role is responsible for:

  • Creating files for analysis by combining the linkage results with analytical data

Five Safes Framework

The Fives Safes Framework takes a multi-dimensional approach to managing disclosure risk by accounting for each independent but related aspect of disclosure risk. The framework poses specific questions to help assess and describe each risk aspect in a qualitative way. This allows data custodians to place appropriate controls on the manner in which data are accessed.

Further information

ABS Privacy Policies provides more about how we protect your privacy.

Census Privacy Policy and Privacy, Confidentiality and Security outlines the measures in place for protecting Census information, including how names are encoded to protect your identity and specific commitments about retention of Census information.