Keeping integrated data safe
The ABS protects your privacy and is committed to keeping your information safe and secure. We have a strong data protection culture and extensive experience in keeping data secure as Australia’s national statistical organisation and as an Accredited Integrating Authority.
The ABS enforces a robust framework of protections that work together to protect your privacy, strengthen the security of your data, and meet legislative requirements.
- Legislative protections
- Privacy protections
- Policies and standards
- Safe data handling practices
We handle your personal information with utmost care to meet our legislative requirements and public expectations.
We are also bound by the secrecy requirements of the Census and Statistics Act 1905, which ensures that information collected for a statistical purpose cannot be released in a manner that is likely to enable the identification of any person or business.
In addition to the Privacy Act 1988 and APPs, the Australian Government Agencies Privacy Code sets out specific requirements and key practical steps that requires agencies to move toward a best practice approach to privacy governance to help build a consistent, high standard of personal information management across all Australian Government agencies.
We take a privacy-by-design approach in order to manage risks. This means that we assess privacy risks at every stage of data integration - project initiation and approval, the acquisition and linking of data, and access to and analysis of data.
Privacy Impact Assessments
A Privacy Impact Assessment (PIA) is a systematic assessment that helps us identify and manage the privacy impacts of a data integration project. The ABS Privacy Impact Assessments webpage contains a list of PIAs that have been conducted for ABS projects, including MADIP. Privacy threshold assessments are undertaken for all data integration projects, and a full PIA will be conducted as required in accordance with the Office of the Australian Information Commissioner (OAIC) guide to undertaking a PIA.
Policies and standards
High Level Principles for Data Integration
All of our data integration activities are conducted in line with the seven High Level Principles for Data Integration, which are the established protocols for the safe and secure integration of Commonwealth data for research and statistical purposes.
Our data integration projects:
- only occur where they provide significant benefit to the public;
- are only conducted for statistical and research purposes (not for compliance, monitoring or enforcement purposes);
- must minimise any potential impact on privacy and confidentiality; and
- are transparent – the datasets involved and research purposes are listed on the ABS website.
Government security standards
The ABS adheres to Australian Government standards for information, personnel, and physical security. Our data integration systems and processes conform to the IT security arrangements set out in the Information Security Manual, which is part of the Australian Government's Protective Security Policy Framework.
A data breach occurs when personal information that is held by an organisation is lost or subjected to unauthorised access or disclosure. In the unlikely event of a data breach, the ABS will respond in accordance with the Notifiable Data Breaches Scheme.
Safe data handling
The Separation Principle and Functional Separation
The ABS collects two types of information for use in data integration projects:
- Linkage information – which usually includes personal identifiers such as name, address and date of birth, or other identifiers like Australian Business Numbers. This information is only used to enable datasets to be linked; it is not used for analytical purposes
- Analytical information – which includes variables of interest for analysis, such as occupation, income and health services use, or business type and industry. Analytical information is primarily used for analysis but may also be used to help with linking datasets
The Separation Principle is applied when we undertake data integration activities. This means personal identifiers are stored separately from other information, and no one can view both personal identifiers and analytical information at the same time.
We adhere to the Separation Principle by implementing functional separation (or roles) in all data integration projects. This means that staff undertaking data linkage projects only have access to the information that they need to perform their assigned role - no one has access to the identifying details of an individual or business at the same time as other information about that individual or business.
- Librarian: Prepares the data for linkage
- Linker: Finds links between datasets
- Assembler: Creates files for analysis
- Analyst: Analyses the linked information
Five Safes Framework
The Fives Safes Framework takes a multi-dimensional approach to managing disclosure risk by accounting for each independent but related aspect of disclosure risk. The framework poses specific questions to help assess and describe each risk aspect in a qualitative way. This allows data custodians to place appropriate controls on the manner in which data are accessed.
ABS Privacy Policies provides more about how we protect your privacy.