How the ABS keeps your information confidential

The ABS depends on the goodwill and cooperation of people in Australia to provide information for its many data collections. This includes businesses and other organisations. To maintain the trust and confidence of people in Australia, the ABS ensures the information provided remains confidential. This is consistent with the Census and Statistics Act 1905 (C&S Act) and, where personal information is involved, the Privacy Act 1998.

The importance of confidentiality is recognised in the C&S Act, with strict secrecy provisions protecting the information provided by respondents. The ABS must act consistently with these laws when dealing with information it collects to meet the information needs of governments and the community generally.

The ABS meets the confidentiality requirements of the C&S Act by ensuring that information provided to it is: 

• securely maintained
• only used by the ABS for statistical purposes
• not published or disseminated in a manner that is likely to enable the identification of an individual. 

This statement outlines how the ABS goes about each of these aspects to achieve its excellent record of maintaining confidentiality and the resultant public confidence.

When starting work at the ABS, all employees must sign an undertaking of fidelity and secrecy. The undertaking ensures ABS staff are aware of their obligation to not disclose information acquired under the C&S Act, unless they are doing so consistent with the C&S Act. 

The importance of confidentiality is communicated to staff in many ways. This begins with induction training for all new employees. The ABS organisational culture emphasises the importance and need for confidentiality. This message is reinforced to employees in corporate documents, training courses, and the everyday conduct of their work.

Staff are also reminded of the importance of security many times each day as they go about their work. The ABS buildings and computers provide a working environment that physically keeps confidential information secure. All entry into an ABS building is through a security area which electronically monitors and determines movements into and out of the building. Only staff and escorted visitors are able to enter. Some work areas are further restricted to certain staff.

The ABS maintains a complex computing environment. This is essential for the efficient processing of the information it collects, processes, and publishes. There are many layers of security, including firewalls against external intrusion. Audit trails are available for examination should investigation be necessary. The security of the ABS environment is formally assessed annually. This ensures compliance with all Australian Government IT security standards.

Policies and practices for keeping information secure are adhered to by all staff when collecting information and processing it to produce statistics.

Data collected under the C&S Act can only be accessed by ABS staff if they have a genuine 'need to know' that information. An ABS staff member has a genuine 'need to know' if, without access, they would be hindered in the performance of their ABS work. ABS staff are only provided with the minimum amount of information they 'need to know'.

During the early phases of data collection, names and addresses are necessary to ensure the quality of the resulting statistics produced. For example, we occasionally need to contact respondents to verify reported data. Access to files where the names and addresses are attached is tightly restricted to people working on these types of tasks.

Once quality has been assured, names and addresses are removed. This is because this information is not needed for the production of statistics. Removal provides added protection against any breach of security of confidential information.

Internally generated identifiers are usually attached to each record. They cannot be used to identify a respondent. Even so, the combination of these identifiers and the name and address to which they refer can be used to make records identifiable. Hence, any linked files are carefully protected and only available on a strict need-to-use-for-work basis.

We extract and code information from forms, including electronic records. Once we don’t need the forms for verification, editing, or quality studies, we store them securely. Later, we destroy them securely following government policy.

Consistent with the C&S Act, the ABS can only use the information it collects for statistical purposes. This means that the ABS cannot use the information for any administrative, regulatory, law enforcement, adjudicatory, or other purpose that affects the rights, privileges, or benefits of a particular identifiable individual or organisation.

The Australian Statistician is required to compile and analyse data collected under the C&S Act. They must also publish and disseminate results so the public can access these statistics. 

When releasing statistics, it must be done in a manner that is not likely  to enable the identification of a particular person or organisation. This means using statistical methods that protect identities while still providing useful information. Statisticians from universities and statistical agencies worldwide, including ABS statisticians, have developed these methods. They are continually being further developed.

The following basic techniques are applied to tables of statistics likely to contain cells which should be kept confidential:

1. Limiting the detail available (e.g. collapsing detail in classifications, combining cells).
2. Slightly altering outputs so that results from analysis based on the data are insignificantly affected yet the original values cannot be known with certainty. This method is usually adopted for count data such as that released from the population census.
3. Suppressing information.

There are limited circumstances under the Census and Statistics (Information Release and Access) Determination 2018 (the Determination) where information about organisations, including businesses, can be released. This must not include information of a personal or domestic nature relating to an individual that is likely to enable the identification of that individual. 

The Determination is made under the C&S Act by the relevant Minister. Any release of information under the Determination must satisfy the relevant legislative and policy requirements, including requiring the written approval of the Australian Statistician or their delegate.

Section 15 of the Determination enables the Australian Statistician to provide access to unidentified individual statistical records (microdata). This enables wider access to ABS data for social and economic research and analysis. In doing so, the Australian Statistician must ensure that all direct identifiers are removed prior to release. Also, that the information is released in a manner that is not likely to enable the identification of an individual.

There is no obligation on the Australian Statistician to release microdata files. The Determination is an enabling instrument only. It requires an undertaking be given to the Australian Statistician and specifies minimum conditions that must be agreed to before access to microdata can be granted. A breach of this undertaking is a criminal offence.

The ABS manages the risk of disclosure for microdata through application of the Five Safes Framework:

1. Safe people: individual users and their employing organisations sign undertakings that restrict how they use the data. The ABS also raises awareness in users as to why it is vital to keep data confidential and what that means in practice when they are using the files and publishing results.
2. Safe projects: microdata may only be used for a statistical or research purpose.
3. Safe setting: access is provided in different ways depending on the level of detail available.
4. Safe data: the unit record files are confidentialised by removing name and address information, by controlling and limiting the amount of detail available, and by slightly modifying or deleting data.
5. Safe output: output clearance is provided in different ways depending on the level of detail available.

When considering requests for microdata access, the Australian Statistician seeks expert advice from the ABS’s Disclosure Review Committee.  They check if the data is not likely to result in identification of an individual. The Disclosure Review Committee consists of ABS senior executives. They consider technical assessments of risk of identification associated with any file considered for release.

The Australian Statistician or their delegate decides for each microdata file whether or not to approve release. Further approvals are required for the release of microdata to each organisation that wishes to use the data. The law requires formal undertakings from each organisation before the ABS can release microdata to the organisation. This means they may be subject to criminal penalties if they breach conditions of their undertaking.

For further information about how the ABS and researchers keep microdata safe refer to:

• Data confidentiality guide
• Responsible use of ABS microdata user guide

Any person who fails to comply with an undertaking given by that person under section 15 of the Determination commits an indictable offence, punishable by a fine not exceeding 120 penalty units or imprisonment for a period not exceeding 2 years, or both.

Any inappropriate activity relating to the use or custody of ABS microdata may jeopardise any future applications for access by an individual user and/or the user's organisation.

Keeping information confidential requires constant attention. The ABS invests significant resources in establishing and maintaining building and IT security. It has methodologists and other staff developing improved technical methods for avoiding inadvertent disclosure of information in published statistics and when microdata is being used for research and analysis. 

Disclosure control is an issue managed by all official statistical offices around the world. The ABS contributes to international developments and information sharing.

Confidentiality practices are regularly reviewed by management. Their importance is reinforced in corporate and local area plans. Policies and practices are maintained and promoted for all staff to follow. Security is overseen by a committee of ABS senior executives chaired by a Deputy Australian Statistician and reporting to the Australian Statistician. The Disclosure Review Committee is chaired by an ABS senior executive. Audits of practices of work areas are conducted regularly, including formal external audits. 

Openness is also an important feature of the way the ABS operates. While particular details about security and disclosure protection methods are not able to be divulged because it would undermine their effectiveness, the ABS is open about the way it goes about its business. It strives to maintain the confidence in the organisation held by independent guardians of the public interest (such as the Privacy Commissioner) and key stakeholders. 

The ABS does this by discussing its methods and potentially sensitive areas of privacy with new developments. It also lets respondents and staff know how information given by respondents is protected under the C&S Act and Privacy Act 1998.