PLIDA/MADIP Privacy Impact Assessments

The following PLIDA PIAs and related privacy processes have been completed since PLIDA became operational. Items marked with an asterix (*) are project specific PIAs involving PLIDA.

2025

• 2024/25 PLIDA PIA Update, May 2025:
  • PIA Report
  • Consultation Report
  • PLIDA Board Response
• Supplementary Consultation: Private health insurance data, February 2025  (please note, this report is part of the transparency measures recommended in the 2022 MADIP PIA)

2024

• Expanded Health Data Linkage PIA, May 2024:
  • PIA Report
  • Consultation Report
  • PLIDA Board Response

2023 

MADIP renamed PLIDA 

2022

• 2022 MADIP PIA Update, June 2022:
  • PIA Report
  • Consultation Report
  • MADIP Board Response
• Supplementary Consultation: Private sector health data, October 2022

2021

• Australian Immunisation Register (AIR) Data Integration, August 2021 *
• National Health Measures Study, December 2021 *
• NSW Their Futures Matter, December 2021 *

2020

• Weekly Payroll Jobs & Wages, July 2020 *
• Jobs Related Data Integration, September 2020 *
• MADIP PIA Implementation Report, November 2020 (12-month implementation report for the 2019 MADIP PIA Update)
• NSW Cancer Research, November 2020 *
• National Study of Mental Health and Wellbeing, December 2020 * 

2019

• MADIP PIA Implementation Report, April 2019 (12-month implementation report for the 2018 MADIP PIA)
• 2019 MADIP PIA Update, November 2019
  • PIA Report
  • MADIP Board Response

2018

• 2018 MADIP PIA, April 2018:
  • PIA Report
  • MADIP Board Response
• National Health Survey PIA, August 2018 *

The MADIP PIA was updated in 2022 to consolidate the findings from PIA processes undertaken since the 2019 MADIP PIA Update and to consider planned changes or updates to MADIP. The ABS engaged independent privacy consultant Maddocks, on behalf of the MADIP Board, to conduct the 2022 MADIP PIA update.

The 2022 MADIP PIA update found:

• MADIP continues to comply with the Privacy Act 1988 and the Australian Privacy Principles (APPs)
• Existing mitigation strategies are sufficient to address privacy risks.
• Six recommendations to advance privacy best practices and enhance compliance with the APPs.

Stakeholder consultation

Consultation is a valuable part of conducting a PIA. During February 2022, the ABS and Maddocks held targeted stakeholder consultation sessions to inform stakeholders about MADIP, its current privacy practices, and protections and identify and discuss stakeholder views on potential changes to MADIP.

Participants included:

• Aboriginal and Torres Strait Islander stakeholder groups
• Commonwealth and State Government agencies
• Office of the Australian Information Commissioner (OAIC)
• Peak bodies, privacy advocates, and consumer advocates
• State and Territory privacy regulators
• Universities and research institutions

The MADIP Board and the ABS thank stakeholders for their significant contributions to the 2022 PIA Update. You can find out more about the consultation process and stakeholder views in the Consultation Report.

Implementation progress

The MADIP Board has agreed with all the recommendations from the 2022 PIA Update. The MADIP Board Response provides a summary of recommendations together with how the recommendations will be implemented.

The 2022 PIA Update recommendations focus on actions to advance privacy best practice and enhance existing governance processes. The ABS is working with the MADIP Board to implement these recommendations over a 12-month timeframe to June 2023. The ABS will publish an implementation report in the latter half of 2023.

In October 2022, the ABS considered a proposal to link a new type of data in MADIP. In line with the recommendations from the 2022 PIA Update, the ABS:

• provided notice to the public on the ABS website
• sought views from stakeholders
• published the decision to link the new type of data, and reasons for that decision.

More information about current and past proposals to include new types of data in PLIDA can be found on the PLIDA data and legislation web page.

Further information

You can find out more about the 2022 MADIP PIA Update from the reports published to the ABS Privacy Impact Assessments web page. 

• 2022 MADIP PIA Update - PIA Report
• 2022 MADIP PIA Update - Consultation Report
• 2022 MADIP PIA Update - MADIP Board Response
• 2022 Supplementary Consultation Report: Private sector health data

From June to November 2019, the ABS conducted an update to the 2018 MADIP PIA on behalf of the MADIP Board. External privacy advisors Maddocks were engaged to provide independent review, advice, and assurance for the PIA process and report.

The PIA acknowledged the privacy by design approach to MADIP operations and the strong framework of protections that preserve privacy and ensure data security. It made five recommendations to improve compliance with the APPs and several suggestions towards modelling privacy best practice across the public service data community.

Targeted stakeholder consultation

The ABS held consultation sessions with a broad range of stakeholders during August and September 2019. The consultation summary report provides a summary of the key findings and themes.

Implementation

The MADIP Board agreed and responded to the recommendations and suggestions of the 2019 MADIP PIA Update in a written response. The ABS published an implementation report summarising progress made against the recommendations in the 12 months following the publication of the 2019 MADIP Update.  The implementation report also described next steps towards implementing compliance recommendations and best practice suggestions from the MADIP PIA Update.

Further information

You can find out more about the 2019 MADIP PIA Update from the reports published to the ABS Privacy Impact Assessments web page. 

• 2019 MADIP PIA Update
• 2019 MADIP PIA Update - Consultation Report
• 2019 MADIP PIA Update - Independent Assurance Report
• 2019 MADIP PIA Update – MADIP Board Response
• 2019 MADIP PIA Update - Implementation Report November 2020

In July 2017, the ABS engaged independent privacy advisory consultants Galexia to undertake a PIA of MADIP. 

The PIA was finalised in March 2018 in preparation for MADIP becoming fully operational under the Data Integration Partnership for Australia (DIPA) in July 2018.

The 2018 PIA acknowledged there were strong measures in place to protect privacy for MADIP. The 2018 PIA also identified some areas for improvement and provided strategies for managing, minimising, or eliminating residual privacy risks.

Targeted stakeholder consultation

To support the 2018 PIA process, the ABS held a series of targeted consultations with key stakeholders on behalf of MADIP partner agencies. The feedback received during these consultations was provided to Galexia to further inform the 2018 PIA and direction of MADIP.

Implementation

The ABS published an implementation report to communicate progress made against the recommendations of the 2018 PIA in the 12 months following its publication in April 2018.

Further information

You can find out more about the 2018 MADIP PIA Update from the reports published to the ABS Privacy Impact Assessments web page. 

• 2018 MADIP PIA
• 2018 MADIP PIA - MADIP Board Response
• 2018 MADIP PIA - Implementation Report November 2020

No. PLIDA information is protected by the Census and Statistics Act 1905. This ensures that no information is released in a way that is likely to enable an individual to be identified.

Only aggregate statistics - not data about individuals – are produced from PLIDA.

No. Under the Census and Statistics Act 1905, the ABS cannot release information in a way that will identify any individual. When releasing data, the ABS has rigorous processes and protections in place to:

• ensure individuals are not identified
• prevent use for enforcement or compliance purposes.

PLIDA data is made available to researchers under section 15 of the Census and Statistics (Information Release and Access) Determination 2018. This section does not permit direct identifiers (such as names and addresses) to be disclosed and also restricts use of the information to statistical and research purposes only. The ABS applies the principles of the internationally recognised Five Safes Framework including assessment of safe data and safe projects. Projects that seek to use data for compliance purposes would not be approved. 

Each agency involved in PLIDA collects personal information related to its functions or activities. This information is disclosed to the ABS for PLIDA as authorised by law for policy analysis, research and statistical purposes, consistent with the Privacy Act 1988.

For more information about the legislative authorities for agencies to share information with the ABS for PLIDA, see PLIDA data and legislation.