What is data integration?
What are the benefits of data integration?
What are the benefits of the ABS performing data integration?
What data has the ABS brought together?
When is data integration used?
SECRECY OF YOUR INFORMATION
How does the ABS decide what data to join together?
How is the information brought together safely?
How is my personal information protected?
How is my personal information kept secure?
How can the ABS prevent re-identification?
What happens to Census name and address information?
How does the ABS use anonymised codes?
Need more information?
The Australian Bureau of Statistics (ABS) is committed to informing important decisions through extracting the greatest value from Australia’s statistical assets. We are supporting the delivery of the best policies and services for all Australians. We will achieve this by working as a partner with all those who need better quality information to inform important decisions.
The ABS is committed to upholding the secrecy, confidentiality and privacy of the personal information it collects. Not only does the ABS have strong legislative protections that safeguard the secrecy of an individual's information, it has a proud 100-year history of maintaining community trust in the way it collects, uses, discloses and stores your personal information.
What is data integration?
Data integration means bringing information together.
It is an efficient and effective way of creating new insights by reusing existing data to address important questions about Australian society. When a problem is identified that no single set of data can resolve, data can be brought together in a very safe and controlled way, to enable analysis of the issue.
Data integration can deliver new insights where information has not previously been available.
Small groups or sub-populations, such as indigenous communities, are often under-represented in single datasets. Combining datasets means these groups can be better represented by having a more informed picture. Data integration also allows us to make better use of existing data. Problems can be resolved more efficiently and effectively if the public doesn’t need to be asked the same question multiple times for different purposes.
We can also identify policy trends and features that may never have previously been able to be identified. The value of data integration is that it allows problems to be solved that no single dataset could solve on its own.
The ABS is an approved Integrating Authority.
An Integrating Authority is permitted to carry out data integration projects involving sensitive data. This accreditation is based on an assessment that assures the public and Government that integration of data is undertaken in a safe and secure manner, with the requisite skills, processes, infrastructure and culture in place to undertake data integration projects safely.
The ABS is committed to openness and transparency of all data integration projects. The Data Integration Projects page lists projects by year of approval.
ABS data integration projects are also registered on the online Public Register of Data Integration Projects on Data.gov.au.
When no single dataset can answer the question.
Data integration is only ever used for statistical and research purposes if the required analysis cannot be carried out using single datasets on their own. Your data would never be allowed to be integrated for regulatory or compliance tracking. ABS is precluded from releasing its information to other bodies.
There are two general approaches to joining data together - either across collections, or over time. Cross collection linkage relies on finding common elements in different source datasets and then using these common elements to merge the datasets together, while time based linkage creates a time series of data from a number of 'single point in time' observations.
SECRECY OF YOUR INFORMATION
Information will only be combined when there is a public benefit in doing so.
Any request to bring data together must be supported by strong justification and undergo a rigorous assessment and approval process to ensure the project provides a significant public benefit and safeguards privacy.
Only data that is absolutely required is included in any integrated set of data. Any data integration project must adhere to a set of Commonwealth endorsed High Level Principles to ensure your information is managed safely and securely, and in a manner that protects privacy.
- Principle 1 - Strategic resource
Responsible agencies should treat data as a strategic resource and design and manage administrative data to support their wider statistical and research use.
- Principle 2 - Custodian’s accountability
Agencies responsible for source data used in statistical data integration remain individually accountable for their security and confidentiality.
- Principle 3 - Integrator’s accountability
A responsible ‘Integrating Authority’ will be nominated for each statistical data integration proposal.
- Principle 4 - Public benefit
Statistical integration should only occur where it provides significant overall benefit to the public.
- Principle 5 - Statistical and research purposes
Statistical data integration must be used for statistical and research purposes only.
- Principle 6 - Preserving privacy and confidentiality
Policies and procedures used in data integration must minimise any potential impact on privacy and confidentiality.
- Principle 7 - Transparency
Statistical data integration will always be conducted in an open and accountable way so anyone can see how their data is being used.
Our internal processes ensure that secrecy of your information is a paramount consideration when data is being combined.
No person will ever be able to see all of your information together at any point of the data combining process. This is known as the separation principle.
Under the Census and Statistics Act 1905, the personal information you provide the ABS remains strictly confidential. The ABS never has and never will release identifiable data.
All ABS staff are legally bound never to release your personal information to any individual or organisation outside of the ABS. It’s an offence for any ABS staff, past or present, to divulge, directly or indirectly, any information collected under this Act. Penalties include fines of up to $25,200 or imprisonment for up to 2 years, or both, for anybody convicted of breaching this obligation.
We cannot, and will not share or provide your identifiable personal information to any government department or organisation. Aside from the legislative protections, key measures to safeguard information include strong encryption of data, restricted access on a need-to-know basis and monitoring of all staff, including regular audits.
Protection of your personal information is of paramount importance to the ABS as a trusted public institution.
ABS is committed to upholding the secrecy, privacy, confidentiality and security of the personal information it collects. Not only does the ABS have strong legislative protections which safeguard the privacy of an individual’s information, it has a proud 100-year history of maintaining community trust in the way it collects, uses, discloses and stores personal information. This reflects our culture, attitudes and practices as much as our legislative obligations and methodologies.
In addition to legislation that safeguards everyone’s personal information (the Census and Statistics Act 1905 and the Privacy Act 1988), we also ensure internal practices, methodologies and technology protecting your information are state of the art.
An independent assessment of ABS’ compliance with statutory privacy principles as well as wider privacy concerns and principles undertaken in 2005 by a former Privacy Commissioner found that the “ABS is proactive in seeking to ensure compliance with legislative requirements and internal administrative practices.” 
Since then, an independent audit of the ABS was undertaken in April 2012 as part of the ABS’ accreditation as an Integrating Authority . This accreditation ensures that risks are assessed, managed and mitigated throughout the duration of any data integration project. As an accredited data integration authority, the ABS complies with a set of key principles for any project that combines Census data with other data, including assessing every project to ensure that the project provides a significant public benefit.
We address risks around data and data integration practices. For this reason, a rigorous assessment and approval process will always assess applications for data integration to ensure the purpose and desired outcomes can be achieved safely and in the public interest.
In addition, no person will ever be able to see all of your information together at any point of the combining process. This is known as the separation principle. The ABS’ application for Accreditation addresses in detail how we adhere to the separation principles. The key layers of protection that will be in place as a result of applying functional separation are listed in the 2015 Privacy Impact Assessment .
It is widely recognised that an essential element of best practice for safely bringing data together is separation - separating personal identifiers from actual data, with the use of personal identifiers confined to the initial linking stage . This method provides maximum protection of private and confidential information.
Further information on privacy of your data supplied in the Census of Population and Housing can be found on the Census Privacy, confidentiality and security page.
The ABS uses first-rate security to protect all personal information collected.
The security measures in place have been independently tested and reviewed to ensure that your personal information is secure. The independent assessment of ABS’ compliance with statutory privacy principles as well as wider privacy concerns and principles also found that “ABS security measures meet the highest standards.” 
Australian Signals Directorate strategies are implemented by the ABS. These strategies include strategies specifically designed to mitigate targeted cyber intrusions. The ABS took part in an Australian National Audit Office cross-agency audit in 2014 on information technology system security against cyber-attacks. 
The ABS also utilises a high level encryption of data, including tight security around the storage and creation of the encryption keys. The ABS was also the first Commonwealth agency to receive certification at the ‘In confidence’ level by the Defence Signals Directorate for its Internet Gateway. 
The ABS privacy protections to prevent re-identification include:
1. Strong legislative protections which safeguard the secrecy of an individual’s information. An independent assessment of ABS implementation of our secrecy provisions was undertaken in 2005  and this assessment remains current.
2. Audited administrative procedures including that names and addresses will never be brought back together with other Census data.
3. Destruction strategy. Names and addresses will only be retained while they hold significant value. Consistent with the Australian Privacy Principles, the case for retention will be periodically reviewed and data will be destroyed if there is not a compelling case for retention.
4. Methodological best practice. The ABS has a long history on engaging locally and internationally to implement and shape best practice in privacy protections associated with personal information. 
5. Transparent accountability mechanisms. The ABS Chief Methodologist is responsible for reviewing and ensuring ABS data access practices reflect international standards and best practice. The Chief Methodologist is also responsible for advising the Australian Statistician on methodologies and tools that ensure ABS’ legislative requirements to ensure no personal information is released in a manner likely to enable identification are met.
What happens to Census name and address information?
After data collection and processing, the ABS removes names and addresses from other personal and household information.
Names and addresses will be stored securely and separate from one another. After the Census processing period is complete no-one working with Census data will be able to view non-anonymised personal information (such as name or address) at the same time as your other Census responses (such as age, sex, occupation, level of education or income)
Original name and address information is used by the ABS to generate anonymised versions of name (i.e. an unrecognisable code - for details see Information paper: Name encoding method for Census 2016) and address codes, which are combined with a limited range of other Census responses to facilitate data integration activities. This practice, known as the Functional Separation principle, ensures that an individual's identity remains protected during the linking and analysis process, whilst facilitating the combining of existing datasets to create richer and more valuable statistics for Australia
Further information on how the 2016 Census will protect your privacy, including your name and address information is available on the Privacy, Confidentiality and Security Census page.
The ABS uses international best practices that are also used extensively in Australia and a number of countries including the UK, New Zealand and Canada.
Anonymised codes are one of the many tools the ABS will use to protect privacy when using Census names and addresses. Each data linkage project using Census data, will use an anonymised code created from the names. The process converts names into an unrecognisable code. The ABS does not and will not use the SLK581 method to anonymise 2016 Census names.
Only a very small number of ABS officers will be approved to have access to Census names, and only when they need access to produce anonymised codes. These officers will not have access to any other Census data. These officers, like all ABS officers, have signed a lifetime undertaking of Fidelity and Secrecy. Access to the anonymised codes will also be restricted to a small number of ABS officers.
The anonymised codes are not part of any ABS statistical product that is publicly available. They are not available to researchers.
Anonymised codes are combined with a limited range of other Census responses to facilitate data integration activities. This ensures that the Functional Separation principle is applied to protect an individual's identity during the linking and analysis process.
Identifiable information is never released by the ABS. The ABS cannot, and will not, release identifiable personal information.
1. 2006 Census of Population and Housing – Enhancing the Population Census – Privacy Impact Assessment, 2005, para 7.10
2. Accredited Integrating Authorities – ABS application summary
3. Privacy Impact Assessment – Retention of Names and Addresses from 2016 Census, page 14
4. C.W. Kelman, A. J. Bass & C. D. J. Holman, Research use of linked health data – a best practice protocol, Australian and New Zealand Journal of Public Health, 2002, p. 251.
5. 2006 Census of Population and Housing – Enhancing the Population Census – Privacy Impact Assessment, 2005, para 7.10
6. Cyber Attacks: Securing Agencies' ICT Systems, ANAO Audit Report No.50 2013–14
7. 2006 Census of Population and Housing – Enhancing the Population Census – Privacy Impact Assessment, 2005, para 7.10
8. 2006 Census of Population and Housing – Enhancing the Population Census – Privacy Impact Assessment, 2005, Chapter 7
9. For example, UN Economic Commission for Europe Managing Statistical Confidentiality and Microdata Access Principles and Guidelines