What is data integration?
What are the benefits of data integration?
What are the benefits of the ABS performing data integration?
What data has the ABS brought together?
When is data integration used?
How does the ABS decide on what to join together?
How is the information brought together safely?
How is my privacy protected?
How is my personal information kept secure?
How can the ABS prevent re-identification?
What happens to Census name and address information?
How does the ABS use anonymised linkage keys?
The Australian Bureau of Statistics (ABS) is committed to extracting the greatest value from Australia’s statistical assets. We are supporting the delivery of the best policies and services for all Australians. We will achieve this by working as a partner with all those who need better quality information to inform better quality outcomes.
There are strong legislative protections in place to safeguard people's privacy. All data integration projects comply with the Privacy Act 1988 and the legislative requirements of both the ABS and partner agency, or agencies, involved. In addition, no data can be released by the ABS that is likely to allow an individual or business to be identified.
WHAT IS DATA INTEGRATION?
Data integration brings information together to create new datasets. It is an efficient and effective way of creating new insights about communities, families, our economy and industries by reusing existing data at minimal additional cost to taxpayers and with minimal additional burden on households and businesses.
Linked data can be used to look at patterns and trends among groups of people in the community. This sort of information can help improve Australians’ lives by facilitating better targeting of services, such as specialised health and education, to the people who need them, where they need them.
WHAT ARE THE BENEFITS OF DATA INTEGRATION?
Providing new insights where information has not previously been available.
Small groups or sub-populations, such as indigenous communities, are often underrepresented in single data sets. Combining data sets means these groups can be better represented by having a more informed picture. Data integration also allows us to make better use of existing data. Problems can be resolved more efficiently and effectively if the public isn’t asked the same question multiple times for different purposes.
We can also identify relationships that may never have previously been able to be identified. The value of data integration is that it allows problems to be solved that no single data set could solve on its own.
WHAT ARE THE BENEFITS OF THE ABS PERFORMING DATA INTEGRATION?
The ABS is an Accredited Integrating Authority.
An Accredited Integrating Authority is permitted to carry out data integration projects involving sensitive data. This accreditation is based on an independent assessment that assures the public and Government that integration of data is undertaken in a safe and secure manner, with the requisite skills, processes, infrastructure and culture in place to undertake data integration projects safely.
WHAT DATA HAS THE ABS BROUGHT TOGETHER?
The ABS is committed to openness and transparency of all data integration projects.
ABS data integration projects are registered on the online Commonwealth Data Integration Project Public Register on the National Statistical Service website.
WHEN IS DATA INTEGRATION USED?
Data integration is used when analysis of existing data fails to provide insight into an important policy issue.
Data integration is only ever used for statistical and research purposes if the required analysis cannot be carried out using single data sets on their own. Your data would never be allowed to be integrated for regulatory or compliance tracking.
There are two general approaches to joining data together - either across collections, or over time. Cross collection linkage relies on finding common elements in different source datasets and then using these common elements to merge the datasets together, while time based linkage creates a time series of data from a number of 'single point in time' observations.
HOW DOES THE ABS DECIDE WHAT TO JOIN TOGETHER?
Information will only be combined when there is a public benefit in doing so.
Any request to bring data together undergoes a rigorous assessment and approval process to ensure the project provides a significant public benefit and safeguards privacy.
Only data that is absolutely required is included in any integrated set of data. Any data integration project must adhere to a set of Commonwealth endorsed High Level Principles to ensure your information is managed safely and securely, and in a manner that guarantees privacy.
Principle 1 - Strategic resource
Responsible agencies should treat data as a strategic resource and design and manage administrative data to support their wider statistical and research use.
Principle 2 - Custodian’s accountability
Agencies responsible for source data used in statistical data integration remain individually accountable for their security and confidentiality.
Principle 3 - Integrator’s accountability
A responsible ‘Integrating Authority’ will be nominated for each statistical data integration proposal.
Principle 4 - Public benefit
Statistical integration should only occur where it provides significant overall benefit to the public.
Principle 5 - Statistical and research purposes
Statistical data integration must be used for statistical and research purposes only.
Principle 6 - Preserving privacy and confidentiality
Policies and procedures used in data integration must minimise any potential impact on privacy and confidentiality.
Principle 7 - Transparency
Statistical data integration will always be conducted in an open and accountable way so anyone can see how their data is being used.
HOW IS THE INFORMATION BROUGHT TOGETHER SAFELY?
Our internal processes ensure that privacy is a paramount consideration when data is being combined.
No person will ever be able to see all of your information together at any point of the data combining process. This is known as the separation principle.
Under the Census and Statistics Act 1905, the personal information you provide the ABS remains strictly confidential. The ABS never has and never will release identifiable data.
As an Australian Government agency, we also comply with the Privacy Act 1988 (Privacy Act) and handle your personal information in accordance with the Australian Privacy Principles (APPs).
All ABS staff are legally bound never to release your personal information to any individual or organisation outside of the ABS. It’s an offence for any ABS staff, past or present, to divulge, directly or indirectly, any information collected under this Act. Penalties include fines of up to $21,600 or imprisonment for up to 2 years, or both, for anybody convicted of breaching this obligation.
We cannot, and will not share or provide your identifiable personal information to any government department or organisation. Key measures to safeguard information include strong encryption of data, restricted access on a need-to-know basis and monitoring of all staff, including regular audits.
HOW IS MY PRIVACY PROTECTED?
Australians can be assured that their privacy is well protected — it is the number one priority of the ABS and a requirement of our legislation.
There are strong legislative protections in place to safeguard people's privacy. All data integration projects comply with the Privacy Act 1988 and the legislative requirements of both the ABS and other agencies involved. In addition, no data can be released by the ABS that is likely to allow an individual or business to be identified.
In addition to legislation that safeguards everyone’s privacy (the Census and Statistics Act 1905 and the Privacy Act 1988), we also ensure internal practices, methodologies and technology protecting your information are state of the art.
An independent assessment of ABS’ compliance with statutory privacy principles as well as wider privacy concerns and principles undertaken in 2005 by a former Privacy Commissioner found that the “ABS is proactive in seeking to ensure compliance with legislative requirements and internal administrative practices” (footnote 1).
Since then, an independent audit of the ABS was undertaken in April 2012 as part of the ABS’ accreditation as an Integrating Authority (footnote 2). This accreditation ensures that risks are assessed, managed and mitigated throughout the duration of any data integration project. As an accredited data integration authority, the ABS complies with a set of key principles for any project that combines Census data with other data, including assessing every project to ensure that the project provides a significant public benefit.
The ABS recognises the potential risks relating to data and data integration practices. We have a rigorous assessment and approval process to ensure applications for data integration to meet a clear need, can be achieved safely and the intended outcomes are in the public interest.
Data linkage takes place in a secure environment within the ABS, conducted by a dedicated data linkage unit.
No person can access personal identifying information (e.g. name, address, date of birth) and analytical information (e.g. occupation, income, health services use) at the same time. This is known as the separation principle. Datasets containing personal information are stored securely and separate from datasets containing analytical information.
It is widely recognised that an essential element of best practice for safely bringing data together is separation - separating personal identifiers from actual data, with the use of personal identifiers confined to the initial linking stage (footnote 3). This method provides maximum protection of private and confidential information.
Further information is also available on the measures taken to protect the privacy of Australians’ personal data collected as part of the Census of Population and Housing.
HOW IS MY PERSONAL INFORMATION KEPT SECURE?
The ABS maintains standard range of measures to ensure the security of all information it holds. These include:
- Strong security arrangements for all information technology systems used for the project which conform with IT security arrangements set out in the Australian Government Information Security Manual;
- Strict control of access to premises in accordance with the Commonwealth Protective Security Manual to ensure compliance with legislative responsibilities;
- Appropriate personnel security arrangements. Upon appointment, all staff working on the project undergo security checks and are required to sign an undertaking of fidelity and secrecy. Additionally, security clearances are undertaken for key staff involved in the data linkage process;
- A secured internet gateway which is reviewed annually by the Australian Signals Directorate;
- Regular Protective Security risk reviews to ensure that security arrangements continue to be effective; and
- An ongoing program of security audits and reviews of computer systems and the physical environment.
Australian Signals Directorate strategies are implemented by the ABS. These strategies include strategies specifically designed to mitigate targeted cyber intrusions. The ABS took part in an Australian National Audit Office cross-agency audit in 2014 on information technology system security against cyber-attacks (footnote 4).
HOW CAN THE ABS PREVENT RE-IDENTIFICATION?
The ABS privacy protections to prevent re-identification include:
- Strong legislative protections which safeguard the privacy of an individual’s information. An independent assessment of ABS implementation of our secrecy provisions was undertaken in 2005 and this assessment remains current (footnote 5).
- Audited administrative procedures including that names and addresses will never be brought back together with other data.
- Destruction strategy. Names and addresses will only be retained while they hold significant value. Consistent with the Australian Privacy Principles, the case for retention will be periodically reviewed and data will be destroyed if there is not a compelling case for retention.
- Methodological best practice. The ABS has a long history on engaging locally and internationally to implement and shape best practice in privacy protections associated with personal information (footnote 6)
- Transparent accountability mechanisms. The ABS Chief Methodologist is responsible for reviewing and ensuring ABS data access practices reflect international standards and best practice. The Chief Methodologist is also responsible for advising the Australian Statistician on methodologies and tools that ensure ABS’ legislative requirements to ensure no personal information is released in a manner likely to enable identification are met.
WHAT HAPPENS TO CENSUS NAME AND ADDRESS INFORMATION?
After data collection and processing, the ABS removes names and addresses from other personal and household information.
Names and addresses will be stored securely and separate from one another. No one working with Census data will be able to view your personal information (name or address) at the same time as your other Census responses (such as age, sex, occupation, level of education or income).
Stored separately and securely, individuals names will also be substituted with a linkage key, a computer generated code, completely anonymising the personal information. Only these anonymous linkage keys will be used by the ABS to bring data sets together. This practice is known as the Functional Separation principle.
Further information on how the 2016 Census will protect your privacy is available on the Privacy, Confidentiality and Security Census page.
HOW DOES THE ABS USE ANONYMISED LINKAGE KEYS?
The ABS uses international best practices in data integration that are also used extensively in Australia and a number of countries including the UK, New Zealand and Canada.
Experience shows that using name and address information is crucial to achieving high quality linkage between datasets, and therefore high quality statistics.
Anonymised linking keys are one of the many tools the ABS will use to protect privacy when using Census names and addresses. For each data linkage project using 2016 Census data, an anonymised linkage key will be created from the names. The process converts names into an unrecognisable code. For example, “Jane Smith” might become “$Hwk0&ila#p”.
The ABS will not use the SLK581 method to anonymise 2016 Census names.
Only a very small number of ABS officers will be approved to have access to Census names, and only when they need access to produce anonymised linkage keys. These officers will not have access to any other Census data. These officers, like all ABS officers, have signed a lifetime undertaking of Fidelity and Secrecy. Access to the anonymised linkage keys will also be restricted to a small number of ABS officers.
No one inside or outside the ABS will have access to both the anonymised linkage keys and Census data at the same time. The anonymised linkage keys are not part of any ABS statistical product that is publicly available. They are not available to researchers.
Identifiable information is never released by the ABS. The ABS cannot, and will not, release identifiable personal information. This includes anonymised linkage keys.
NEED MORE INFORMATION?
1. 2006 Census of Population and Housing – Enhancing the Population Census – Privacy Impact Assessment, 2005, Section 7 paragraph 7.10
2. Accredited Integrating Authorities – ABS application summary
3. C.W. Kelman, A. J. Bass & C. D. J. Holman, Research use of linked health data – a best practice protocol, Australian and New Zealand Journal of Public Health, 2002, p. 251.
4. Cyber Attacks: Securing Agencies' ICT Systems, ANAO Audit Report No.50 2013–14
5. 2006 Census of Population and Housing – Enhancing the Population Census – Privacy Impact Assessment, 2005, Section 7
6. For example, UN Economic Commission for Europe Managing Statistical Confidentiality and Microdata Access - Principles and Guidelines of Good Practice