Facebook Google Menu Linkedin lock Pinterest Search Twitter



Jan 27, 2016

Govt to store a trove of highly personal data, putting you at risk

The ABS has rejected advice from a decade ago not to keep names and addresses from its national census, creating a data trove that future governments may find too tempting.


A census-taker on the job in 2011

The Australian Bureau of Statistics is pressing ahead with plans to retain names and addresses obtained in the 2016 census despite having commissioned advice warning against it a decade ago.

Last week Crikey explained that the ABS had decided it would retain the names and addresses of every individual in the country collected as part of the 2016 census. According to the ABS media release, this would “provide a richer and dynamic statistical picture of Australia”, particularly when coupled with matching up census data “with other survey and administrative data”. To address privacy concerns, the ABS commissioned a Privacy Impact Assessment that had given the idea the all-clear. Retaining your name and address — to be held separately from the main census information, the ABS says — will enable “more efficient survey operations, reducing the cost to taxpayers and the burden on Australian households”.

In announcing the decision, what the ABS didn’t say was that when it proposed the same retention for the 2006 census, it was told by a privacy expert it was a bad idea. In 2005, the ABS commissioned Nigel Waters to conduct a privacy impact assessment report. Waters is a privacy sector veteran who was deputy Australian federal privacy commissioner in the 1990s. Assessing the ABS’ proposal to retain names and addresses and to use unique identifiers, Waters told the ABS:

“Some will see the Proposal as a radical departure from established practice, which will create a data resource so rich and valuable for administrative uses that the privacy and secrecy framework under which the ABS operates may come under great and possibly irresistible pressure, if not immediately, then at least in the medium to long term … Despite the rigour of the legislative protections, and the ABS track record both of procedural safeguards and of defence of the principle of confidentiality, there remains a residual privacy risk of future changes in legislation to allow administrative or other nonstatistical uses.”

Waters, in recommending name matching be abandoned, noted that there were strong legislative safeguards in place to prevent unauthorised and authorised but unnecessary access to ABS data. And the ABS had demonstrated a commitment to observing these safeguards, but this offered no guarantees or protections into the future.

“Neither the ABS nor the current government can guarantee that the current and proposed legislative controls will remain indefinitely in the absence of any constitutional protection of privacy, they are ultimately vulnerable to the decisions of the government of the day, subject to parliamentary approval. Those concerned about the possibility of changes typically referred to in the privacy context as ‘function creep’ will inevitably cite the example of the progressive extension of the use of the Tax File Number (TFN) since 1989, despite very firm promises and assurances.”

This reflects a point that should be at the heart of any privacy debate: the best way to prevent breaches or misuse of personal information is never to collect it in the first place, because you don’t know future governments, third parties or actors who exploit security breaches will do with the information. While critics of censuses around the world cite historical examples such as Hitler’s use of the German census to target minorities, and the use of US census data to help with internment of Japanese-American citizens during WWII, not all the examples are from the history books. In 2004, the US census bureau provided the Department of Homeland Security with a database of information from the 2000 US census on the location of Arab-Americans and their countries of origin.

While the ABS has a good history of protecting Australians’ privacy, that’s no guarantee that future governments won’t decide — possibly in the midst of a national security scare — that that privacy is secondary to public policy. In that event, the 2016 census — the greatest population-wide infringement on Australians’ privacy since census-taking began in Australia in colonial times — will offer a trove of information.

The ABS has provided the following response after deadline:

“After a long period of consideration, public submissions and consultation, the Australian Bureau of Statistics (ABS) announced in December that it will retain the names and addresses collected in the 2016 Census of Population and Housing to provide a richer and dynamic statistical picture of Australia through the combination of Census data with other survey and administrative data.

The ABS is committed to the protection of the privacy and confidentiality of everyone who completes the Census. The ABS has legal obligations to keep data secure and ensure that it does not disclose identifiable information about a person, household or business. These protections been central to the ABS since its formation and have been consistent in our legislation throughout our 111 year history (Census and Statistics Act 1905).

To secure Census data, the ABS will remove names and addresses from other personal and household information after data collection and processing. Names and addresses will be stored separately and securely. No-one working with the data will be able to view identifying information (name and address) at the same time as other Census information (such as occupation or level of education).

The names are used to generated anonymised linkage keys, which are then used to link Census data to other data sets – thus maintaining the separation of names from Census data at all time. This is explained in detail in the Privacy Impact Assessment on pages 12 to 15.

The ABS will use well-established governance infrastructure and procedures to manage the approval, conduct and review of statistical data integration projects using Census data.

Before making this decision the ABS conducted a Privacy Impact Assessment which has been published on the ABS website. It shows that the retention of names and addresses in the manner proposed, has very low risks to privacy, confidentiality and security. The Privacy Impact Assessment process included consultation with the Australian Privacy Commissioner, as well as State and Territory Privacy Commissioners.”



We recommend

From around the web

Powered by Taboola


Leave a comment

12 thoughts on “Govt to store a trove of highly personal data, putting you at risk

  1. AR

    I’m surprised at how little recognition there is that massive data collection/surveillance is now often a function of excess capacity in computer systems.
    No bureaucrat likes to see their toys underutilised, else there might be serious question during the next budget allocations.
    In an unfortunate mirror image of one of the dumb/dumb (Wayne’s World?) flics of the 80s, “if they’ve built it they’re gonna use it”.

  2. p Collins

    How is different from the massive amount of data the government >>>all ready has<<< , via TAX office and social security and metadata laws?

  3. zut alors

    This should be the subject on Australian’s lips today not the issue whether to become a republic.

  4. zut alors

    typo, ‘ should read ‘Australians’ lips….’

  5. JMNO

    The UK census of old was kept in its entirety and could be accessed by anyone after 100 years. Their old censuses don’t have quite as much information as our modern ones but still have quite a lot.

    This is really useful for us family history buffs. Is it possible to keep census data with a 100 year ban on accessing the original documents?

  6. Dogs breakfast

    Given that politicians immediately bend over to any request from the AFP and spy agencies, under the pretext of terrorism, it would be surprising if the data was even a few months old before it was being used inappropriately.

  7. RachelP

    Surely the correct response to this is to organise a bit of civil disobedience. Lead a campaign for everyone to tell outrageous lies on their Census in protest of privacy breaches?

  8. Marion Wilson

    If this information is stored anywhere at all there are people who will access it and use it themselves or sell it on – or both. No matter how well intentioned our government may be at present – and I’m not confidant that that is so – stored information can and will be hacked (possibly altered) and vulnerable individuals will be exposed to predators.

  9. paddy

    I wonder how long it will be, before the census data is hacked?
    In a digital age, the constant lesson seems to be, that digital data is inherently insecure.
    If you don’t HAVE to keep it, then DON’T!

  10. zut alors

    Paddy, have no fear about the data being hacked. It will likely be sold or traded before the hackers even get a crack at it.

  11. Desmond Graham

    why worry about the census – the government is about to penalise doctors who do not put their patients medical records onto the government data base.
    just imagine a woman’s vaginal itch – being on the data base in Canberra
    The government will then will data mine the health records and sell ,to achieve more revenue, to insurers.
    Yet Crikey and other journos have not raised a squeak about such personal data residing in Canberra to be used as the government of the day feels deposed to.

  12. Mister Miller

    I think it’s funny that people are worried about this particular data capture and just because it’s a concept by ‘government’ it terrible and horrible despite the vast majority of ABS data contributing to the country’s budget allocation. The focus should be on corporations who knowingly exploit data readily available from the purchase of everyday items from food to furniture.
    At least the government publicise it, so the media and the public can judge/comment and create stigma, unlike corporations who use data for profit and strategic advantages that are more damaging and more harmful to the Australian public than government having snippets of data to keep money going to the right places in the community, infrastructure being built, and communities being safe from threats.
    As a simple case, let’s look at take corporations like Accellion and TICA, this area sites that look after 2 functions;
    1 – At simplest – Recording your financial and sales data to be shared between a corporation and its many 3rd party subsidiaries or mutually funded ventures/or shareholdings, even if they are off shore.
    2 – Recording all your real estate, tenancy data including tenancy applications, personal reference details (who did not permit their data being used in other methods than the application) and identification/ documentation supplied to support your real estate application which will be shared between a corporation and its many 3rd party subsidiaries or mutually funded ventures/or shareholdings, even if they are off shore.
    These corporation, 3rd party subsidiaries or mutually funded ventures/or shareholdings, even if they are off shore, are everything from marketing companies (we all know that’s not a hard company to start and exploit), private investigators, shopping brands (we all know that’s not a hard venture to start), 3rd Party Administrators who are offshore (different privacy standards), Phone Companies, and Debt Consolidation Companies – all of which don’t have to get government security and vetting checks, sign complex privacy and secrecy agreements with government agencies, and have huge staff turnovers.
    From that information alone, I can track and locate someone, even just a random, to exploit their data for malpractice.
    Still…not a single mention…the worst part is this data in most cases is provided by the public to corporations freely or by so called mandatory clause agreements – I think the ABS is the least of our problems


Telling you what the others don't. FREE for 21 days.

  • This field is for validation purposes and should be left unchanged.