1. Data custodians must be, and must be seen by the public to be, appropriate agencies to collect, use and store identifiable data (Endnote 1).
2. Each Commonwealth agency collecting data has specific legislation which controls access to that data, and prescribes penalties for unauthorised use or disclosure. The requirements set out below reflect these legislative obligations.
3. Data custodians are subject to Commonwealth, State and Territory privacy regimes (such as the Privacy Act 1988) which regulate their use of personal information, including the provision of data to integrating authorities. Specific laws also govern how integrating authorities may use this information once it is provided to them. The Privacy Act 1988 regulates the handling of personal information held by both Commonwealth and ACT government agencies and most private sector organisations. Generally, entities that hold personal information should not disclose it to another person, body or agency unless an exception permits the disclosure. Exceptions include: where the individual is reasonably likely to have been aware that information of that kind is usually passed to that person, body or agency; where the individual consents; or where the disclosure is required or authorised by or under law.
4. Commonwealth Portfolio Secretaries have endorsed a set of high level principles for data integration involving Commonwealth data for statistical and research purposes. Principle 3 states that an integrating authority must be nominated for each data integration project.
5. For each low or medium risk data integration project (Endnote 2), or family of projects, the data custodian(s), in consultation with the proposed integrating authority, will assess whether an integrating authority:
b. has an appropriate policy framework in place to prevent disclosure of identifiable information, other than where allowed by law.
6. Legislated authority exists for an integrating authority to receive identifiable data from a data custodian when:
b. the legislation under which the data was collected provides for this type of agency or body to access and use the data custodian’s identifiable data for statistical and research purposes; or
c. the integrating authority is covered by legislation that authorises it to access and use the data custodian’s data for statistical and research purposes.
7. For cross portfolio projects the decision on authorisation will be made collaboratively by multiple custodians. Each data custodian will need to separately assess the legislated authority.
8. Authority for the data custodian to provide identifiable data to an integrating authority can also be obtained through consent from the data provider where this is not precluded by legislation. In such cases data custodians must assure themselves that appropriate informed consent has been given by data providers, to the disclosure of their identifiable data to the agency or body nominated to be the integrating authority.
Policy environment which provides support to ensure that no identifiable data is disclosed
9. Integrating authorities nominated by data custodians to undertake a medium or low risk data integration project for statistical and research purposes must demonstrate to data custodians that the policy environment in which they operate provides support to prevent disclosure of identifiable information. In particular, employees and officers of the integrating authority must understand and value the importance of protecting identifiable data, and understand the impact any breaches would have on the trust the public places in data custodians of Commonwealth data.
10. Integrating authorities need to provide assurance to the data custodians that they are able to comply with Principle 6 which states that ‘policies and procedures used in data integration must minimise any potential impact on privacy and confidentiality’ and that they have the capacity to manage risks of both direct and indirect identification, particularly in terms of units with unusual characteristics. This management must take account of the potential increase in identifiability of one set of data when combined with another set.’ Principle 7 concerns the transparency of a data integration project, so the policy environment in which integrating authorities operate should be transparent to the public, this includes registering all data integration projects on the National Statistical Service website.
Attachment 1: Data custodians’ legislation: some examples
The information in this attachment provides a brief overview of some relevant provisions in legislation, to demonstrate some of the legal issues that arise. This information is current as at 30 October 2013 and is provided solely for information. Data custodians may also need to seek legal advice to assess whether a particular project is consistent with legal requirements.
In addition, all Commonwealth agencies are subject to the Privacy Act 1988. The website for the Office of the Australian Information Commissioner provides detailed information about the Act, see http://www.privacy.gov.au/law/act. Some of the examples below also discuss the implications of the Privacy Act, for illustrative purposes.
Organisations to which ABS can provide identifiable data
Section 13 of the Census and Statistics Act 1905 prohibits the ABS from releasing information of a personal or domestic nature relating to a person in a manner that is likely to enable the identification of that person.
Under Clause 7A and Clause 6 of the Statistics Determination 1983, identifiable information relating to an organisation or business may be disclosed for statistical purposes. Release of information under a clause of the Statistics Determination is at the discretion of the Statistician, and is only to be used for statistical purposes and when an enforceable undertaking has been signed.
The ABS is also subject to, and compliant with, the Privacy Act 1988.
Australian Institute of Health and Welfare (AIHW)
Organisations to which AIHW can provide identifiable data
Section 29(2)(c) of the Australian Institute of Health and Welfare Act 1987 (the AIHW Act) provides that the AIHW may provide identifiable data, relating to living or deceased individuals, to any person specified in writing by the AIHW Ethics Committee, provided this is not contrary to the terms and conditions under which the information was directly provided to the AIHW. This applies to both health and welfare-related data.
However, AIHW is also subject to the Privacy Act 1988, which restricts AIHW’s ability to release identifiable data about living individuals. Guidelines issued by the National Health and Medical Research Council under Section 95 of the Privacy Act 1988 (s95) provide the basis on which, the AIHW Ethics Committee may approve the release of health information about living individuals for the purpose of medical research if this satisfies a public interest test. Section 95 does not provide for the release of identifiable welfare data.
In summary, the combined effect of these legislative enactments is that AIHW may make health data about living individuals available for research with the approval of the AIHW Ethics Committee, in the terms outlined above. Release of identifiable welfare data may only be approved by the AIHW Ethics Committee in respect of deceased individuals.
Organisations to which ATO can provide identifiable data
Under Section 355-65 of the Taxation Administration Act 1953, the ATO can provide identifiable information to the Australian Statistician (ABS) for the purpose of administering the Census and Statistics Act 1905.
The Department of Social Services is subject to a number of Acts which are relevant here, including the Social Security (Administration) Act 1999 (Cth) (the SS Admin Act); Family Assistance law (sections 161-170 of the A New Tax System (Family Assistance) (Administration) Act 1999 have provisions about confidentiality); and the Disability Services Act. As this attachment is provided for illustrative purposes only, rather than as a comprehensive guide to all of the legal issues that apply when considering whether a particular data integration project can proceed, the Social Security (Administration) Act 1999 is the only Act considered below.
Social security law – use and disclosure of identifiable information
Protected information can only be used and disclosed in accordance with the confidentiality provisions set out in Division 3 of Part 5 of the Social Security (Administration) Act 1999 (Cth) (the SS Admin Act). Protected information is defined in section 23(1) of the Social Security Act 1991 (Cth).
Paragraph 208(1) of the SS Admin Act permits the Secretary to disclose information acquired by an officer (the meaning of ‘officer’ is defined in section 201A of the Act) in the performance of their functions or duties under the social security law for certain purposes, if the Secretary certifies that it is necessary in the public interest to do so. The Secretary may disclose the information to such persons as the Secretary determines, or to other parties such as:
· the Secretary of a Department of State of the Commonwealth or to the head of an authority of the Commonwealth for the purposes of that Department or authority; or
· a person who is expressly or implicitly authorised by the person to whom the information relates to obtain it.
Subsection 202(2C) of the SS Admin Act may enable disclosure or use of protected information, if, for example, that is done for the purpose of research or statistical analysis of matters relevant to a Department that is administering any part of the social security law.
Information may constitute both protected information (under the social security law) and personal information (under the Privacy Act 1988). If the data is protected information and the disclosure is authorised under the SS Admin Act then the disclosure will also be permitted under the Privacy Act 1988 on the basis that the disclosure is ‘authorised by law’ (as per the exception at Information Privacy Principles (IPP) 11(1)(d)).
Department of Health
Organisations to which the Department of Health can provide identifiable data
Under Section 130 of the Health Insurance Act 1973 and Section 135A of the National Health Act 1953, the Secretary (or the Chief Executive Medicare, Department of Human Services) may release information if the Minister certifies that it is necessary in the public interest. Information may also be released to a prescribed authority or a prescribed person.
Locating legislation on the ComLaw website(a)