Privacy Statement
National Disability Data Asset and Australian National Data Integration Infrastructure
The National Disability Data Asset brings together de-identified information from different government agencies about all Australians to better understand outcomes for people with disability. This includes those who have used government services or taken part in some types of government surveys.
This privacy statement is about how government agencies share information to create the disability data asset and how the data will be used. It includes the laws that apply and processes that people must follow.
About the disability data asset
The disability data asset will include information about employment, income, health, education and other support services. It will help us better support people with disability, their families, carers and the disability community.
The Department of Social Services is working with the Australian Bureau of Statistics (ABS), and the Australian Institute of Health and Welfare (AIHW) to create the disability data asset. State and territory governments and the disability community are also involved in developing the disability data asset.
The underlying system that supports the disability data asset is the Australian National Data Infrastructure. This system allows us to connect and analyse data in the disability data asset.
Key terms in this statement
Accredited
Accredited means that an Australian, state and territory government agency or Australian university has been approved to collect, use and protect data. They must be approved by the Minister responsible for managing the Data Availability and Transparency Act 2022 or the National Data Commissioner. All organisations that use the disability data asset must be accredited. Find out more about accredited organisations.
De-identified
De-identified data is information about people that doesn’t include personal information, like names or addresses. This means there is a very low risk that anyone can use the data to find out who people are. Find out more about de-identified data.
Personal information
Personal information is information about a person that someone could use to identify them. This could include someone’s opinion about a person.
Personal information could include:
- a person’s name, address, date of birth
- government identifiers (such as a Medicare number).
Find out more about personal information.
The laws and standards that apply
A range of government agencies store your personal information to support the work they do.
These government agencies share your data with the disability data asset under the Data Availability and Transparency Act and other relevant laws. It is also called the DATA Scheme. The DATA Scheme works with other laws and agreements to allow data sharing. This includes state and territory laws and data sharing agreements.
Government agencies can be accredited data service providers under the DATA Scheme. A small number of these can provide data services for the disability data asset and its underlying system. For example, doing the work of linking data together. When accredited data service providers use your personal information in the disability data asset, they must follow the Privacy Act 1988, including the Australian Privacy Principles. They must also follow other privacy laws that apply.
Data breaches
If there is a data breach that is likely to cause you serious harm, the ABS or the agency that provided the data must tell you. They must also notify:
- the Office of the Australian Information Commissioner – the national agency that deals with privacy and information access rights
- the National Data Commissioner
- other people or organisations that are involved.
If a person or organisation doesn’t follow the agreed uses of the disability data asset or its underlying system, they might get a sanction or penalty. A sanction might include a warning or no longer being able to access the disability data asset.
Penalties under the Data Availability and Transparency Act might be:
- a fine of up to $187,800
- going to prison for up to 5 years
- both.
Keeping your information safe
Many processes work together to keep your data safe.
Accredited data service providers use the separation principle to protect data in the disability data asset. This means they keep personal information like names and addresses separate from analytical data, such as employment status. No one working with the data can see or use both personal and analytical information at the same time.
When an accredited data service provider receives data, they de-identify it using a policy developed by the ABS. They do this in different ways. This includes removing details that make it easy to find out who people are. For example, their name, address and date of birth. Once your information is de-identified, it is difficult for someone to find out who you are. This means that the data is no longer personal information.
An authorised officer from the ABS must approve a research project before it can use data in the disability data asset. This officer will make sure data is only used in line with:
- the National Disability Data Asset Charter (the Charter)
- data provider agreements
- other project requirements, like using data in an ethical way.
The Charter explains rules and principles for the disability data asset. It lists what data can’t be used for. For example, it can’t be used to make decisions about a person’s access to government funding.
The National Disability Data Asset Council (the Council) includes members from the disability community and the government. The Council oversees the uses of the disability data asset, in line with the Charter.
Only approved researchers can access the disability data asset. Researchers must belong to an Australian, state and territory government agency or Australian university. They must also be accredited under the DATA Scheme. Other organisations, such as foreign organisations, can’t be accredited.
Researchers will only get access to the smallest amount of data that they need for their project. We will give access in line with:
- the Australian Government Data Sharing Principles
- guidance from the National Data Commissioner – the agency that controls the DATA Scheme
An approved researcher can ask to make their research findings available for them to use outside of the underlying system. The ABS and AIHW will check all findings to make sure there’s a very low risk it could identify people. They do this before releasing any findings from the underlying system. They only approve findings that are summaries of the data.
Other processes include:
- training people about their responsibilities to keep data safe
- overseeing and checking activities that use the data.
Keeping your information secure
We store information for the disability data asset in the secure underlying system. This system is in line with the rules and guidelines set out in:
Detailed data must only be stored, provided and used within Australia. Detailed data can include personal information or de-identified analytical data.
The security review
A professional from the Infosec Registered Assessors Program (IRAP) reviewed the system to make sure it is secure. IRAP did an independent review of the system’s security processes. This included assessing how the processes are used, how suitable they are and how well they work.
Information in approved computer systems
An accredited government agency could store information in a computer system they use to work with the data. For example, when working on a project. The ABS and AIHW must approve those computer systems as safe to link or analyse the data.
Keeping and destroying your information
For information that is legally considered to be Commonwealth records, government agencies will follow the Archives Act 1983. This Act includes the laws around keeping people’s data. Australian government agencies like the ABS and AIHW follow this Act.
Government agencies will destroy your personal information when they don’t need it anymore. This can only be done in line with the Archives Act, Australian Privacy Principles and other relevant state or territory laws.
The aim is to protect personal information by storing data securely and only keeping data when there is a need for it.
Information on our privacy practices
Accessing changing or removing your information
You won’t be able to access, change or remove information about yourself from the disability data asset. This is because we remove personal information, including names and addresses, from the data. This means we can’t find your information in the disability data asset.
Making a privacy complaint
To make a complaint about how data is used in the disability data asset, contact the ABS Privacy Officer at privacy@abs.gov.au.
You can also send complaints by mail:
Privacy Officer
Privacy Section
Australian Bureau of Statistics
Locked Bag 10
Belconnen ACT 2617
If you’re not happy with how the Privacy Officer handles your complaint, you can contact the Office of the Australian Information Commissioner.
Accessible versions of the privacy statement
This privacy statement is available in different formats. This includes Auslan, Easy Read and plain language.
If you would like this information in another format, such as braille or hard copy, please contact ndda@abs.gov.au.
There is a range of accessible information on the National Disability Data Asset website.
Learn more
More information about the National Disability Data Asset is on the National Disability Data Asset website at www.ndda.gov.au.
You can also email questions about the privacy of the disability data asset to ndda@abs.gov.au.