Australian Information Commissioner won't say which agencies follow data-match guidelines
We do know it assessed 12 gov data-matching ideas last year, but the code is voluntary
Is that good or bad? Who can say: compliance with the guidelines is voluntary The Office of the Australian Information Commissioner (OAIC) received a dozen requests to review data matching programs in the last financial year, The Register has learned.
But The Register can't assess whether that number is good, bad or indifferent, because the OAIC's Guidelines on Data Matching in Australian Government Administration are voluntary.
The OAIC also chose not to answer our questions on how many federal government agencies have chosen to apply the Guidelines and whether any agencies have chosen to ignore them.
As the Office explained to El Reg, “The guidelines are voluntary. However, the OAIC encourages agencies to agree to adopt and comply with the guidelines. An agency would not be acting unlawfully if it did not comply with the guidelines, unless the acts or practices of the agency constitute a breach of the Privacy Act 1988.
We asked the OAIC about the number of requests it receives for assessment of data-matching programs before Australia's recent and very-disrupted census. In response to our questions the Office said the 12 came from agencies including “the Department of Human Services (DHS), the Australian Taxation Office and the Clean Energy Regulator.”
We also asked the OAIC if it “provided any advice, to any agency or minister, on the data matching programs proposed to be used by the Australia Bureau of Statistics based on data collected in the 2016 Census?”
The OAIC did not answer that question.
The Bureau of Statistics (ABS) told us, in an email we're allowed to attribute to chief operating officer and deputy Australian statistician Jonathan Palmer, that “The ABS is fully compliant with theGuide for Data Integration Projects Involving Commonwealth Data for Statistical and Research Purpose, the Privacy Act 1988, and the secrecy provisions of the Census and Statistics Act 1905.”
Palmer's PR proxy also said “The Information Commissioner's Guidelines on Data Matching in Australian Government Administration are intended for use by agencies that use data matching to determine whether administrative action is warranted. The ABS does no matching to inform administrative actions. However, ABS practice is consistent with many of the principles and practices recommended.”
The OAIC also pointed out that it regulates the Data-matching Program (Assistance and Tax) Act 1990 and the Guidelines for the Conduct of Data-Matching Program (statutory data-matching guidelines) which govern any matching by assistance agencies using the Tax File Number. It's also scored some new funding to provide regulatory oversight of “new data matching activities to be conducted by DHS under the Enhanced Welfare Payment Integrity initiative. The OAIC has been working with DHS to design and implement an effective oversight regime to provide assurance to DHS, the public and government that privacy risks are being addressed.”
The ABS also pointed out to us that it complies with the Guide for Data Integration Projects Involving Commonwealth Data for Statistical and Research Purposes.
+Comment: A simple conclusion from the facts the ABS and OAIC have offered to The Register is that Australia has a complex and overlapping set of data-sharing regulations, without a central regulator to monitor compliance and varying degrees of obligation to comply.
With data-matching advanced as the solution from everything to intergenerational poverty to dodgy builders failing to finish jobs, surely a simpler and more transparent regime is a worthwhile initiative. ®