Home | Stats Matter | Toolkit | Confidentiality


Stats Matter


Aim of this topic

To provide officer-level guidance to assist Tasmanian Government agencies in confidently covering off confidentiality obligations in managing datasets.

Confidentiality refers to the obligation of data custodians (agencies that collect information) to keep confidential information they are entrusted with secret.

Why is confidentiality important?

The obligation to protect confidentiality is reflected in legislation as well as government policies. In Tasmania this is recognised in the Personal Information Protection Act 2004, nationally it is recognised in the Privacy Act 1988.

It is also reflected in legislation, procedures and protocols in relation to specific government activities where information is collected. For example, the Child Care Act 2001 (Tas), the Education Act 1994 (Tas) and the Gaming Control Act 1993 (Tas). Penalties may apply if the secrecy provisions set out in these Acts are breached.

Organisations that collect data depend on the goodwill and cooperation of the community, businesses and other organisations to provide the information. By protecting the confidentiality of the information provided, organisations that collect data help maintain the trust and goodwill of providers, and are better able to collect the required information.


What does ‘confidentialise’ mean?

The term confidentialise refers to the steps taken to mitigate the risk that a particular person or organisation can be identified in a dataset either directly or indirectly. It is a two step process:

  1. de-identification of the data (removing direct identifiers, such as name and address); and
  2. assessing and managing any risks of indirect identification in the de-identified dataset.

De-identification alone does not necessarily protect the identity of individuals and organisations.


When and how do I confidentialise data?

There are several techniques to identify when there is a potential risk of identification in aggregate and micro data as well as to confidentialise data that poses those risks:

  • rules to assess identification risk: frequency rules and cell dominance rules; and
  • techniques to confidentialise data: removing identifiers; data reduction methods; and data perturbation methods.


I’ve removed name and address... isn’t that enough?

The removal of direct identifiers (de-identification), such as name and address, does not necessarily protect the identity of individuals and organisations. It may still be possible to indirectly identify a person or an organisation in de-identified data if there are rare or unique characteristics about that person (or organisation) within the dataset.

Resources 1

1 Please exercise caution when applying these guidelines in a Tasmanian legislative context as there are differences between the state legislation on the Privacy Act 1988 (Cwth)

Document key
 HTML page
 Link to external site
 PDF file
 MS Word
 MS Powerpoint
 MS Excel