Every five years Australians partake in a national survey known as the Census. The Census collects statistics from every household in the country and captures a snapshot of the nation. This year the Census has created controversy as the ABS decided to embrace the digital age and attempted to conduct the Census through an online survey.

The ABS has also opted to remove the anonymity factor in this year’s Census. They will be collecting names and addresses of survey participants, justifying the change as a way of providing better insights into key areas such as employment, transport, health and education. Trialling an online survey and shifting away from anonymity has concerned many Senators and Civil Liberty Advocates, who have asked, “what will the government do with this information? Is this a breach of Privacy law? And will my online survey data be safe?”

Is the Mandatory Collection and Retention of Data Secure?

The ABS has a privacy policy which clearly sets out how your personal information is handled, collected and used. The ABS is an Australian Government Agency, created by the Australian Bureau of Statistics Act 1975 (Cth) and required to comply with the Privacy Act 1988 (Cth) (Privacy Act). As such, they must handle your personal information following the Australian Privacy Principles (APPS).

The legislation that permits the ABS to collect statistical information and outlines its responsibilities in doing so is the Census and Statistics Act 1905 (Census Act). The Census Act must comply with APP 3 of the Privacy Act, which requires that a Commonwealth agency may only collect personal information that is reasonably necessary or directly related to one or more of its functions or activities. The ABS must follow the provisions of the Census Act (s19) and treat all information collected in a strictly confidential manner.

Data Breaches

Breaches of privacy are unpredictable, yet extremely common. The APPs set out four key steps to managing a breach. The ABS will also look to these steps should a breach of Census data occur:

  1. Contain the breach: Once notified of a breach, containment may involve closing or shutting down the compromised system to prevent further records from being misused.
  2. Determine the risk of the breach: It is important to assess the risk. What information has been compromised? Who is affected by this breach?
  3. Notify: Determine whether notification of the breach is required, whether to individuals or the relevant authority.
  4. Prevent future breaches: As a result of a direct breach, there should be a review of policies and procedure to staff and a security audit of data. It is important to learn from breaches and prevent them from recurring.

In the Event of a Breach, Must the ABS Notify Individuals?

It will depend on the nature of the privacy breach and seriousness of the harm caused to that individual. Providing notice to an individual can help reduce the harm caused by a privacy breach. Notice should also be given to the relevant authorities, whether this is the Office of the Australian Information Commissioner (OAIC), local police or other relevant regulatory bodies.

How Long Can Personal Information Be Kept Under the APPs?  

Under the APPs 4.3 and 11.2, APP entities are required to take reasonable steps to remove, destroy and de-identify information that is no longer used or relevant.

This Year’s Hack

In the lead up to the Census, the ABS and Federal Government was optimistic in the face of a sceptical general public. Despite reassurances that the data collected would be safe and protected, fears that the Census would be a target for hackers were realised on August 9th. As a precaution, the ABS shut down the Census site in response to these international “cyber attacks”.

Aren’t We a Generation of Data Over-Sharers Anyway?

The Small Business Minister, Michael McCormack has mentioned that the loss of anonymity in this year’s Census is “no worse than Facebook”. Facebook and other social media platforms are used daily by a majority of the population, storing private information and personal data on all of its users. Similarly, the ABS have said that your average Woolworths or Qantas loyalty card requires more information than the Census does. So if the Census is just like signing up to Facebook or for a supermarket loyalty card, why do we all care so much? It might be that we volunteer our personal information to social media or loyalty programs, whereas the census is compulsory.

You shouldn’t limit your privacy concerns to the Census because you are putting yourself at risk when volunteering your personal information online. The general rule of thumb for data sharing is, if it’s free, your personal information may be the payment. For instance, the information you provide to Facebook will be used to sell to advertisers who can in turn target you with relevant advertising material.

At work, your data may also be at risk. Larger companies can afford top IT security, but it is important to keep in mind that the information you share to startup apps may not be as secure.

It’s important to be acutely aware of the risks, and the methods you can use to protect yourself online. Use discretion when volunteering your personal data, check that the site or app is secure and read their privacy policy to see if they adhere to APPs.  

What if I Don’t Complete My Census?

According to the Census Act, the penalty for failing to complete a Census form and not returning it can be up to $180 a day. However, due to the cyber attack and shut down of the Census website, Australians have until Sept 18, 2016 to return their hard copy forms and until Sept 23, 2016 to fill in their online survey.

Who Must Fill in the Census?

You are expected to participate in the Census of the household you reside in on the night of the Census, which in 2016 was August 9th. Exemptions include foreign diplomats and their families only.

Key Takeaways

The failure of this year’s Census due to cyber attacks from overseas hackers has not only proven people’s privacy concerns but revamped the discussion of privacy and data breaches in the digital age. Many countries hold surveys similar to our Census to understand their population better, and will also be facing the same dilemma the ABS has struggled with – whether the efficiency and resourcefulness of digital collection of information outweigh the risk of privacy breaches. Paper beats rock, does it also beat a computer?

While it’s not exactly surprising that the Australian National Census was attractive to hackers because of the sheer size of the operation, it can be easy to forget that cyber attacks are a legitimate risk if you are doing business online.


If you need assistance regarding a breach of your personal privacy or company’s confidential information or have questions about Australian Privacy Law, get in touch with our IT lawyers on 1300 544 755.

COVID-19 Business Survey
LegalVision is conducting a survey on the impact of COVID-19 for businesses across Australia. The survey takes 2 minutes to complete and all responses are anonymous. We would appreciate your input. Take the survey now.

About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.

The majority of our clients are LVConnect members. By becoming a member, you can stay ahead of legal issues while staying on top of costs. For just $199 per month, membership unlocks unlimited lawyer consultations, faster turnaround times, free legal templates and members-only discounts.

Learn more about LVConnect

Sophie Glover
Need Legal Help? Get a Free Fixed-Fee Quote

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.

  • By submitting this form, you agree to receive emails from LegalVision and can unsubscribe at any time. See our full Privacy Policy.
  • This field is for validation purposes and should be left unchanged.
Our Awards
  • 2019 Top 25 Startups - LinkedIn 2019 Top 25 Startups - LinkedIn
  • 2019 NewLaw Firm of the Year - Australian Law Awards 2019 NewLaw Firm of the Year - Australian Law Awards
  • 2020 Fastest Growing Law Firm - Financial Times APAC 500 2020 Fastest Growing Law Firm - Financial Times APAC 500
  • 2020 AFR Fast 100 List - Australian Financial Review 2020 AFR Fast 100 List - Australian Financial Review
  • 2020 Law Firm of the Year Finalist - Australasian Law Awards 2020 Law Firm of the Year Finalist - Australasian Law Awards
  • Most Innovative Law Firm - 2019 Australasian Lawyer 2019 Most Innovative Firm - Australasian Lawyer
Privacy Policy Snapshot

We collect and store information about you. Let us explain why we do this.

What information do you collect?

We collect a range of data about you, including your contact details, legal issues and data on how you use our website.

How do you collect information?

We collect information over the phone, by email and through our website.

What do you do with this information?

We store and use your information to deliver you better legal services. This mostly involves communicating with you, marketing to you and occasionally sharing your information with our partners.

How do I contact you?

You can always see what data you’ve stored with us.

Questions, comments or complaints? Reach out on 1300 544 755 or email us at info@legalvision.com.au

View Privacy Policy