news Global technology consultancy ThoughtWorks has strongly criticised the Australian Bureau of Statistics (ABS) for “risk” it took in the running of the Australian Census 2016, which saw the body retain the details of millions of people.
In choosing to keep the names and addresses of around 24 million people in 10 million households alongside their “sensitive demographic data”, the ABS is “taking risk with the privacy rights of all Australian residents”, the consultancy said in an open letter to David Kalisch, head of the ABS.
While acknowledging the value of the census when used for “evidence-driven policy”, ThoughtWorks said “we are unable to remain silent while the 2016 census threatens this excellent policy tool”.
Claims that the risk of the data being leaked is low “may not be correct”, it said, citing as evidence the ABS’s reporting of 14 data breaches in the last three years.
“In light of the security threats observed in recent years, we are afraid that no matter how strong the security capability of the ABS, the risk is real and should this data leak the impact would be immense,” said ThoughtWorks. “As one example, consider the impact on an individual should their information end up with a fraudster or violent ex-partner.”
Saying the holding of any data brings the responsibility of securing it and bearing the risk of it being compromised, ThoughtWorks urged the ABS to commit to the following actions:
- Accepting census submissions without names or addresses as legitimate
- Not to seek to fine people who choose not to submit their identifying information
- The destruction of all personally-identifiable information, such as names and addresses, within six months of taking the 2016 census
- Independent scrutiny and verification that this information has been destroyed
It further requested that the ABS make the commitment before 8 August.
In its commercial work, the consultancy said, it practices “datensparsamkeit” – the principle of holding as little personal data as needed. Not only is securing data difficult, it added, but once leaked it is “impossible to retrieve”.
“The ABS’ collection of personally-identifying and sensitive data needlessly puts the private lives of Australian residents at risk”, ThoughtWorks said.
It acknowledged that “many people recognise this” and may refuse to engage with the census or provide accurate information as an act of civil disobedience.
“The ABS may be able to force compliance with some of those who choose not to complete the census form, but they will have no way to verify the answers provided by those who do complete the form as accurate,” said ThoughtWorks.
“We believe that, given these concerns and strong community opposition to the retention of personally-identifiable information, the 2016 census results will be insufficiently accurate to justify the collection of such personal information,” it concluded.