Australian Bureau of Statistics and privacy issues
Lies, damned lies, and statistics
What is really behind the census?
Destroying trust and privacy one step at a time
Risking hacker attacks and data misuse
Disregarding public concerns
Using dubious pretexts
What you can do to defend your privacy
The key difference between a surveillance dossier and statistics is that statistics don't need to know your name and address.
Initially, census was a 19th century solution for figuring out how many people were out there, when the government had no databases that could provide such information. Today it is no longer the case: the government have multiple systems with all the necessary data for planning and decision-making. What they do not have, yet, is a comprehensive profile on each person that combines the data from all departments, organisations and institutions.
A century ago, census was the only way to more or less accurately count the population and estimate what is services are needed in each region, and the Australian Bureau of Statistics (ABS) was given the task. Today, all that data is available from Medicare, electoral roll, transport, immigration and education departments, and so on. This data may be fragmented and missing some individuals, but it should be sufficient for general statistics and planning. One can only guess the thoughts that passed through the heads of ABS bosses, but the recent line of events gives a pretty good indication that in order to keep their jobs, they saw the need to cross the line and move from collecting anonymous statistics towards compiling a detailed dossier on each Australian.
The usual spiel is that the authorities need this data to provide us with hospitals, schools and roads. But they already know exactly how many children are in each and every school, patients in every hospital, passengers in every unit of public transport; and the traffic counters are a much cheaper and more precise way to get the road usage figures. No census is needed for any of that. So,...
What is really behind the census?
Australian Census is run every 5 years and is presented as mandatory for every person who was in Australia on census night. The Australian Bureau of Statistics brandishes the Census and Statistics Act 1905 that allegedly gives it power, including power of compulsion, to wring the data out of anyone who is unwilling to “cooperate”. To ensure “willing” and therefore cheaper and faster cooperation, the ABS promises that once census processing is completed, all data is de-identified, and only then disclosed to other government agencies or sold to third parties via online tools like TableBuilder. However, over the recent decades, the ABS has been relentlessly expanding the array of data it collects, the length of time it keeps the data, and the purposes it uses this data for. What happens to census data now has very little in common to what was happening in 1905 when the ABS was given its powers.
The ABS has now admitted that it is
bringing together census data with the ABS and non-ABS datasets using name and address during census processing to undertake quality studies, ... statistical outputs and research purposes. And even with the names eventually “anonymised”, it is known that the ABS linked census data to Personal Income Tax database from Australian Tax Office (ATO), Migrant database from Department of Home Affairs, and Medicare database from Department of Human Services using the “anonymised” name, sex, residential address and date of birth of every person.
Unfortunately, many are not aware of the difference between anonymisation and de-identification of data:
- Anonymisation is an irreversible removal of all identity data of the data contributor, which guarantees that any future re-identification is impossible under any condition.
- De-identification removes and/or encodes the identity data to make it not readily-identifiable, but it preserves the identifying information in some form, which can be re-linked in the future.
What the ABS calls “anonymisation” is in fact de-identification.
The Census and Statistics (Information Release and Access) Determination 2018 made under the Census and Statistics Act enables the Australian Statistician to provide access to unidentified individual statistical records (microdata). This enables wider access to ABS data for social and economic research and analysis. In doing so, the Australian Statistician must ensure that all identifying information is removed prior to release and that the information is released in a manner that is not likely to enable the identification of an individual.
abs.gov.au, How The ABS Keeps Your Information Confidential
Destroying trust and privacy one step at a time
Until 2006 census, the ABS was removing people's names and addresses once census collection was completed. In those circumstances, very few people had issues with being an anonymous piece of aggregated information, i.e. statistics it its true sense. Once the personal information was irreversible destroyed, people knew they had a guarantee that their data could not be misused in the future. The census was actually what census was supposed to be: a one-night snapshot of anonymous population.
In 2011 census, the ABS decided to turn the “snapshot” into a long movie and encoded addresses into so-called mesh blocks, allowing for every person to be easily traced back with high probability even without the explicit presence of their name and address, as all other information was still kept on file: gender, date of birth, country of birth, ethnicity, marital status, number and age of children, who they live with, their profession, workplace address, school or university addresses, income, and so on. Australian census was no longer just a
snapshot of a nation on a census night, as the ABS kept telling us, it became a tool capable of continuous, life-long surveillance of every person in Australia. During the 2011 census, the ABS randomly chose 5% (over a million) of Australian population and managed to link a staggering 82% of “de-identified” files between the 2006 and 2011 censuses within that sample. Those people were to be linked again in the census 2016 and possibly followed for life, without their knowledge or consent. The ABS said
the sample will also be augmented in the future. And sure enough, augmented it was!
For 2016 census, the ABS surreptitiously announced on its website that
the ABS collects name and address information in order to... enable the linkage of census data with other datasets to increase the value of the census. This meant that personal information not only was retained, but also that the ABS got access to other personal data repositories that have nothing to do with census.
The real danger is the gradual erosion of individual liberties through automation, integration, and interconnection of many small, separate record-keeping systems, each of which alone may seem innocuous, even benevolent, and wholly justifiable.
U. S. Privacy Study Commission
On 18 December 2015, just before Christmas, when everyone was busy with other things and least likely to keep an eye on the bureaucratic news, the ABS published the following announcement on its website:
The Australian Bureau of Statistics has decided to retain names and addresses collected in the 2016 Census of Population and Housing in order to enable a richer and dynamic statistical picture of Australia through the combination of Census data with other survey and administrative data.
Whilst the Census has always been valuable in its own right, when used in combination with other data the Census can provide even greater insight.
... The combination of Census data and health data can help improve Australia's understanding and support of people who require mental health services and assist with the design of better programs of support and prevention.
This decision has been informed by public submissions, public testing and the conduct of a Privacy Impact Assessment.
Informed by public submissions?
Public testing? You are the public. Have you been duly notified of this significant change? Did you get to test it and agree with it? Have you been given a fair chance to lodge a submission? You can make your conclusions about the worth of the ABS's word, and how much your opinion really matters to the ABS.
informed by public submissions ABS-style was done as follows: on 11 November 2015 the ABS published a media release on their site saying that it
is considering the retention of names and addresses as a key enabler for improved household surveys and high quality statistics, and gave the public until 2 December to respond. Those who managed to discover this release and respond in time were most likely the people who work in the industry, make a living out of the ABS data, and naturally knew where and when to look. It is not hard to guess that such people or organisations have high interest in approving data harvesting and privacy violation as far as it can possibly go.
Whenever there are concerns about, or opposition to a new method of intrusion of individual privacy, we hear the same response: the decision to do so
followed an extensive public consultation process. How many people find it easy to obtain information about a public consultation taking place? Or, more importantly, how many get to see the contents of all the submissions to a certain public consultation? It cannot be called an “extensive public consultation” if very few know about it, and the opinions of those who disagree can be quietly disregarded. Unless these consultations are widely advertised and the contents of all submissions are made public, the statements about extensive public consultation process are a fallacy.
Moving towards 2021 census, the ABS became bold about transforming the census from an anonymous snapshot into an ongoing and far-reaching data-matching operation. They now openly state that they will keep all personal data and will
locate and link records pertaining to the same individual from multiple data sources: Australian Taxation Office, Department of Education, Department of Health, Department of Human Services, Department of Social Services, etc. This means your health record, pharmaceutical prescription data, tax file, Centrelink file, children's school record and other information can be accessed, combined, analysed, stored, added to from other sources, shared and used without giving you any say in the matter. It has been revealed that ABS plans to use utility bill data, government administration records and “observations” by their staff for identifying the buildings in which occupants may be avoiding census data collection. If the ABS allege that the public is so overwhelmingly welcoming of the changes the ABS made to census, why do they need these new reconnaissance tactics?
The ABS calls this being
completely transparent around the collection, protection and use of data, but what is the value of this so-called transparency if nobody has any legal means of opting out?
Changing things one step at a time has been found to be a very effective tactic in practice.What is the problem? This is hardly anything different from what it was before... you are just paranoid... this is not Big Brother, or the Stasi...It is a very hard tactic to counter.
David Vaile, vice-chairman of the Australian Privacy Foundation (APF) and executive director of the Cyberspace Law and Policy Community
Risking hacker attacks and data misuse
To mitigate the public outrage, the ABS keeps insisting that it has been enjoying a good history of personal data protection. But that is irrelevant. Prior 2006, the ABS did not keep any personal data, so of course it could not be misused or stolen. Now it is no longer the case. A 100% security of identity can only be guaranteed if no identifying information is kept in any form — encoded or not.
The ABS also tried to calm the public by promising that they
will remove names and addresses from other personal and household information, store them securely and separately from other census information, that they will never be recombined, and that the ABS never has and never will release identifiable census data. If these promises were true, if names and addresses will really never be recombined, released or used for any other purpose, why keep them? Make your guess.
Hackers do exist, and so does the possibility that the government can change the legislation or amend any policy at any point in the future. The new law may allow the data to be treated less securely or released without de-identification. There is no law against changing the law! There is no law that could permanently protect the privacy of individuals who were forced to hand their personal information over to the ABS. No one can guarantee that at some point in the future the ABS will not be told to release all the confidential data it holds, or to track people down under some vague pretext like “national security”. And with the new trend of keeping data forever, it will not only affect the data collected at the time, but will also jeopardise the security of decades of linked data from the past.
The way things are supposed to work is that we're supposed to know virtually everything about what the government do: that's why they're called public servants. They're supposed to know virtually nothing about what we do: that's why we're called private individuals.
If the ABS was truly anonymising our information instead of keeping it behind some semi–de-identification in a separate file, there would be no such danger: one cannot release the data they don't have, no matter what the new law or the government say. Unfortunately, the ABS is doing the opposite: instead of future-proofing the security of our private and sensitive information, they routinely propose to retain more identifiable data and to merge census data with information from birth and death registers, immigration data, disease registers, health records, tax files, and their own surveys.
As the Australian Privacy Foundation said in its Submission to Australian Bureau of Statistics in February 2016,
an anonymous, specific-purpose, temporary and relatively safe one-off snapshot appears to have been changed into a less-safe, personally identified, lifetime longitudinal dossier, with potentially fewer protections.
Your name, date of birth and address have no statistical importance, and therefore the ABS should not be even collecting these details in the first place, if statistics is what they are really doing. This is vital identity data, and can only be used for identifying each particular person, acquiring more information about that person from other sources, and placing the person under surveillance, often without the person's knowledge, consent, or any option to stop this intrusion into their private life. If the ABS was truly interested in statistics only, they would allow people to remain anonymous. An age bracket and a suburb or postcode should be perfectly sufficient for any census or survey. Once they demand names and addresses, it's not statistics anymore. It is the Australian Bureau of Surveillance.
10 August 2016 update: the census has been affected by a hacker attack, despite ABS's assurances that they were well-prepared and everything was secured.
1 March 2019 update: researchers reported a major flaw in census security that existed at least since 2017 and can let attackers to re-construct and reveal large parts of the census dataset.
Disregarding public concerns
Technically, all the changes — or, as the ABS like to refer to them, “enhancements” — have to pass a thorough the process of public consultation. However, despite a large number of opposing submissions from the organisations such as Australian Privacy Foundation, Victoria Privacy Commissioner (+ Supplemental Comments), the NSW Council for Civil Liberties, and the response from the NSWCCL urging ABS to abandon the privacy-violating intentions, each subsequent ABS census implements increasingly intrusive features.
As far back as 2005, Australian Privacy Foundation voiced their concerns about ABS's grossly intrusive initiative to link census data and pointed out the following:
The data collected in each Census would now be retained, rather than being destroyed once analysis has been completed. This breaches the public expectation that the detailed data only has a short life and that all that is retained is statistics.
The data collected in successive Censuses would now be linked. This breaches the public expectation that the Census is a statistical snapshot.
The data would be very rich, and the individuals it refers to would be readily identifiable, and hence will continue to be greatly attractive to many agencies and corporations. This breaches the vital public expectation that Census data is anonymous.
It will be used in conjunction with further data from government sources such as birth, death and disease registers, and immigration data. This further breaches public expectations about privacy protections for their data.
It may be used in conjunction with data from yet more sources. This would further breach public expectations about privacy protections for their data.
Although some kinds of change to the scheme would require legislation, a great many potential “enhancements” to the scheme could be implemented as and when the Australian Statistician of the day sees fit.
The ABS is trying to maintain the fiction thatbecause names and addresses will not be used, it will be impossible to identify who is included in the [collection]. With such a rich data-set, this is, quite simply, untrue; and the fact that the ABS can utter such a statement gives rise to concerns about the agency's trustworthiness.
In bringing this Proposal forward, the ABS is seriously undermining its hitherto strong reputation. The ABS is also doing great harm to the Census, because the Proposal will significantly reduce people's readiness to complete Census forms, and to do so accurately.
Australian Privacy Foundation, Census 2006 campaign
The APF were right in 2006, and their concerns are even more relevant right now. Even the person who used to be the head the ABS, now retired, is highly critical of their current trajectory:
This, without doubt, is the most significant invasion of privacy ever perpetrated on Australians by the ABS. What is motivating me is that as an Australian citizen I am appalled that the ABS can think it can use the threat of prosecution to make me provide data that allows the ABS to set up, what is in effect, a ‘Statistical Australian Card’.
A letter by Bill McLennan, head of the Australian Bureau of Statistics 1995–2000
The ABS undermine the vital trust of the public in the government. Without this trust, no free democratic society can function. This trust is very fragile, and, once damaged, can take a lifetime to restore, submerging the country in chaos and corruption.
The ABS seem to be disregarding the fact that whenever a rich source of data exists, there will always be agencies seeking access to it. And some of those agencies are very powerful. The ABS also seem to be ignoring the fact that until now they have been able to collect the information and develop a reliable set of statistics only because the public had confidence in it. The introduced changes that impact privacy will inevitably erode public confidence and decrease reliability of the collected data. The ABS already had to resort to compulsion and coercion to force the participation of some individuals who were avoiding census and surveys because of fears for their privacy and security. What is next?
Using dubious pretexts
The ABS says the compulsion is necessary for creating a population sample that provides a balanced and unbiased representation of all population of Australia. Yet the very same ABS was using census and survey forms with carefully arranged and worded questions to get certain answers.
For example, the question about religion
What is the person's religion? actually presumes that the person has a religion and induces to select from the list a religion the person was taught at school or grew up with even if they no longer actively practise it. The “no religion” answer option was buried at the end of a long list of common religious affiliations. The result of such careful design is that Australian taxpayers are not only over-subsidising religious institutions, but it also exaggerates religiousness of Australians and allows religions to influence political decisions in such secular areas as public health, which, for example, makes Australia to remain one of very few developed countries where abortion is still the subject of criminal law! If the ABS was truly seeking an unbiased representation of Australian population, the question would have been
Do you practice any religion? and the “no religion” option would have been first, above the list of most popular faiths. The truly devoted, religious people would have had no trouble skipping the atheistic answer, while people who are no longer seriously religious would not have been confused. Thus, the ABS's claim that the lack of bias is so important that it justifies the coercion doesn't hold up.
Post-census 2016 update: after years of criticism and public campaigns, the ABS has finally moved the “no religion” option to the top of the list in the 2016 census, and immediately, for the first time in the history of census, the “no religion” answer outnumbered the believers in every religion. This proves the point: the ABS appear to be very concerned with bias when people are defending their privacy, but had no problems with the bias of its own creation.
In addition to the 5-yearly census of every person in the country, the Australian Bureau of Statistics conducts a number of surveys that require more information from individuals, and that the bureau claims are, again, compulsory: Monthly Population Surveys (MPS), Australian Health Survey, Income and Housing Survey, and many others. The ABS select the “victim” households, dispatches a letter addressed “to the householder”, and from that point the tenants of the dwelling have little choice but to let their private life become government property or be prosecuted.
These surveys can be lengthy, spanning several months, inconvenient and extremely privacy-invading. People have no right to say ‘no’ to protect their own personal data and their family from potential risks of misuse, identity theft, leaks or hacker attacks. There is no choice and no exit — all because the ABS enjoy the power given to it by the antiquated Census and Statistics Act 1905 to issue Notices of Direction, to force people to supply the information and threaten them with exorbitant fines, courts and jail sentences.
The ABS claim that the surveys must be compulsory for each “chosen” household in order
to provide a balanced representation of all households in Australia so that the estimates made from the data reflect, as closely as possible, all households. If some households do not participate, this may result in one type of household being represented more often than another type, which may result in biases in the data. But, as described above, the ABS not only don't mind bias, they can deliberately introduce it when the agenda requires.
The ABS also like to stress that they
rely on willing cooperation of the selected householders. Though it is unknown how willing any consent can be if people have no choice, and threats are used. It is also unknown how many people are willing to give honest answers when they are being coerced. Voluntary participation can bias the results of surveys, but wouldn't coercion and intimidation make it even worse? Most people can give honest answers only when they can be sure that their identity is absolutely and irreversibly safe, which is longer the case when the ABS is involved.
What You Can Do to Defend Your Privacy
According to the readers, the only sure and legal way to avoid the ABS is to be overseas during the census, or move house after receiving the survey letter. Obviously, for many these are not easily available options. The Public Information Statement re ABS Compulsory Surveys page from APF has some helpful information.
So far, there has been only one widely known case when a person won a court case against ABS's intrusion: Shirley Stott Despoja in 1988, mother of former Senator Natasha Stott Despoja. Although while there is no much chance to fight the insatiable statisticians in court, you can still try to protect your privacy and identity as much as possible. Here are reader suggestions:
Insist on not giving your name and date of birth to the ABS
Your name and date of birth have no statistical importance, so the ABS should not be collecting it. The only purpose of collecting this data is to identify and trace people beyond the scope of census or survey. But that's not statistics, that is surveillance. If the ABS know your address, simply giving them your date of birth (even without your name), means they can easily identify you.
This is why it is worth asking the ABS for clear, better written, explanations why they are trying to get this data from you and how exactly they are going to use it. Ask for guarantees that the ABS won't use your address, date of birth, age, place of birth or any other personal data for snooping in government files, or linking your survey responses to other databases. Demand clear answers what exactly the information like your date of birth will be used for and why simply an age range can't satisfy the “statistics”. Most likely, your date of birth will be used by the ABS to pull more information about you from other data sources like Taxation Office, Medicare and health records. If you are not happy with that, voice your objection and lodge a complaint with the ABS and contact privacy advocate groups for advice. The more people do it, the more chance Australians have of winning their privacy back.
Household Survey Participant FAQs on ABS website clearly say:
Do I have to give my name?
No. The interviewer will ask for your name to assist with the interview, but if you wish, the interview can be conducted anonymously.
Household Survey Participant Information FAQs, abs.gov.au
And so it should be: statistics don't need names! If the ABS was truly collecting the information for statistical purposes only, as they claim, they shouldn't need any personally identifiable information at all, ever. However, remember that the surveyors know your address, and they often ask for your date of birth or age. Given that ABS has now got access to other government databases, tracing a person by the address and date of birth is a matter of seconds. It could be that this anonymity is false and deceptive if the people are traced and identified afterwards.
For Post Enumeration Survey (PES) that is run after each census, the ABS demands the person's name, sex, date of birth, age, relationship in household, marital status, country of birth and indigenous status, allegedly to match the PES records to the census records during processing. Ask what is going to happen to your personal information and insist on a written guarantee that after this matching all your identifying information will not be retained by the ABS in any form. The ABS does not clearly state what happens to the identifying information collected during PES and other surveys.
Don't give ABS your phone number
The ABS often asks for a phone number. If they want you to complete a survey online, they will tell you to create an account, which demands a mobile phone number as compulsory. In Australia, phone numbers are tied to your ID and can be used to identify and trace you. Refuse to do the survey online if they keep demanding your phone number.
It may also be wise not to use your usual personal email adders for dealing with the ABS. Instead, create a disposable email just for that. Use a free, privacy-driven email service that does not recycle email aliases, i.e. does not give the same email address to another person after you deleted yours (e.g. Protonmail or Tutanota). As it doesn't appear possible to delete the ABS survey account, the only way to extricate yourself from it could be closing your email address account once you are done with the survey.
Ask for a proof that your household was chosen absolutely randomly, and was not targeted with any intention
The ABS claims that they choose their survey participants totally randomly, however there have been numerous complaints from people saying that after they agreed to participate in one survey, they have been told to fill another one, and another one... Apparently, many people prefer to discard the “To the Householder” letter from the ABS, don't make any contact, and don't open their door to any door-knockers; so to keep the plan fulfilled, boxes ticked and salaries coming, some suspect that the ABS take advantage of the softer targets. Therefore, it may be wise to demand written guarantees that the selection is indeed random, and if you are soon “randomly” chosen for another survey, take the matter further and lodge a complaint.
Demand written guarantees the ABS will never attach any identifying information to your answers, attempt to identify you, link your answers to any other data about you, or attempt to trace you later in life
If the ABS truly collects data for statistics only, giving you such guarantees should not be a problem for them. However, if they refuse, make your conclusions and take actions.
Be aware of the real meaning behind ABS's promises to keep your information “confidential”, or to “delete” or “remove” your name and address once statistical processing is completed
Most people think that their identifying information is going to be destroyed soon after collection, which was true before 2011, but now it is kept: the ABS simply moves names and addresses to a different file, which allows them to say that they “removed” the identifiable data. From abs.gov.au website, it is clear that identifiable information is not destroyed, it is stored in a separate file that can be easily linked back to the rest of the person's information:
Data records are de-identified as soon as possible. Once quality has been assured, names and addresses are removed, because this information is not needed for the production of statistics. Removal provides added protection against any breach of security of confidential information.
Internally generated identifiers are usually attached to each record, but cannot be used to identify a respondent. Nevertheless, the combination of these identifiers and the name and address to which they refer can be used to make records identifiable. Hence any linked files are carefully protected and only available on a strict need to use for work basis.
So, if we are told that
personal privacy is paramount at the ABS, that personal information
is not needed for the production of statistics, that the ABS collects information
only for statistical purposes, and that
the ABS has never and will never release identifiable personal information to any outside organisation, agency or project, then why is the personal information kept at all? Why not destroy it once and forever, and by doing so actually guarantee its safety? Why retain it? Why wait for a breach, a hacker attack or a new law that will permit a new usage of this information? The ABS doesn't give any answer to these questions.
The ABS keeps saying that they haven't had a privacy breach before. That's great, but it doesn't mean it can't happen in the future. Hacking technologies are getting more sophisticated. And the public should keep in mind that before 2006 there was no linking between census data and other ABS surveys and government databases, and people weren't traced and followed through their lives. A breach before 2006 would only leak data from one census or survey. A breach now will compromise the privacy of the whole life or individuals and their whole families.
Do a thorough legitimacy check
If you open your door to someone claiming to be an ABS data collector, make sure the person is really working for the ABS. A plastic card dangling on someone's neck is not a magic pass into everyone's personal life. How can we know their ID card is legit? Would that card be accepted as an ID by Driver Licensing Authorities, Centrelink, Police, Border Security or any bank? No? Then why should the public accept it? Take a photo of the collector's ID and tell them to come later. In the meantime, call the ABS office using their official phone number (not the number the surveyor may give you) and confirm the identity of the door-knocker. We all know that these days anyone can print out any sort of cards and start knocking people's doors, and the ABS created a perfect opportunity for criminals gaining access to people's homes and personal information by masquerading as ABS collectors, as numerous ABS-related scam incidents show.
Check the list of the current ABS surveys on abs.gov.au website, do a research about the survey you were “chosen” for and learn what you can say and do to maximise the protection of your sensitive information. The ABS subcontracts all sorts of companies and individuals to do surveys for them, so you never know whose hands your private or sensitive information is passed through. Keep that photo of the ID card you have taken, and if any identity theft, fraud or house break-in happens in your family, pass the facts about the recent ABS survey and the ID of the surveyor to the police.
And, by law, you are not obliged to let ABS employees into your house.
Record everything for yourself while objecting the ABS's recording
Tell the ABS data collector that you will be filming/recording the interview, and keep the copy of all questions and answers. At the same time refuse for the ABS to make any audio or video recordings of you. It is your home and your private life — you set the rules. These days, the ABS surveyors use laptops to record your answers, so you can insist on watching what they are entering and take a photo of each screen, for your protection and for making sure the answers are entered correctly. Remember, the ABS may have the power to force you to give the answers, but you still have the rights to access the information collected and held about you and make sure it is correct. As these people are merely doing their job and were most likely led to believe that they are working for something good, always stay polite, but also firm and vigilant.
Complain and protest
Voice your concerns, disapproval or objections regarding privacy issues. Write to the ABS, to your local member of parliament, to the relevant minister of the day, and to the Privacy Commissioner. Make your concerns public on online discussion boards and social media. The more people are aware and discuss the issue, the higher the chance of positive changes. Ignore any silly comments from people mentioning paranoia or tin foil hats, or those uttering the hackneyed
if you've got nothing to hide — those people are either ignorant or have vested interests in the current privacy erosion trend. You have valid concerns and every right to be worried about the privacy and security of your personal data. If someone else wants to forfeit their right to privacy, it is their choice. You have yours.
Australian Privacy Foundation published the “What Concerned People Are Doing” lists about census and about surveys. While the Census and Statistics Act 1905 provides for the compulsory provision of census and survey forms and of accurate data, those provisions are unlikely to be sufficient to ensure an effective census or survey in the face of widespread public opposition. The ex-head of the ABS, Bill McLennan, also wrote a detailed article concluding that the ABS can't collect names in the census on a compulsory basis.
The most sacred thing is to be able to shut your own door.
G. K. Chesterton
Public advisory statement re ABS compulsory surveys, Australian Privacy Foundation
Commencing with the 2006 Census, the ABS is now keeping personal data, which can be associated with the person's identity without their consent, Australian Privacy Foundation
Why you might want to become a Jedi Knight for this year's Census, Salinger Privacy
If you're worried about privacy, you should worry about the 2016 census, ABC News
Census Nightmares: The more we know, the less we trust it?, Meg Carter, Institute for Social Research
The census cannot force you to give your name, Crikey
The Problems with the 2016 Census, Australian Privacy Foundation
Census 2016, Electronic Frontiers Australia