Skip to main content
Skip to secondary navigation
Australian Government - Office of the Australian Information Commissioner - Home

Review of the Use of Data-matching in Commonwealth Administration: Guidelines Consultation paper


The Use of Data-matching in Commonwealth Administration: Guidelines (the Guidelines) are issued by the Australian Information Commissioner under s 27(1)(e) of the Privacy Act 1998 (Cth) (the Privacy Act).

The purpose of the Guidelines is to assist agencies to comply with their obligations under the Privacy Act, and to use data-matching as an administrative tool in a manner consistent with good privacy practice.

In 1992, the former Office of the Privacy Commissioner (now the Office of the Australian Information Commissioner (OAIC)) published the first edition of the Guidelines.

The Guidelines were subsequently revised and re-issued in November 1995, and again in February 1998. The current Guidelines are available from the OAIC's website at, or in hard copy or machine readable formats on request.

Compliance with the Guidelines is voluntary. The OAIC encourages agencies to agree to adopt and comply with the Guidelines. However, an agency that has so agreed would not be acting unlawfully if it did not comply, unless the acts or practices of the agency constitute a breach of the Privacy Act.

The Guidelines do not apply to data-matching where Tax File Numbers are used. The Data-matching Program (Assistance and Tax) Act 1990 (Cth)[1] regulates the use of Tax File Numbers in comparing personal information held by the Australian Taxation Office and by certain ‘assistance agencies' including the Department of Human Services (which administers the Centrelink, Child Support Agency, and Medicare Programs) and the Department of Veteran's Affairs.[2] The OAIC has issued separate mandatory guidelines in respect of the data-matching programs authorised by that Act.[3]

Purpose of the review

Having regard to the developments in data-matching technology and the increased use of this technology in Australian Government administration since the Guidelines were last reviewed, the OAIC has decided to conduct a review of the Guidelines.

The OAIC is now undertaking a public consultation as the next stage of its review of the Guidelines, with a view to publishing revised Guidelines in early 2012.

The OAIC has issued this paper for the purpose of assisting individuals, government agencies, and organisations to prepare comments on the draft revised Guidelines (PDF).

The proposed revisions to the Guidelines are intended to improve their clarity, readability, navigability and presentation. Some changes are also proposed to reflect current data-matching practices and the OAIC's current views on best privacy practice.

This consultation paper and the draft revised Guidelines described above are also available in hard copy on request.

How to make comments

The Privacy Commissioner invites your comments on the matters raised in this consultation paper. The closing date for comments is Wednesday 29 February 2012.

Submissions can be made by email to, or by post to GPO Box 5218, Sydney NSW 2001.

To assist the OAIC to meet its obligations with respect to accessibility requirements, it is requested that email submissions be made in HTML, Rich Text Format (.rtf), or in Microsoft Word (.doc or .docx) format.

Note: The OAIC intends to make all submissions publicly available. Please indicate when making your submission if your submission contains confidential information which you do not wish to make public. Requests for access to confidential comments will be determined in accordance with the Freedom of Information Act 1982 (Cth).

Privacy collection statement

The OAIC will use the personal information it collects in the course of this review only for the purpose of its review of the Guidelines.

Scope of the review

The main aims of the OAIC's review of the Guidelines are to:

  • clarify the language and format of the Guidelines and make them easier to navigate, read, understand and interpret
  • bring the terminology and references up-to-date, by removing or changing references to legislation and documents which have been amended or repealed
  • update definitions of key terms so that they are internally consistent, consistent with relevant legislation and technology, and flexible enough to capture possible new uses of data-matching technology, and
  • assess whether the policy positions and best practice recommendations expressed in the Guidelines should be modified having regard to the way that data-matching is currently used in Commonwealth administration, and possible future developments.

The OAIC recognises that the review of the Guidelines may stimulate interest in other issues that are outside the scope of the review. The OAIC suggests that any comments and submissions that propose significant policy changes to privacy regulation should be directed in the first instance to the Attorney-General's Department which has responsibility for administering the Privacy Act and managing related law reform (

Proposed amendments to the Guidelines

The OAIC has prepared draft revised Guidelines for public comment.

The draft revised Guidelines include the following proposed changes to the existing Guidelines:

  • The document has been retitled Guidelines for Data-matching in Australian Government Administration.
  • The definitions of many of the key terms have been redrafted to improve clarity, internal consistency, and consistency with the Privacy Act. New key terms have been added.
  • References to legislation and publications have been updated.
  • Footnotes to relevant legislation and sections have been added.
  • Hyperlinks to all relevant legislation have been added.
  • The following sections in the existing Guidelines have been deleted: ‘Introduction', ‘Operational advantages and privacy risks of data-matching', and ‘Status of these guidelines'.
  • The following sections have been inserted: ‘Background', ‘Role of the OAIC' and ‘Application of the Guidelines'.
  • The Guidelines have been reordered to improve navigability and narrative flow.
  • Each Guideline and the notes to each Guideline have been redrafted to improve clarity and consistency, and to comply with current OAIC policy and practice.
  • ‘Appendix A: Content of data-matching program protocols' has been amended to improve clarity and readability.
  • ‘Appendix B: Example program protocol' has been deleted.
  • ‘Appendix C: Technical standard report' (now Appendix B) has been amended to improve clarity and readability.
  • ‘Appendix D: Statement of costs and benefits' (now Appendix C) has been amended to improve clarity and readability.

Stimulus questions

The OAIC has prepared the questions below which are intended to stimulate comments and reflections on the draft revised Guidelines. They are not intended to confine the issues that may be raised. You may wish to respond to some or even all questions, or to raise other issues in line with the aims of the OAIC's review.

Stimulus questions for the draft revised Data-matching Guidelines

1) Key terms

a) Are the key terms, and the definitions given for those terms, appropriate?

b) Are there any further terms that you consider require definition?

2) Navigating, reading, understanding and interpreting the Guidelines

a) Do you find the order of the Guidelines to be logical?

b) Do the proposed revisions to the index, headings and structure of the Guide make the draft revised Guide easier to navigate? Are you able to easily locate the desired information? Do you have any further suggestions about the structure of the Guidelines?

c) Are there any further amendments that could be made to improve the clarity and accessibility of the document? For example, how might the drafting, language and formatting of the document be made clearer?

3) Operational issues

a) Guideline 1 provides that the Operational Guidelines apply to large scale data-matching, ie, data matching that involves the records of more than 5000 individuals. Do you consider that this number is reflective of current data-matching practices?

b) Guideline 2 imposes reporting requirements for small scale data-matching, ie, data-matching that involves one or more data-sets that, in total, include records relating to 1000 or more individuals, but fewer than 5000 individuals. Do you consider that those numbers are reflective of current data-matching processes?

c) Guideline 7 provides that agencies may apply to the Commissioner for an exemption from the deadlines for the destruction of personal information involved in a data-matching exercises imposed by the National Archives of Australia's General Disposal Authority 24 – Records Relating to Data Matching Exercises. Are the Guidelines sufficiently clear on how to apply for such an exemption?

d) ‘Appendix B: Example program protocol' in the existing Guidelines is proposed to be deleted. Do you consider that this Appendix is useful? Would it be sufficient to provide access to a sample program protocol on request, or via the OAIC's website?

4) Other issues

a) Is there any detail or guidance not contained in the draft revised Guidelines that, in your view, needs to be included?

b) Are there any other issues that you would like to raise?



[1] See

[2] Section 3 of the Data-matching Program (Assistance and Tax) Act 1990 (Cth) provides that assistance agency means:

(a) the Department of Health and Family Services; or

(b) the Department of Employment, Education and Training; or

(c) the Department of Social Security; or

(d) the Department of Veterans' Affairs; or

(e) the Human Services Department.

[3] See