The Office of the Australian Information Commissioner (OAIC) has issued the Guidelines on Data Matching in Australian Government Administration, which outline 13 key principles to ensure that data matching activities are conducted ethically, transparently, and with respect for individuals' privacy rights. These guidelines are designed to assist Australian Government agencies in complying with the Privacy Act 1988 and the Australian Privacy Principles (APPs) when engaging in data matching programs. cite turn0search1 The 13 key principles outlined in the guidelines are: 1. Application of the Guidelines The guidelines apply to data matching programs that involve the comparison of two or more data sets, each containing information about more than 5,000 individuals. 2. Prepare a Program Protocol Agencies should develop a comprehensive program protocol that outlines the objectives, legal authority, data sources, matching techniques, and procedures for the data matching program. 3. Notify the Public Agencies should inform the public about their data matching activities by making the program protocol publicly available and providing clear explanations of the program's purpose and scope. 4. Technical Standards Report Agencies should prepare a technical standards report detailing the data formats, matching techniques, and procedures used to ensure data integrity and security. 5. Maintain Data Quality Agencies must ensure that the data used in matching programs is accurate, complete, and up-to-date to minimize the risk of incorrect matches and adverse outcomes. 6. Notify Individuals of Proposed Administrative Action Before taking administrative action based on data matching results, agencies should notify affected individuals and provide them with an opportunity to respond or correct any inaccuracies. 7. Destroy Data After Use Agencies should establish and implement procedures for the secure destruction of personal information that is no longer required for the data matching program's purposes. 8. Do Not Create New Registers or Databases Data matching programs should not lead to the creation of new registers or databases containing personal information unless explicitly authorized by law. 9. Ensure Program Consistency with the APPs Agencies must ensure that their data matching activities comply with the Australian Privacy Principles, particularly concerning the collection, use, disclosure, and security of personal information. 10. Regularly Review Data Matching Programs Agencies should conduct regular reviews of their data matching programs to assess their effectiveness, compliance with the guidelines, and ongoing necessity. 11. Data Matching with Entities Other Than Agencies When engaging in data matching with non-government entities, agencies should take contractual measures to ensure that these entities adhere to the same privacy standards and guidelines. 12. Data Matching with Exempt Agencies Agencies participating in data matching programs with exempt agencies should ensure their own compliance with the APPs and the guidelines, even if the exempt agency is not bound by the Privacy Act. Enable Review by the OAIC Agencies should facilitate the OAIC's ability to review their data matching activities and procedures to ensure compliance with the guidelines and the Privacy Act.
