Letter to the Attorney-General
The Hon Kyam Maher MLC
Attorney-General
Minister for Aboriginal Affairs
Minister for Industrial Relations and Public Sector
Special Minister of State
This annual report will be presented to Parliament to meet the statutory reporting requirements of the Proclamation of the Privacy Committee of South Australia and the requirements of Premier and Cabinet Circular PC013 Annual Reporting.
This report is verified to be accurate for the purposes of annual reporting to the Parliament of South Australia.
Submitted on behalf of the Privacy Committee of South Australia by:
Stephanie Coleman
Presiding Member, Privacy Committee of South Australia
From the Presiding Member
The focus of the Privacy Committee of South Australia (the Committee) is on the operation of the government’s Information Privacy Principles Instruction (IPPI).
The IPPI describes the ways in which state government agencies collect, store, use and disclose personal information in their possession, through a set of ten principles.
The IPPI is binding for public sector agencies and determines the principal officer of each agency must ensure the principles are implemented, maintained and observed for, and in respect of, all personal information for which their agency is responsible.
Since the implementation of the Personal Information Breach Guideline in 2018, notifications to the Committee have increased each year. Most of the Committee’s business this reporting year related to personal information breach notifications, 225 in total.
Breaches involving only 1 or 2 affected parties accounted for 77% of all breaches, compared to 69% last year.
Human error continues to be the dominate cause of breaches, with just over half of all breaches resulting from emails being sent to the wrong person or documents being physically provided to the wrong person e.g. the wrong discharge summary provided to the wrong patient. Information disclosed as a result of incorrect postage reduced threefold.
Breaches caused by malicious, deliberate, or criminal activity decreased this year. However, reported unauthorised system access increased and accounts for 84% of all malicious, deliberate or criminally cause breaches. The most common instance of unauthorised system access involved staff accessing information outside of their assigned tasks.
The Committee also managed six complaints this year regarding violations of individuals privacy. The most complaints per year over the last five reporting years.
During 2024-25, the Committee continued to meet online and conduct urgent business out of session.
Stephanie Coleman
Presiding Member
Privacy Committee of South Australia
Overview: about the Privacy Committee
The Privacy Committee of South Australia (Privacy Committee) was established by Proclamation in the Government Gazette on 6 July 1989 and most recently updated on 11 June 2009.
The functions of the Privacy Committee, as described in the Proclamation, are:
- (a) to advise the Minister as to the need for, or desirability of, legislation or administrative action to protect individual privacy and for that purpose to keep itself informed as to developments in relation to the protection of individual privacy in other jurisdictions
- (b) to make recommendations to the Government or to any person or body as to the measures that should be taken by the Government or that person or body to improve its protection of individual privacy
- (c) to make publicly available information as to methods of protecting individual privacy and measures that can be taken to improve existing protection
- (d) to keep itself informed as to the extent to which the Administrative Scheme of Information Privacy Principles are being implemented
- (g) to refer written complaints concerning violations of individual privacy received by it (other than complaints from employees of the Crown, or agencies or instrumentalities of the Crown, in relation to their employment) to the appropriate authority
- (h) such other functions as are determined by the Minister.
The Committee may, under clause 4 of the Proclamation, ‘exempt a person or body from one or more of the Information Privacy Principles on such conditions as the Committee thinks fit’.
Clause 1(2) of the Proclamation establishes its membership. The Privacy Committee is to consist of six members appointed by the Minister. Of the six members:
- three are nominated by the Minister [the Attorney-General] (one of whom must not be a public sector employee, and one must have expertise in information and records management)
- one is to be nominated by the Attorney-General
- one is to be nominated by the Minister responsible for the administration of the Health Care Act 2008, and
- one is to be nominated by the Commissioner for Public [Sector] Employment.
Members of the Privacy Committee during the 2023-24 reporting year were:
| Presiding Member | |
|---|---|
| Stephanie Coleman, Director, State Records of South Australia, Attorney-General’s Department | appointed to 31 Jan 2026 |
| Members, in alphabetical order | |
|---|---|
| Deslie Billich, non-public sector employee | appointed to 30 Jan 2028 |
| Abbie Eggers, Manager, Business Services, Department of Human Services | appointed to 30 Jan 2028 |
| Nathan Morelli, non-public sector employee | appointed to 31 Jan 2026 |
| Prue Reid, Executive Director, Governance Advisory Services, Department for Health and Wellbeing | appointed to 30 Jan 2028 |
| Samuel Whitten, Executive Solicitor, Commercial Environment and Native Title Section in the Crown Solicitor’s Office | appointed to 31 Jan 2026 |
Changes to the Privacy Committee
No changes to the Committee occurred during 2024-25.
Executive support to the Privacy Committee
Executive support to the Committee is delivered within the resources of State Records of South Australia.
The Committee reports to the Hon Kyam Maher MLC as Attorney-General. The Attorney-General is also responsible for other information management regulation including the State Records Act 1997 and the Freedom of Information Act 1991.
South Australia’s Information Privacy Principles Instruction (IPPI) was introduced in July 1989 by means of Cabinet Administrative Instruction 1/89, issued as Premier & Cabinet Circular No. 12 (external site) (PDF). The IPPI includes a set of ten Information Privacy Principles (IPPs) that regulate the way South Australian public sector agencies collect, use, store and disclose personal information.
The Committee’s performance
The Privacy Committee schedules eight meetings each year. An extraordinary meeting was also held on 15 August 2023.
The number of meetings attended by each member during 2023-2024 was:
| Member | No. of meetings attended |
|---|---|
| Stephanie Coleman | 8 |
| Deslie Billich | 3 |
| Abbie Eggers | 8 |
| Nathan Morelli | 6 |
| Prudence Reid | 7 |
| Samuel Whitten | 6 |
Financial Performance
The Committee does not administer a budget.
Consultants disclosure
The Committee has not engaged any consultants.
Contractors disclosure
The Committee has not engaged any contractors.
Reporting required under any other act or regulation
Exemptions from the IPPI
Clause 4 of the Proclamation provides the Privacy Committee may exempt a person or body from one or more of the Information Privacy Principles (IPPs) on such conditions as the Committee sees fit.
The Annual Report must include details of any exemptions granted during the year to which the report relates.
Two new exemptions and 21 extensions were sought during the reporting year.
These include:
- A new exemption allowing SA Health Data Link Unit (SA Health DLU) to disclose personal information to the ABS for a one-off linkage project ‘BEBOLD PLIDA’.
- A new exemption for SAPOL allowing disclosure of personal information obtained by an on-duty member of SAPOL at National Australian Football League (AFL) matches to an authorised AFL officer (AFLO) for the purpose of the AFLO issuing an AFL Banning Notice.
- An existing exemption for the Department for Energy and Mining’s Office of the Technical Regulator concerning personal information contained in on-site sanitary plumbing drawings was extended to December 2028.
- Extensions to a range of exemptions associated with SA Health DLU, extended to 31 December 2025.
Exemptions | 2024-25 | 2023-24 | 2022-23 | 2021-22 |
|---|---|---|---|---|
New | 2 | 1 | 2 | 1 |
Extended | 21 | 9 | 8 | 9 |
Total | 23 | 10 | 10 | 10 |
The full text of these exemptions is included in the Appendix.
Privacy Committee business
The Privacy Committee has a function to “refer written complaints concerning violations of individual privacy received by it (other than complaints from employees of the Crown, or agencies or instrumentalities of the Crown, in relation to their employment) to the appropriate authority”.
In 2024-25 the Privacy Committee received six complaints.
2024-25 | 2023-24 | 2022-23 | 2021-22 |
|---|---|---|---|
6 | 3 | 3 | 1 |
Of the six complaints received during 2024-25, three are closed and three remain ongoing as at 30 June 2025.
Since 2018, state government agencies have been required to comply with the Personal Information Data Breaches Guideline (external site) (PDF) (external site) (PDF) (external site) (PDF) (external site) (PDF) (external site) (PDF)developed to provide advice on how to deal with unauthorised access to personal information (privacy breaches). One action within the Guideline is to notify the Committee so that it can:
- keep itself informed as to the extent to which the Information Privacy Principles are being implemented, and
- make recommendations of the measures that should be taken by the government to improve its protection of individual privacy.
The Committee received 225 notifications during the 2024-25 reporting year.
2024-25 | 2023-24 | 2022-23 | 2021-22 |
|---|---|---|---|
225 | 198 | 141 | 101 |
Since the introduction of the notification scheme the number of breach notifications has increased each year. The increase can be attributed to a strong reporting culture from the health sector who submit the largest number of breaches.
Improved awareness to notify the Committee by other sectors has also contributed to the number of notifications.
Human error continues to dominate the cause of breaches, with emails sent incorrectly and documents physically provided to the wrong person (excluding by post) accounting for over half of all breaches.
The Committee reviews each breach it receives and provides agencies with suggestions for improvements to process and practices where necessary.
Affected parties by cause of breach
No. of Individuals | Accident | Procedure or System | Malicious, Deliberate or Criminal | Unclear | Total |
|---|---|---|---|---|---|
0 to 2 | 106 | 34 | 24 | 9 | 77% |
3 to 9 | 10 | 3 | 3 | 1 | 8% |
10 to 30 | 5 | 6 | 1 | 1 | 6% |
31 to 100 | 3 | 1 | 0 | 1 | 2% |
101 to 1000 | 1 | 1 | 0 | 0 | 1% |
Over 1000 | 1 | 0 | 1 | 0 | 1% |
Unclear | 5 | 4 | 3 | 1 | 6% |
Total | 58% | 22% | 14% | 6% | 100.00% |
The Committee strongly encourages agencies to advise affected parties of a breach unless there is a significant reason not to do so. This ensures affected parties are aware of any possible implications and builds trust through transparency and accountability by the agency.
State Records continues to support the Committee by reviewing the notifications process to ensure it is delivering the required benefits. A review of the governments Personal Information Breach Guideline occurred over 2024-25 which included agency consultation.
The updated guideline:
- expands on what characterises a breach and how it impacts affected parties
- prescribes the steps to be taken when a breach occurs
- clarifies the information required to be reported to the Committee and other authorities and when a breach should be reported
- includes a breach risk assessment to assist agencies to determine the severity of breaches, and
- provides example scenarios to further assist agencies.
The Personal Information Breach Notification template was also updated.
State Records also continues to educate agencies on the importance of only collecting the personal information needed to perform a service and to avoid retaining it longer than legally required, thereby minimising the risk of harm should a breach occur.
Principal officers of state government agencies have the responsibility to ensure the IPPI is implemented, maintained, and observed for, and in respect of, all personal information for which their agency is responsible.
Advice is provided to state government agencies to help them comply with the IPPI and ensure privacy is considered in the development of new projects and initiatives. Policy and other guidance materials are issued to support agencies.
State Records developed and published a new training course, “An introduction to the Information Privacy Principles Instruction”. This course provides an overview of the principles contained within the IPPI and will help the user to:
- recognise privacy and personal information
- apply the IPPI
- interpret the IPPs
- understand the Committee’s functions
- apply other privacy governance in South Australia.
State Records has begun developing a new General Disposal Schedule (GDS) authorising the disposal of certain identity verification documents under the State Records Act 1997. This GDS and supporting guidance, provides agencies with an opportunity to reduce the retention of personal information no longer needed for a business purpose, thereby reducing the risk of a privacy breach. Consultation and release of the guidance and new GDS is set to occur in the second half of 2025.
The Committee is represented by the Presiding Member on Privacy Authorities Australia (PAA). State Records staff participate in three PAA working groups on policy, complaints and enforcement, and communications.
Appendix: Exemptions from the IPPI granted 2024-25
Clause 4 of the Proclamation provides the Committee may exempt a person or body from one or more of the IPPs on such conditions as the Committee sees fit.
All exemptions require:
- the security of the personal information to be managed in line with the South Australian Protective Security Management Framework (in compliance with Premier and Cabinet Circular 30) and the agency’s security management systems and practices, and
- destruction or retention of the personal information must be undertaken in accordance with a disposal authority under the State Records Act 1997.
The following exemptions and extensions were granted during 2024-2025.
Exemptions
This exemption is from compliance with Principle 10, allowing the disclosure of personal information obtained by an on duty member of SAPOL at National Australian Football League (AFL) matches to an authorised AFL officer (AFLO) for the purpose of the AFLO issuing an AFL Banning Notice.
The personal information to be disclosed by SAPOL to an AFLO relates to patrons who have been arrested, reported and/or evicted from an AFL match by an on duty member of SAPOL.
The information to be disclosed is; family name, given name(s), current residential address, date of birth, photograph (if taken).
All other Principles continue to apply.
Conditions
Exemption is granted on the condition that information disclosed to the AFL by SAPOL is only used for the purpose of issuing of a banning notice.
Exemption is granted on the condition that once transferred and disclosed, the AFL will store the personal information securely and the information will only be accessed by members of the AFL Integrity and Security Department.
SAPOL is responsible for the secure transfer of personal information in line with the IPPs.
Exemption approved 14 May 2025 to 31 December 2026.
This exemption is from compliance with Principle 10, allowing SA Health DLU to disclose personal information included in the SA NT DataLink Master Linkage File to the ABS, as a third-party Accredited Linkage Agency, to enable the linkage of the Commonwealth Person Level Integrated Data Asset (PLIDA) platform to the SA Better Evidence, Better Outcomes, Linked Data (BEBOLD) platform.
The personal information is limited to file type ID, project specific linkage key, project specific record ID, surname, first name, middle names, date of birth, date of death, sex, address, suburb, postcode, state.
All other Principles continue to apply.
Conditions
The information is only to be used for the creation of Master Linkage Keys in the further development of the Master Linkage File as part of the SA NT Data Linkage System. The exemption is provided on the condition the personal information is only to be accessed by officers of SA Health within the Data Linkage Unit.
SA Health remains responsible for the secure transfer and storage of personal information in line with the IPPs.
This exemption is conditional on SA Health DLU or successor having a current Agreement in place or undertaking to establish an Agreement with parties in the data linkage process.
Exemption approved 24 July 2024 – backdated 9 July 2024 to 30 June 2025.
Extensions
This exemption applies to both the Department for Energy and Mining (DEM) and the Department for Infrastructure and Transport (DIT), concerning personal information contained in drawn representations of the underground on-site sanitary plumbing work within a specific property (also described as historical as-constructed sanitary drainage drawings) held by the Office of the Technical Regulator within DEM.
This is an exemption from Principles 6 and 9 in relation to the drawings. This is also an exemption from Principle 10 for the purpose of disclosing the drawings:
- between DEM and DIT for the purpose of creating online access to the drawings by the public, and
- to the public.
The personal information consists of the name of persons who currently or previously owned a property, the address of that property, the name and contact details of the plumber who undertook the plumbing work to install the sanitary drains on the property and the location of the sanitary drains on the property.
All other Principles continue to apply.
Conditions
Where possible, the name of the property owner and name and contact details of the plumber are deleted from the sanitary drain drawings prior to release to DIT or the public, and
The process is maintained that allows a person to apply to have the sanitary drain drawing of a property that he or she owns, or lives in, suppressed from access by the public.
DEM and DIT remain responsible for the secure transfer of personal information in line with the IPPs.
Extension approved 17 September 2024 – 1 January 2025 to 31 December 2028.
All were approved on the condition the information is only to be used for the creation of Master Linkage Keys in the further development of the Master Linkage File as part of the SA NT Data Linkage System. The exemption is provided on the condition the personal information is only to be accessed by officers of SA Health within the Data Linkage Unit.
Exemption A
This exemption applies to the SA Health DLU and Consumer and Business Services (CBS) in the Attorney General’s Department. It is an exemption from compliance with:
- Principle 10, allowing CBS to disclose personal information to the SA Health DLU, and
- Principle 8, allowing SA Health DLU to use personal information for a purpose that was not the purpose of the collection of that information – namely in the establishment of the Master Linkage File as part of the Data Linkage System.
The personal information to be used is from South Australian births and deaths datasets, and is limited to:
Death Dataset: Unique record identifier (registration number); names (all names where available including surnames, surnames at birth, given names and given names at birth); date of birth; date of death; age at death; place of birth; place of death; sex; Aboriginality and/or Torres Strait Islander indicator; full residential address, including geocodes, where available; correction indicator (if a record previously reported is being re-reported due to a correction in the register); father/co-parent (type, surnames, surnames at birth, given names, occupation); and mother (type, surnames, surnames at birth, given names, occupation). The personal information to be used from the deaths dataset is limited to death records created after 1/1/1990.
Birth Dataset: Unique record identifier (registration number); Names (all names where available including surnames, surnames at birth, given names and given names at birth); Full residential address, including geocodes where available; Sex; Date of birth; Place of birth; Mother’s Aboriginal indicator; Mother’s Torres Strait Islander indicator; Father’s/Co-parent’s Aboriginal indicator; Father’s/Co-parent’s Torres Strait Islander indicator; Mother’s date of birth; Father’s/Co-parent’s date of birth; Birth weight (in grams); Plurality – order (only available for multiple births e.g. twins); Plurality – total (only available for multiple births e.g. twins); Mother’s occupation title; Father’s/Co-parent’s occupation title; correction indicator (if a record previously reported is being re-reported due to a correction in the register); marriage type; date of marriage; place of marriage; and previous children of this relationship (given names, sex, date of birth, living indicator).
The personal information to be used from the births dataset is limited to birth records created after 1/1/1944. The disclosure will include any of the above information provided for other family members that is included in these records.
All other Principles continue to apply.
Approvals
|
Exemption C
This exemption applies to SA Health DLU and the Department for Human Services (DHS) Youth Justice branch. It is an exemption from compliance with:
- Principle 10, permitting DHS Youth Justice to disclose personal information to SA Health DLU, and
- Principle 8, allowing SA Health DLU to use personal information for a purpose that was not the purpose of the collection of that information – namely the creation of master linkage keys as part of the SA NT Data Linkage System by the Data Linkage Unit.
The personal information is limited to: Unique record identifier (i.e. episode reference number); Unique person identifier where available; Given name(s) (including all ‘akas’, aliases and nicknames); Date of birth; Sex; Aboriginality and/or Torres Strait Islander indicator; Country of birth; Full address including geocodes where available; and the full name and date of birth of the mother and father of the child or young person where available.
All other Principles continue to apply.
Approvals
|
Exemption D
This exemption applies to SA Health DLU and the Department for Education (DE). It is an exemption from compliance with:
- Principle 10, permitting DE to disclose personal information to SA Health DLU, and
- Principle 8, allowing SA Health DLU to use personal information for a purpose that was not the purpose of the collection of that information.
The personal information to be used is from the DE Public Schools Enrolment dataset, including preschools and is limited to: Record Identifier; Personal Identifier; Names; Date of Birth; Sex; Aboriginality, Torres Strait Islander Indicator; Country of Birth; Full address including Geocodes if available; Parent / Guardian Identifier; Date Enrolled; Date Left; Destination School; Census year; Census term; 85 File Number; and any of the above information provided for other family members and included in these records including family code.
All other Principles continue to apply.
Approvals
|
Exemption E
This exemption applies to SA Health DLU and Department for Education (DE). It is an exemption from compliance with:
- Principle 10, permitting DE to disclose personal information to SA Health DLU for the purpose of enabling a more complete understanding of the early childhood sector and pathways in child health and development when developing policy, research and strategic plans, and
- Principle 8, allowing SA Health DLU to use personal information for a purpose that was not the purpose of the collection of that information – for the purposes of data linkage.
The personal information to be used is from DE preschool enrolment census data for non-government and private schools. The personal information to be used was initially for the period between 2012 and 2017, representing approximately 110,000 students, with annual updates being sought, with an expectation that each update is to include approximately 18,500 new students.
The personal information includes linkage variables of: Record identifier; Personal identifier; Names – all names including nicknames, aliases and aka; Date of birth; Sex; Aboriginality, Torres Strait Islander Indicator; Country of birth; Full address including geocodes if available; Site name; Site ID; and Census year.
All other Principles continue to apply.
Approvals
|
Exemption F
This exemption applies to SA Health DLU and the Electoral Commission of South Australia (ECSA). It is an exemption from compliance with:
- Principle 10, permitting ECSA to disclose personal information to SA Health DLU, and
- Principles 2 and 8, allowing SA Health DLU to collect and use personal information for a purpose that was not the purpose of the collection of that information.
The personal information to be used is from the ECSA South Australian Electoral Roll dataset and is limited to: Elector Number; Title; Family Name; Given Names; Date of Birth; Country of Birth (3 character code); Sex; Address Line 1, 2 and 3 (including State and postcode); and any of the above information provided for other family members and included in these records.
Excluded from the dataset is information relating to ‘silent electors’ and those individuals who have sought to be ‘provisionally enrolled’.
All other Principles continue to apply.
Approvals
|
Exemption G
This exemption applies to SA Health DLU and the South Australian Housing Authority (SAHA). It is an exemption from compliance with:
- Principle 10, permitting SAHA to disclose personal information from the Housing SA dataset and the Homelessness to Home (H2H) dataset to SA Health DLU, and
- Principle 8, allowing SA Health DLU to use personal information for a purpose that was not the purpose of the collection of that information – namely for the creation of master linkage keys as part of the establishment of the Data Linkage System.
The personal information from the Housing SA dataset is limited to: Unique Person Identifier; System Date; Names, all names including nicknames, aliases and aka; Date of Birth; Sex; Title; Aboriginality and/or Torres Strait Islander identifier; Country of Birth; Full address including geocodes if available; and any of the above information provided for other family members and included in these records.
The personal information from the Homelessness to Home (H2H) dataset is limited to: H2H customer number; Housing SA customer number; Given names; Surname; Date of birth; Sex; Aboriginality and/or Torres Strait Islander indicator; Country of birth; Full address details, including past addresses where available; System date; and any of the above information provided for other family members and included in these records.
All other Principles continue to apply.
Approvals
|
Exemption H
This exemption applies to SA Health DLU and the Department for Correctional Services (DCS). It is an exemption from compliance with:
- Principle 10, permitting DCS to disclose personal information to SA Health DLU, and
- Principle 8, allowing SA Health DLU to use personal information for a purpose that was not the purpose of the collection of that information – namely to enable researchers and policy analysist to develop and disseminate a more comprehensive understanding of health, education and justice system pathways and outcomes.
The personal information to be disclosed by DCS relates to individuals who have been sentenced to a period of supervision, either in a custodial setting or in the community and is limited to: DCS IDs; JIS PIN; Entry and exit dates; Surnames (including previous names and maiden names); Given Name(s) (all including “aka’s”, aliases and nicknames); Date of Birth (DD/MM/YYYY); Sex; Residential address and postcodes (including previous addresses); and Aboriginal and Torres Strait Islander indicator.
All other Principles continue to apply.
Approvals
|
Exemption I
This exemption applies to SA Health DLU and the Department of Human Services (DHS) – SA Concessions. It is an exemption from compliance with:
- Principle 8, allowing SA Health DLU to use the personal information received from DHS – SA concessions for a purpose that was not the primary purpose of the collection of that information; and
- Principle 10, permitting SA Health DLU to disclose personal information from the DHS – SA concession dataset to the Data Linkage Unit within SA NT DataLink and successors.
The personal information is limited to dataset name, Unique ID, record date, person ID, name(s) including alias and nicknames, date of birth, Aboriginal Torres Strait Islander Status, address and previous address where available and phone number.
All other Principles continue to apply.
Approvals
|
Exemption J
This exemption applies to SA Health DLU and the Department of Human Services (DHS) – Child and Family Support System Pathways (CFSS). It is an exemption from compliance with:
- Principle 8, allowing SA Health DLU to use the personal information received from DHS – Child and Family Support System Pathways (CFSS) for a purpose that was not the primary purpose of the collection of that information; and
- Principle 10, permitting SA Health DLU to disclose personal information from the DHS – Child and Family Support System Pathways (CFSS) dataset to the Data Linkage Unit within SA NT DataLink and successors.
The personal information is limited to name, date of birth, place of birth, sex, Aboriginal Torres Strait Islander Status, family ID, family name, family start date, address, site name, site State.
All other Principles continue to apply.
Approvals
|
Exemption K
This exemption applies to SA Health DLU relating to information from SA Department for Health and Wellbeing (DHW) Flinders Medical Centre – Flinders First Infant Risk Study. It is an exemption from compliance with:
- Principle 8, allowing SA Health DLU to use the personal information received from DHW Flinders Medical Centre – Flinders First Infant Risk Study for a purpose that was not the primary purpose of the collection of that information; and
- Principle 10, permitting SA Health DLU to disclose personal information from DHW Flinders Medical Centre – Flinders First Infant Risk Study dataset to the Data Linkage Unit within SA NT DataLink and successors.
The personal information is limited to family ID (urn), name, date of birth, sex, plural, birth order, birth outcome, date of death, birth weight, gestational weeks, postcode, maternal name, maternal date of birth, deliver date time, date admitted, date discharged, maternal partner name.
All other Principles continue to apply.
Approvals
|
Exemption L
This exemption applies to SA Health DLU relating to information from Department for Health and Wellbeing (DHW) – Chronic Obstructive Pulmonary Disease cohort. It is an exemption from compliance with:
- Principle 8, allowing SA NT DataLink to use the personal information received from DHW – Chronic Obstructive Pulmonary Disease cohort for a purpose that was not the primary purpose of the collection of that information; and
- Principle 10, permitting SA NT DataLink to disclose personal information from DHW - Chronic Obstructive Pulmonary Disease cohort dataset to the Data Linkage Unit within SA NT DataLink and successors.
The personal information is limited to name, date of birth, sex, patient ID.
All other Principles continue to apply.
Approvals
|
Exemption M
This exemption applies to SA Health DLU relating to information from SA Department for Health and Wellbeing (DHW) – Coronary Angiogram Database of SA. It is an exemption from compliance with:
- Principle 8, allowing SA Health DLU to use the personal information received from DHW – Coronary Angiogram Database of SA for a purpose that was not the primary purpose of the collection of that information; and
- Principle 10, permitting SA Health DLU to disclose personal information from DHW – Coronary Angiogram Database of SA dataset to the Data Linkage Unit within SA NT DataLink and successors.
The personal information is limited to name, date of birth, sex, patient ID, event dates.
All other Principles continue to apply.
Approvals
|
Exemption N
This exemption applies to SA Health DLU relating to information from SA Department for Health and Wellbeing (DHW) – SA Biopsy Positive Giant Cell Arteritis. It is an exemption from compliance with:
- Principle 8, allowing SA Health DLU to use the personal information received from DHW – SA Biopsy Positive Giant Cell Arteritis for a purpose that was not the primary purpose of the collection of that information; and
- Principle 10, permitting SA Health DLU to disclose personal information from DHW – SA Biopsy Positive Giant Cell Arteritis dataset to the Data Linkage Unit within SA NT DataLink and successors.
The personal information is limited to name, date of birth, sex, patient ID, event dates.
All other Principles continue to apply.
Approvals
|
Exemption O
This exemption applies to SA Health DLU relating to information from the University of Adelaide – North West Adelaide Health Study. It is an exemption from compliance with:
- Principle 2, where SA Health DLU has collected or received personal information from the University of Adelaide – North West Adelaide Health Study; and
- Principle 8, allowing SA Health DLU to use the personal information received from the University of Adelaide – North West Adelaide Health Study for a purpose that was not the primary purpose of the collection of that information.
The personal information is limited to name, date of birth, age, gender, address, previous address, study flag.
All other Principles continue to apply.
Approvals
|
Exemption P
This exemption applies to SA Health DLU relating to information from the University of Adelaide – Florey Adelaide Male Ageing Study. It is an exemption from compliance with:
- Principle 2, where SA Health DLU has collected or received personal information from the University of Adelaide – Florey Adelaide Male Ageing Study; and
- Principle 8, allowing SA Health DLU to use the personal information received from the University of Adelaide – Florey Adelaide Male Ageing Study for a purpose that was not the primary purpose of the collection of that information.
The personal information is limited to name, date of birth, age, gender, address, previous address, study flag.
All other Principles continue to apply.
Approvals
|
Exemption Q
This exemption applies to SA Health DLU relating to information from the University of Adelaide – The South Australian Dental Longitudinal Study cohort 1 and 2. It is an exemption from compliance with:
- Principle 2, where SA Health DLU has collected or received personal information from the University of Adelaide – The South Australian Dental Longitudinal Study cohort 1 and 2; and
- Principle 8, allowing SA Health DLU to use the personal information received from the University of Adelaide – The South Australian Dental Longitudinal Study cohort 1 and 2 for a purpose that was not the primary purpose of the collection of that information.
The personal information is limited to name, age at baseline, sex, address.
All other Principles continue to apply.
Approvals
|
Exemption R
This exemption applies to the SA Health DLU relating to information from The Australian Centre for Social Innovation (TACSI). It is an exemption from compliance with:
- Principle 2, where SA Health DLU has collected or received personal information from The Australian Centre for Social Innovation (TACSI); and
- Principle 8, allowing SA Health DLU to use the personal information received from The Australian Centre for Social Innovation (TACSI) for a purpose that was not the primary purpose of the collection of that information.
The personal information is limited to ID, name, date of birth, Aboriginal Torres Strait Islander Status, person creation date, family ID, family name, gender, family created date, family start date, address, site State, site name.
All other Principles continue to apply.
Approvals
|
Exemption S
This exemption applies to SA Health DLU relating to information from Good Start Early Learning - GoodStart. It is an exemption from compliance with:
- Principle 2, where SA Health DLU has collected or received personal information from Good Start Early Learning - GoodStart; and
- Principle 8, allowing SA Health DLU to use the personal information received from Good Start Early Learning - GoodStart for a purpose that was not the primary purpose of the collection of that information.
The personal information is limited to ID, child_group, family_ID, child name, child gender, child first attended date, primary contact name, primary contact relationship, primary contact date of birth, primary contact address, SA1 code, SA2 code.
All other Principles continue to apply.
Approvals
|
Exemption U
This exemption applies to SA Health DLU relating to information from the Northern Territory and various third party datasets. It is an exemption from compliance with:
- Principle 2, allowing SA Health DLU to collect personal information from third parties outside the South Australian government for the purpose and connected with the technical data linkage functions of the SA NT DataLink; and
Principle 8, allowing SA Health DLU to use that personal information for a purpose that was not the primary purpose of the collection of that information.
Northern Territory and Other Third Party Datasets* | ||
|---|---|---|
Deed/Schedule 2 | Years – to most recent | Identifying information |
Northern Territory Government | ||
NT Department of the Attorney General & Justice - Deed of Agreement | ||
NT Births Register | 1/1/1868 – 31/07/2023 | Registration Number, Name and previously known names, DOB, Place of Birth, Sex, Aboriginal Torres Strait Islander Indicator, Multiple Birth Plurality Order, Multiple Birth Plurality Total, Birth Weight (grams) + For Mother and Father separately: Address and Postcode, Name and Mothers Maiden Name, DOB, Place of Birth, Occupation, Aboriginal Torres Strait Islander Indicator + Date of Marriage, Place of Marriage, Marriage type (traditional/legal) + Previous children of this relationship: Names, Sex, DOB, living indicator) |
NT Deaths Register | 1/1/1870 – 31/07/2023 | Registration Number, Full Name and previously known names, DOB, Date of Death, Age at Death, Place of Death, Place of Birth, Sex, Aboriginal Torres Strait Islander Indicator, Residential Address and Postcode. |
Integrated Justice Information System incl. IOMS for adults | 1/1/1997* – 2/4/2019 | Data for linkage provided from 1992, research data only available from 1997. IJIS Identifier, DOB, Sex, Name and previously known names, Indigenous Status, Address and Postcode (at time of birth, last known and time stamp). |
NT Police, Fire and Emergency Services - Deed of Agreement | ||
Police Real-time OnIine Management Information System | 1/7/2014 – 26/11/2019 | Person Identifier, Name, DOB, Gender, Race, Current Address and Postcode, Location Identifier (internal identifier for address number), Date of Address (most recent link), Date of extract. |
NT Department of Health - Deed of Agreement | ||
Client Master Index (CMI) | 1/1/1991 – 27/07/2023 | Hospital Record Number (HRN), Alternate HRN flag, Primary HRN, DOB, Deceased Flag, Sex, Names, previous names and aliases, Indigenous Status, Address and Postcode. |
Inpatient Activity | 1/7/2000 – 30/06/2022 | Based on date of discharge HRN, Discharge date, episode number. |
Perinatal Trends (incl. DPH from 2014) | 1/1/1986 – 31/12/2021 | Peri Identifier +
|
Immunisation Register [HISTORIC - DECOMMISSIONED] | 1/1/1991 – 30/6/2018 | HRN, Names, previous names and aliases, DOB, Sex, Indigenous Status, Address and Postcode at time of immunisation, Immunisation Event Date. |
NT Cancer Register | 1/1/1991 – 31/12/2020 | Patient identifier, Current HRN, Expired or Duplicate HRNs, Names and aliases, Address and Postcode at time of diagnosis, Current Address and Postcode, Country of Birth, Indigenous Status, Sex, DOB, Estimated DOB (y/n), NT BDM Death Registration Number, Date of Death if notified. Tumour record number, date of diagnosis. |
Primary Health Care Collection | 1/7/2008 – 30/06/2022 | HRN, Event Id, Date of Medical Event. |
Emergency Department Activity Collection | 1/7/2000 – 30/06/2022 | HRN, episode id, attendance date. |
Hospital Pharmacy | 1/7/2006 – present | No data transferred. The agreement allows for the release of project specific linkage keys and HRNs for HREC approved projects. |
Hearing Health Data Collection - Remote - Urban | 1/1/2008 - 31/12/2019 1/1/2014 – 31/12/19 | Remote: HRN, Names, DOB, Sex, Ethnicity, Community, Secondary Community, Deceased, Deceased Date,. Date stamp. Urban: Client Id (historical), HRN, Names, DOB, Ethnicity, Address and Postcode, Mailing Address and Postcode, Date stamp. |
NT Rheumatic Heart Disease Register | 1997 – 22/1/2018 | HRN, Names and preferred names, DOB, Sex, Aboriginal Status, deceased indicator, Date of Death, Primary health Care Clinic, Region of Clinic, Date stamp. |
NT Notifiable Diseases System | 1/1/1999 – 31/12/2020 | Notification identifier, HRN, Sex, Names, DOB, Address, Residential Location, Residential Postcode, Indigenous Status, Date stamp. |
BreastScreenNT | 28/11/1994 – 31/12/2017 | Client Identifier, Names, Postal Address, Residential Address and Postcode, DOB, Maiden Name, Country of Birth, Aboriginal Torres Strait islander status, Appointment date, Appointment Reference Number. |
CervicalScreenNT [HISTORIC COLLECTION] | 11/3/1996 – 31/11/2017 | Client ID, HRN, Names, previous names and Aliases, DOB, Address and Postcode, Client State, Aboriginal Torres Strait islander status, Year of Death, Date of test, Unique results identifier. |
Mental Health Activity Collection - Acute Inpatient (via Inpatient Activity) - Community CCIS | 1/7/2004 – 30/6/2022 1/7/2004 – 30/6/2022 | HRN, Discharge date, Episode number HRN, Event Start Date, Event Identifier |
Hospital Admission Trends | 1/1/1992 – 30/06/2022 | HRN, Indigenous Status, DOB, Sex, Locality Code, State, separation date of inpatient event. Episode number. |
Territory Families, Housing and Communities - Deed of Agreement | ||
Child Protection | 1/7/1998 – 30/6/2021 | HRN Child protection Flag sits along side the HRN in the CMI Dataset for the purposes of identifying the person exists in the Child Protection Dataset. |
Integrated Offender Management System (Juveniles) | 1/1/1997 – 2/4/2019 | IJIS Identifier, DOB, Sex, Name and previously known names, Indigenous Status, Address and Residential Postcode (at time of birth, last known and time stamp). |
NT Department of Housing - Deed of Agreement | ||
Tenancy Management System (Urban) | 1/1/1991 – 30/6/2014 | For Primary Client: Primary Client Number, Group Number, Application Number, Client Name and previously known names, Sex, DOB, Ethnic Origin, Address and Postcode. For Accompanying Members: Accompanying Client Number, Relationship to Primary Client, Association Type, Name and previously known names, Sex, DOB, Ethnic Origin. |
NT Department of Education - Deed of Agreement | ||
Student Activity; Attendance; Enrolments; Assessment of Student Competencies | 1/1/2005 –31/12/2021 | Master Student ID, Student ID, Name(s), DOB, Gender, Address and Postcode, Indigenous Status, Census Year (e.g. 2021), Year Level (e.g. Year 9). |
NAPLAN (NTG, Catholic Ed & Christian Schools) | 1/1/2008 –31/12/2021 | Student ID, Name, DOB, Gender, Assessment Year Level (3,5,7,9), Calendar Year |
Non Government Sector | ||
Menzies School of Health Research - Deed of Agreement | ||
Ear Health Clinical Database (BIGDATA) | 1/1/1992 – 31/12/2018 | BIGDATA_id, Participant Identifier, NTG Public Hospital Record Number (HRN*), DOB, Sex, Name, Community Location, State, date of collection. *HRN agreement from NT Dept of Health to receive this field from 1991, this links to the Primary HRN, Alternate HRN, DOB, Death timestamp, Sex, Names, Indigenous Status, Address and Postcode. |
Aboriginal Community Controlled Health Organisations | ||
Central Australian Aboriginal Congress - Deed of Agreement | ||
Communicare: Congress Urban Medical Clinics Congress Remote auspiced: - Amoonguna Health Service - Mutitjulu Health Service - Santa Teresa (Mpwelarre) Health Service - Utju (Areyonga) Health | 1//1/2008 – 21/6/2021 (start dates vary for CAAC Remote) | Patient ID, HRN, Names, Previous Names and Aliases, Sex, DOB, Indigenous Status, Primary Address, Previous Addressed and dates, Date of Death, Date of extract. |
Katherine West Health Board - Deed of Agreement | ||
Communicare | 1/1/2010 – 30/06/21 | Site Identifier, patient identifier, HRN, , Previous Names and Aliases, Sex, DOB, Indigenous Status, Primary Address, Previous Addressed and years resident, Date of Death, Date of last contact, Date of extract. |
Miwatj Aboriginal Health Corporation - Deed of Agreement | ||
Communicare | 01/01/2010 – 30/06/2021 | Site Identifier, patient identifier, HRN, , Previous Names and Aliases, Sex, DOB, Indigenous Status, Primary Address, Previous Addressed and years resident, Date of Death, Date of last contact, Date of extract. |
Ngaanyatjarra Health Service (WA) - Deed of Agreement | ||
Communicare | 1/1/2010 – 11/10/2021 | Site Identifier, patient identifier, HRN, , Previous Names and Aliases, Sex, DOB, Indigenous Status, Primary Address, Previous Addressed and years resident, Date of Death, Date of last contact, Date of extract. |
Danila Dilba Health Service - Deed of Agreement | ||
Communicare | 1/1/2010 – 30/06/2021 | Site Identifier, patient identifier, HRN, , Previous Names and Aliases, Sex, DOB, Indigenous Status, Primary Address, Previous Addressed and years resident, Date of Death, Date of last contact, Date of extract. |
Commonwealth/National Collections | ||
Australia and New Zealand Dialysis and Transplant Registry - Deed of Agreement | ||
ANZData (SA and NT) | 1/1/1963 – 31/12/2022 | Patient ID, Record Date, Initial and subsequent hospital/unit identifiers, Initial and subsequent state/territory, Names (including maiden, previous aliases, and nick names) m DOB, Date of Death, Gender, Racial Origin, Country of Birth, initial and subsequent postcodes |
Commonwealth of Australia acting through the Department for Education - Deed of Agreement | The provision of Australian Early Development Census (AEDC) data for the purposes of analysis, research and undertaking data linkage projects | |
Australian Early Development Census (Cwth) (national collection) | 2009 - 2021 | Year, Student Identifier, Name, DOB, Sex, School Identifier, School Name, Address, State of residence, Country of Birth, Place of Birth |
Australian Coordinating Registry, QLD BDM** - Application and Letter of Approval | Codified Cause of Death for SA and NT | |
ACR COD-URF National Cause of Death Unit Record File for SA and NT **Some identifying information was provided to the SA NT DataLink linkage unit up until 2021, this is not used as the link to Births and Deaths Data is via a Registration Number and Mortality Identifier provided to the Integration Unit (ie no personal information is required to generate project specific linkage keys from BDM) | 2006 – 2022 | This links to Births and Deaths Data via a Registration Number and Mortality Identifier providing additional information on cause of death for researchers. Information collected but not used in the Master Linkage File: Registration Identifier, Mortality Identifier, Birth Day, Birth Month Not received since 2021. Is not included in the Master Linkage File. |
*in keeping with the Separation Principle of Data Linkage. SA NT DataLink’s Master Linkage File only holds person and record identifiers; the Researcher is provided with de-identified data Content data by the Data Custodian, appended to Project Specific Linkage Keys generated by SA NT DataLink.
Data provided by the Data Custodians in the NT subject to the information ACT (NT).
All other Principles continue to apply.
Approvals
|