Separation principle: Approach 2 (internal separation)

The data custodians provide the full (encrypted) dataset to the integrating authority and the integrating authority applies the separation principle

In this example, the integrating authority may apply the separation principle through role separation. This is achieved by limiting the number of roles that any person within an integrating authority can have at one time and limiting the level of access to datasets associated with the project:

  • people linking records can access the identifying information needed to create linkage keys (i.e. key demographic information used for linking, such as date of birth, and identifiers such as name, address, Australian Business Number), but no other information contained on individual records. The linking of records could be done by staff within the integrating authority or outsourced (see Outsourcing and working in partnership)
  • people merging records can access only the linkage key and the analysis or content data, but not linking or identifying information on individual records. The linkage key replaces the identifying information. The merging of records must be done by authorised people within the integrating authority, who are also responsible for appropriately confidentialising the data before it is provided to researchers.
  • people analysing integrated datasets (researchers) cannot access identifying information for individual records and also receive access to confidentialised data specific to their project. The extent to which data is confidentialised will depend partly on the legislation governing access and use of the data.

This approach involves using access control lists that are strictly monitored and controlled. No individual can have access to more than one role at a time and no role allows the entire combined files to be viewed. However, an individual may link records at one point and later be allocated a different role, such as an analyst. Once the roles are changed that person no longer has access to the linking variables.

The Australian Bureau of Statistics is one agency that uses this approach – details can be found in the ABS's application for accreditation at

For more information about applying the separation principle see: