The man in charge of this year’s Census has moved to reassure Australians that their personal information is secure and will not be given to other government agencies or kept indefinitely.

The Australian Bureau of Statistics (ABS) announced late last year that it would collect and retain personal data from the 2016 Census. Much of the data is sensitive, including names and addresses and information on religion, ethnicity, employment, health and education. The ABS wants to retain it in order to combine Census data with other datasets for a “richer and dynamic statistical picture of Australia.”

The Australian Privacy Foundation (APF) and Electronic Frontier Australia have raised concerns that information might be hacked, misused by ABS staff or given to other government agencies such as the Tax Office, ASIO or the Department of Human Services.

Both have warned that the move could result in people not completing their Census forms or writing rubbish on Census day, August 9.

But the Head of Census 2016, Duncan Young said the data was secure and would not be used by other agencies, while also hosing down speculation that some people would refuse to complete the Census or write rubbish.

He said Census data will be stored in three separate “vaults” and ABS staff can only access one dataset. The three (isolated) vaults are: names, addresses and the rest of the Census data.

Names are never stored with other Census data but instead “anonymised”, which means they are in the form of an alphanumeric code in a one-way encryption process so that it can’t be traced back.

“No staff member could maliciously or inadvertently access or identifiable information. This separation is part of many layers of protection against hackers, as well,” Mr Young said, while also pointing out that hackers had never penetrated the ABS environment, let alone its individual layers.

He said there was public support for retaining the information so that cross-tabulating datasets could deliver more complex and accurate information, for example, on indigenous life expectancy or the outcomes of migrants in the community.

“When we talk to members of the public about this and explain the protections in place and the potential for their data to help other Australians and the country as a whole, they’re strongly supportive. In fact, a large number of them are quite shocked that we aren’t doing this already.”

The ABS has promised it will destroy Census data within four years, or earlier if it was no longer publicly useful.

Countries such as Canada, New Zealand, Ireland and the UK all retain Census names and addresses forever.

Mr Young said 111-year old legislation strictly governed the privacy of data and prohibited the Bureau from releasing it to anybody else.

“It explicitly says that the ABS can’t release it to other agencies, such as tribunals or courts. It’s a very strong protection and it’s the cornerstone of what we have built our national statistical system on.

“Two houses of Parliament would have to be willing to dismantle this key part of democracy and an independent statistics agency.”

He said Australia had some of the world-leading Census response rates.

“People provide their names and addresses trusting that we will protect and manage them and operate in an independent way as an agency.

“We believe that Australians will continue to support the Census very strongly as they have in the past [though] there will always be small numbers of people that haven’t been willing to participate.”

But despite Mr Young’s assurances, privacy groups remain concerned about the proposed changes.

David Vaile, Vice-Chair of the Australian Privacy Foundation, said the dangers of de-identified data being re-identified were greater than in the past.

“Every week we hear that some commercial entity has been hacked and that’s because the commercial advantage is with the hackers,” Mr Vaile said. “No-one can credibly now say that any dataset can be protected against a motivated intruder indefinitely.”

He said that government and business had become increasingly cavalier with people’s personal data.

“They are being very unsympathetic … around confidentiality, privacy and personal information security and control and they have felt they can probably get away with it, so let’s just focus on our needs and interests.”

Mr Vaile said the Privacy Impact Assessment (PIA) conducted by the Bureau before it announced the changes was not independent and failed to consult enough stakeholders, such as privacy organisations.

He said the Census should be voluntarily until a more thorough PIA had been done.

“They have created a criminal offence about something that’s a question of conscience. Of course, that raises questions about the completeness and accuracy of the data.”

With the fine for not returning a Census form standing at up to $180 per day, taking a stand could prove a seriously expensive endeavour.

Conducting the Census in Australia every five years also comes at a price.

Operational costs for the 2016 Census (over two years) are expected to be around $272 million, although Mr Young says this is $100 million less than the final bill for Census 2011, as more people are expected to complete it online.

The previous Abbott government floated the idea of holding the headcount every decade or abolishing it entirely in favour of data sampling, which would be much cheaper.

Mr Young said Census data would always be critical but it was reasonable to look at cheaper, quicker and less burdensome ways of collecting it.