National Data Custodian

A custodian of system integrity.

Key points

Sourced from chapter 6 of the Productivity Commission's Final Report

Comprehensive reform to data availability and use will require a change to the culture around the sharing and release of data. While establishing an institutional structure for data sharing and release is necessary, it will also be important to ensure consistent leadership and technical direction for implementation of reforms to Australia’s data infrastructure, and in building trust between jurisdictions and across sectors.

The Commission has recommended that a new national statutory office holder, the National Data Custodian (NDC), be established that would enable a national (beyond just one Australian government) focus on data access, ensure ongoing leadership and technical direction for data access in Australia, and withstand changes in governments.

The NDC would be an individual with significant expertise in data and the benefits that can flow from data use, but would also have an understanding of community attitudes to data use and the importance of maintaining a social license for that data use. The Productivity Commission sees the NDC being supported by a small independent authority - the Office of the National Data Custodian. Such a body would have the capability to facilitate a coordinated, whole-of-government approach to data sharing and release, whilst maintaining public trust.

As part of its internal structure, the Office of the NDC should include a small advisory board, with an orientation towards technical skills. The advisory board could be comprised of appropriately qualified members from the research community, relevant Commonwealth, State and Territory Government agencies, or the private sector.

The Office of the NDC should also include a dedicated ethics advisor with expertise in data, who could give overall guidance on ethical issues, and provide advice and expertise.

The NDC should have responsibility for the broad oversight and ongoing monitoring of and public reporting on Australia’s national data system and the operation of the Data Sharing and Release Act, for recommending designation of National Interest Datasets, for providing practical guidance material on matters such as risk management, data curation and metadata, data security, data de-identification and trusted user models, for accrediting and promoting cooperation between Accredited Release Authorities (ARAs) and for publicly reporting on proven data breaches and ‘good news stories’ on beneficial uses of data.

Please send comments or enquiries to the Taskforce via

Productivity Commission Recommendations

6.6, 6.7, 6.11, 6.13, 7.4, 9.4 and 10.2

Recommendationsort ascending Description

Funding should be provided to agencies for the curation and release of those datasets determined through the central data agency’s public request process (recommendation 6.5) to be of high value with a strong public interest case for their release. This funding should be limited and supplemental in nature, payable only in the event that agencies make the datasets available through public release.

Funding would also be required for the Office of the National Data Custodian, for functions undertaken by Accredited Release Authorities and, in some cases, for the purchase and ongoing maintenance of National Interest Datasets. Additional responsibilities required of the Australian Competition and Consumer Commission in regard to the Comprehensive Right should also be resourced.

Aside from these purposes, no additional supplementary funding appears warranted for agencies’ activities related to their data holdings as a consequence of this report.


The Australian Government should make provision, in select circumstances as approved by the funding Minister, for the National Data Custodian to pay for access or linkage to private sector datasets (recommendation 9.4).

Equally, the National Data Custodian may consider applying charges for access to National Interest Datasets where this would not be inconsistent with the public interest purpose of the National Interest Dataset.

It is expected this would not be a common occurrence, in either case.


The National Data Custodian should streamline approval processes for access to data by:

  • Issuing clear guidance to all Australian Government data custodians on their rights and responsibilities, ensuring that requests for access to data they hold are dealt with in a timely and efficient manner and are consistent with the risk management approach to be adopted by Accredited Release Authorities (ARAs).
  • Requiring that these data custodians report annually on their handling of requests for data access, including requests from ARAs.

State and Territory governments may opt in to these approaches to enable use of data for jurisdictional comparisons and cross-jurisdictional research.


The Australian Government should establish an Office of the National Data Custodian (NDC) to take overall responsibility for the implementation of data management policy, in consultation with all levels of Government.

The Office of the NDC should have responsibility for:

  • Broad oversight and ongoing monitoring of and public reporting on Australia’s national data system and the operation of the new Data Sharing and Release Act (recommendation 8.1).
  • Preliminary assessments for, and recommending designation of, National Interest Datasets (recommendation 7.1).
  • Accrediting release authorities, be party to determining a funding agreement for Accredited Release Authority (ARA) activities, and promoting cooperation between ARAs.
  • Managing complaints about ARA processes.
  • Providing practical guidance material for ARAs and data custodians on matters such as risk management, data curation and metadata, data security, data de- identification and trusted user models.
  • Advising on ethics and emerging risks and opportunities in data use.

The Office of the NDC should include a small advisory board, comprising members with technical skills related to the NDC’s activities, and a dedicated ethics adviser.

The NDC role should be filled administratively by the end of 2017 to be operational by the time that new draft legislation for data access is completed for public consultation (recommendation 10.2).


Accredited Release Authorities (ARAs) and data custodians should be required to refer suspected and actual violations of data use conditions that have system-wide implications to the National Data Custodian.

Clarification should be issued detailing how this process would interact with the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth).


The Office of the National Data Custodian should be afforded the power to require an audit of a data custodian’s de-identification processes and issue assurance of de-identification practices used.


The Australian Government should set an ambitious — but realistic — timeline for implementation of the Commission’s recommended reforms.

A set of actions in this Report can be completed in 2017, to ensure they deliver benefits to the community in the short term.

Passage of the Data Sharing and Release Act and supporting Part 2 amendments for an initial suite of National Interest Datasets should be in place by the end of 2018.

A central agency with data responsibility should actively support the progress made against the implementation plan until the Office of the National Data Custodian is legislatively established.

Once established, the National Data Custodian should assume responsibility for monitoring and evaluating the effects of the new data Framework, reporting annually on progress and with a formal evaluation after three years’ experience of the Framework’s reforms.