Date Published: 14 December 2022
Dataplace is a whole of government platform, managed by the Office of the National Data Commissioner (ONDC) on behalf of the Australian Government. The ONDC is a part of the Department of Finance.
The Department of the Prime Minister and Cabinet (PM&C) assists the ONDC in administering the Dataplace platform.
Dataplace facilitates access between organisations that want to use government data and government agencies that hold data.
Dataplace supports making a request for data from any Australian Government agency, this includes requesting data under the Data Availability and Transparency Act 2022, data sharing scheme (DATA Scheme). Dataplace also allows organisations to apply to be an accredited user or an accredited data service provider (ADSP) under the DATA Scheme.
This Data transparency statement provides information about the data collected on Dataplace, beyond personal information. If you want to understand how we manage personal information you should read the Dataplace Privacy policy, which covers how personal information is collected and managed, and is a requirement of the Privacy Act 1988.
This document is not a legal requirement, it is provided so that users of the platform can understand more broadly the data collected, why it is collected, who the data might be shared with and how it is managed. The ONDC provides this document to users of the platform to be transparent about the data management practices employed for Dataplace.
Data we collect and why
On-boarding onto the platform
Organisations need to provide information about themselves to access the platform. Dataplace also accesses information from the Australian Business Register (ABR) to help identify organisations. Data from the ABR is used to pre-fill information on Dataplace.
Dataplace uses three authentication services and the information they hold to authenticate users in order to associate individual users with an organisation:
Dataplace stores information about individuals on the platform. Individuals can view and manage their personal information in their individual profile. Organisations can view and manage information about the organisation in their organisation profile. The organisation profile can be viewed by all of the organisation’s users, but can only be updated by individuals assigned to the ‘organisation administrator’ role (see Dataplace system roles section).
Applying to be an accredited user or data service provider (under the DATA Scheme)
Organisations that wish to access Australian Government data under the DATA Scheme need to be an accredited user. Organisations that wish to provide secure access, complex data integration or de-identification data services under the DATA Scheme must be an accredited data service provider. Dataplace provides an online accreditation application service so that organisations can apply to become an accredited user or data service provider under the DATA Scheme.
We will collect information to support entities applying for accreditation under the DATA Scheme and support the accreditation authority or their delegates to make accreditation decisions.
Requesting data
When using Dataplace to make a data request, you may be asked to provide information about:
You are asked questions so that data custodians can make informed decisions about whether it is appropriate and/or safe to share data with you.
Entering into a data sharing agreement
Dataplace may be used to assist users to develop a data sharing agreement. Depending on the characteristics of the data sharing project, data custodians will ask a range of questions to determine what controls should be applied to the data sharing project (through the data sharing agreement). The questions data custodians will ask will be about:
The information about data sharing arrangements will be available to all parties to that agreement to help them manage and monitor their obligations throughout the life of the data sharing project.
When making a request for data or entering into a data sharing agreement you may be asked to provide personal information. The ONDC is bound by the Privacy Act 1988 (Cth) and a Privacy policy for Dataplace governs how personal information is managed. We encourage you to read the Privacy policy, which sets out what personal information we collect, why and how we store it, what your rights are, and how to make a complaint.
How we keep data safe
Australian Government security standards
Dataplace services have been designed in accordance with Australian Government security guidelines. Dataplace supports managing information up to the Australian Government’s Protective Security Policy Framework’s OFFICIAL: Sensitive classification. Although there may be separate elements of Dataplace that can store information to a PROTECTED classification. For example, we will store all application details for those seeking to be an accredited data service provider in a location classified to PROTECTED.
Additionally, we will:
Dataplace system roles
Dataplace has four system roles: organisation administrator, data coordinator, approving officer, and general user. These roles provide a layer of security around who can access what type of information and undertake specific tasks on Dataplace. A description of each role and the permission it has, is provided below.
General user: all individuals who access Dataplace are granted general user permissions, that is, everyone can:
This role has also been designed so that individuals’ can access information about data sharing activities (which can include personal information) that they have a role in. Having this role as a default set of permissions also reduces the administrative effort for organisations; in that they don’t have to manually assign a role to individuals in their organisation for basic tasks on Dataplace.
Organisation administrator: One or more individuals can be assigned to the organisation administrator role. This role oversees and acts as a key management of Dataplace users for the organisation. In addition to the general user permissions, the organisation administrator role can:
This role has been designed for organisations to have oversight and visibility of their data sharing activities. It provides the capability for organisation to manage their users (through assigning individuals to the different roles described here), recognising that organisations are best placed to monitor their users and ensure the right people are doing the right things on Dataplace.
Data coordinator: One or more individuals can be assigned to be a data coordinator. The role oversees the data sharing activities of the organisation. In addition to the general user permissions, the data coordinator role can also:
This role has been designed to help an organisation triage and manage data sharing activities. It has been designed with flexibility, so that it can support either centralised (e.g. a single data governance team that coordinates for the organisation) or de-centralised (many teams in business areas coordinating data sharing activities) data governance models.
Approving officer: One or more individuals can be assigned to be an approving officer. The role is a key decision maker for data sharing activities on behalf of the organisation. In addition to general user permissions, the approving officer role can also approve data sharing agreements.
DATA Scheme specific role, Authorised officer: the authorised officer role is not a Dataplace role. This role is prescribed by the Act 2022. Certain actions, such as submitting an application for accreditation and approving data sharing agreements under the DATA Scheme, can only be made by an authorised officer. It is likely that an Authorised officer will also have an Approving officer role in Dataplace.
An authorised officer, for the purposes of the DATA Scheme, must meet the requirements of section 137 of the Act.
Who we share data with
Organisation profile
Information in the organisation profile is visible to members of the organisation. It may be desirable in the future, to publish information about organisations so it is available to other Dataplace users. For example an organisation might include information about past data sharing projects which may help a data custodian make decisions about sharing data.
We will consult with platform users before we make significant changes to who has access to information in the organisation profile. If do we make changes to how information from an organisation profile is published, it is likely that they will be on the basis of being ‘opt in’.
Data sharing activities under the DATA Scheme
The National Data Commissioner may be provided information about activities undertaken on Dataplace as part of the DATA Scheme for the purpose of the Commissioner’s functions under the Data Availability and Transparency Act 2022 and where authorised by law.
When applying for accreditation under the DATA Scheme, the application form includes a section that seeks consent from the organisation to access information from third parties. Information may be sought from third parties, or we may provide and seek information from third parties to help verify information in an accreditation application, to help make accreditation decisions.
The Data Availability and Transparency Act 2022 and the Data Availability and Transparency (Consequential Amendments) Act 2022 enables national security advice to be provided to inform the accreditation of organisations under the DATA Scheme. The national security advice extends into the ongoing suitability of an organisation to remain accredited, particularly for the accreditation of users under the scheme as this accreditation does not expire.
Where additional personal information may be requested to support national security considerations under the DATA Scheme, for example to be certain of the identity of a non-Australia citizen or non-permanent resident seeking access to data, that additional personal information will only be accessible on a need-to-know basis. It will not, for example, be provided to the ONDC or the Data custodian.
Reporting to the public
Aggregated information about Australian Government data sharing activities will be published on a publicly accessible part of Dataplace. We will consult with platform users, and particularly Australian Government data custodians, as we define the content that is to be made publicly available on Dataplace. We will advise platform users if we make changes to the information we make publicly available about government data sharing activities.
Further Information
If you have a feedback or would like to talk to us about how we manage data please contact us.
Terminology
We have defined some key terms to help you understand this document.
Data custodian is an organisation that has the authority to make decisions about sharing requested data, whether alone or jointly with other entities. Data custodians on Dataplace include, but are not limited to, Commonwealth bodies defined as “data custodians” under the Act.
DATA Scheme means the Data Availability and Transparency Act 2022 as defined in the Act as the, “Act and the regulations, rules, data codes and guidelines made under it”.
Organisation means an organisation, business or entity that is a participant on Dataplace. In the Dataplace Terms of Use we refer to organisations as Participants.
Privacy Act means the Privacy Act 1988 (Cth) and includes any regulations and statutory instruments made under the Privacy Act.
Privacy policy means the policy found at the associated link as updated from time to time.
User means an individual affiliated with or authorised by the organisation, who is granted an account to access or use Dataplace.
‘We’ or ‘us’ refers to the Australian Government represented by the Office of the National Data Commissioner which is in the Department of Finance.
‘You’ or ‘your’ refers to the individual, organisation, business or entity as relevant to context.