Skip to main content
  • On this page

Commencement date: 22 December 2022

Parties to the MoU

1.1 The parties to this Memorandum of Understanding (MoU) are the National Data Commissioner (the NDC) and the Australian Information Commissioner (the AIC) (together the Parties). In this MoU, the term 'Party' will mean either the NDC or the AIC, as the context allows.

1.2 The Data Availability and Transparency Act 2022 (Data Availability and Transparency Act) establishes a best practice scheme for sharing Australian Government Data (the DATA Scheme) and the independent statutory office holder of the NDC who regulates the DATA Scheme. The NDC is supported by employees of the Department of Finance, who form the Office of the National Data Commissioner (ONDC).

1.3 The Office of the Australian Information Commissioner (OAIC) is a statutory agency established under section 5 of the Australian Information Commissioner Act 2010 (Cth) (AIC Act), responsible for regulating privacy law and freedom of information law. The OAIC is led by the AIC who is appointed by the Governor-General under section 14 of the AIC Act.

1.4 Each Party acknowledges that carrying out its respective roles will require effective consultation and cooperation with the other Party. Each Party is committed to ensuring such consultation and cooperation occurs.

Purpose and function of the MoU

2.1 This MoU states the mutual understanding of, and principles that underpin, the working relationship between the Parties.

2.2 The purpose of this MoU is to:

  1. facilitate effective consultation and cooperation between the Parties in the performance of their respective statutory functions and objectives;
  2. provide transparency about the Parties' efforts to coordinate activities and enhance efficiency within the limitations placed on each Party by law;
  3. recognise the need to commit to the timely development of further specific processes and procedures related to the matters set out in this MoU;
  4. allow for the exchange of relevant information and documents to the extent permitted by relevant legislation.

2.3 The Parties recognise the need for, and will use best efforts to give effect to, these purposes through active collaboration and cooperation, and the ability of both Parties to effectively discharge their respective statutory functions and objectives.

Scope

3.1 The Data Availability and Transparency Act establishes the DATA Scheme to facilitate and regulate the sharing of Australian Government data for the delivery of government services, informing government policy and programs, and for research and development. The DATA Scheme enables the sharing of public sector data (including personal information) consistently with the Privacy Act 1988 (Privacy Act), in addition to promoting better availability of public sector data and enhancing the integrity and transparency in the sharing of public sector data. The Data Availability and Transparency Act provides additional privacy protections for sharing personal information, and interacts with the Privacy Act. The NDC may make inquiries or transfer complaints or other matters relating to personal information to the AIC.

3.2 In addition, the Data Availability and Transparency (Consequential Amendments) Act 2022, amends the Privacy Act to support the operation of the Data Availability and Transparency Act. These amendments enable the AIC to share certain information or documents (including personal information) with the NDC in particular circumstances related to the DATA Scheme.

3.3 This MoU concerns the exchange of information that either Party may gather in relation to their respective statutory responsibilities, functions and powers concerning privacy protections for individuals and the DATA Scheme.

3.4 This MoU does not create any enforceable rights or impose any legally binding obligations on either Party.

3.5 The MoU is not intended to be exhaustive in the subject matters within its scope. The Parties may enter into any other arrangements for cooperation and collaboration to the full extent permitted by the law.

3.6 Nothing in this MoU affects the exercise of the legislative functions, powers or responsibilities of either Party.

Development of processes and protocols

4.1 The Parties commit to cooperate to develop appropriate processes and protocols to undertake their respective work under this MoU, with a view to ensuring the Parties will be able to work effectively together. The processes and protocols may cover matters including:

  1. the nature and extent of consultation and collaboration expected between the Parties;
  2. liaison between the Parties, including liaison between staff and office holders; and
  3. information exchanges to facilitate the Parties' functions under their respective legislation.

4.2 Processes and protocols developed may be attached to this MoU.

Sharing of information

5.1 The Parties may share information in support of their respective statutory functions and objectives to the extent permitted by law, at the providing Party's discretion.

5.2 New requests for information between the Parties should initially be made in writing via the liaison contact officers identified at Appendix A.

Sharing information by the NDC/ONDC

5.3 The NDC and authorised ONDC staff may disclose information or a document to the AIC in accordance with section 108 of the Data Availability and Transparency Act.

5.4 Under section 108 of the Data Availability and Transparency Act, the NDC and ONDC is authorised to receive information or a document disclosed by the AIC for the purposes of assisting the NDC or ONDC with performing their functions or exercising their powers.

Sharing information by the AIC/OAIC

5.5 To the extent permitted by law, the OAIC may share information to assist the ONDC in the performance of their duties or functions, or the exercise of powers on matters of shared interest as intended by this MoU.

5.6 Subject to section 29 of the AIC Act, section 36B of the Privacy Act provides that the AIC may, at its discretion, share information and documents with the NDC about complaints relating to the DATA Scheme, whether or not the AIC is transferring the complaint, or part of the complaint, to the NDC.

5.7 Subject to section 29 of the AIC Act, section 37(5A) of the Data Availability and Transparency Act provides that the AIC may, at its discretion, provide a copy of a statement given to the AIC under s 26WK of the Privacy Act about an eligible data breach, if the matters dealt with in the statement are relevant to the NDC's functions.

Confidentiality

6.1 The Parties will ensure that requests for exchange, and the provision, of information between them accord with the exercise of their respective powers and functions including compliance with:

  • the authorised disclosure provisions under their respective enabling legislation; and
  • other applicable laws including the Privacy Act.

6.2 A recipient agency will take all reasonable measures to protect all information received under this MoU from unauthorised use or disclosure. It will keep the information secure and confidential in accordance with all applicable statutory obligations on either agency or both agencies (as advised by the providing agency).

6.3 If the recipient agency intends to disclose information received under this MoU to any third-party government agency, it will give the providing agency an opportunity to make any submissions on the matter to the recipient agency, as early as practicable and prior to any such disclosure.

6.4 If information provided under this MoU becomes the subject of a subpoena, freedom of information request, or other legal demand for access, the recipient agency will notify the providing agency and endeavour to ensure the providing agency has sufficient time to advise on any intended action relating to the release, disclosure, publication or production of such information.

6.5 If information provided under this MoU becomes the subject of any inadvertent or unauthorised disclosure, the recipient agency will as soon as practicable notify the providing agency of the details, in addition to any legal obligations the recipient agency may have in relation to the matter.

Liaison

7.1 The Parties will hold regular liaison meetings and establish direct lines of communication to fulfil the purposes of this MoU.

7.2 The liaison contact officers and senior officers (with overall responsibility for managing the MoU relationship) at the time of signing the MoU are listed at Appendix A.

7.3 Each Party may change its liaison contact officer or senior officer, as necessary, by written notice provided to the other Party.

7.4 Initial contact on new issues should be via the liaison officers and ongoing contact should include the liaison officer to facilitate consistency across the engagement.

7.5 The Parties will liaise as necessary to progress matters of mutual interest, to improve the efficiency and effectiveness of information sharing allowed by law.

7.6 The Parties agree that, where appropriate and timetables allow, they may discuss with each other publication and stakeholder communication on key matters of mutual interest.

Collaboration

8.1 The areas of collaboration and information exchange under this MoU include, but are not limited to, mutual assistance, joint action and/or exchange of information concerning:

  • the NDC's powers and functions under the Data Availability and Transparency Act and other legislation it is responsible for administering, where those powers and functions relate to the protection of the privacy of individuals; and
  • AIC's powers and functions under the AIC Act, and (relevantly) the Privacy Act, as well as other related legislation, regulations and guidelines, where those powers and functions relate to the DATA Scheme.

Conflict of interest

9.1 The Parties acknowledge they must conduct their respective functions in an independent and proper manner, and the integrity of decision-making must be maintained whilst collaborating under this MoU.

9.2 Each Party must promptly notify the other Party where a real, perceived or potential conflict of interest arises or may arise out of performance of its obligations under this MoU. In such circumstances, either Party may decline to undertake an activity that gives rise to a conflict of interest actual or perceived. In that case, where possible, the Parties will negotiate in good faith regarding an alternative activity or a reduction in that particular activity in order to mitigate and manage the conflict as appropriate to the situation.

9.3 The Parties also note that the AIC is an ex-officio member of the National Data Advisory Council, as required under the Data Availability and Transparency Act. The Council has the function of advising the NDC on certain matters relating to the use and access of public sector data, separate to the regulation of the DATA Scheme.

Review and amendment of MoU

10.1 The Parties will monitor the operation of the MoU and review it annually, or sooner if either Party requests. Any term of this MoU may be amended at any time with the mutual written consent of each Party.

10.2 For avoidance of doubt, processes and protocols developed under clause 4.2 may be amended at any time with the mutual written consent of each Party.

Termination of MoU

11.1 Either Party may terminate this MoU by giving at least 30 days' written notice to the other Party. The termination will take effect 30 days after the notice is sent, unless otherwise agreed, in writing, between the Parties.

Costs

12.1 Each Party agrees to bear its own costs in performing its functions under this MoU.

Publication of MoU

13.1 The Parties agree this MoU may be publicised as each Party considers appropriate, including by placing it on the Party's website.

Signatories


Gayle Milnes

National Data Commissioner

[Signature]
Date: 24 November 2022

Angelene Falk

Australian Information Commissioner and Privacy Commissioner

[Signature]
Date: 22 December 2022