Related guidance
- Designated individuals
- How to add an authorised officer into a role in Dataplace
- What actions the authorised officer role allows in Dataplace
Overview
Certain actions under the DATA Scheme can only be taken by authorised officers and authorised individuals. The actions of authorised officers and authorised individuals are typically key decisions about participation in the DATA Scheme.
Authorised officers who are heads of entities can take actions by virtue of their role. Other individuals must be appointed through a written instrument to act as authorised officers to perform specific tasks e.g. a Chief Data Officer. The actions which can be taken under the DATA Scheme depend on the type of authorisation the person holds.
Key terminology
The head of a Scheme entity
Every Scheme entity automatically has an authorised officer who is the head of their entity. These individuals are given the broadest scope of actions which can be taken under the DATA Scheme, including the ability to appoint other individuals to act as an authorised officer, or authorised individual.
Appointed authorised officers
The head of a Scheme entity may appoint certain individuals, by written instrument, to be an authorised officer of the Scheme entity. Appointed authorised officers can undertake all the actions of the head of the Scheme entity, except for appointing others as authorised officers or authorised individuals.
Authorised individuals
The head of a Scheme entity may appoint certain individuals, by written instrument, to be an authorised individual. Authorised individuals can perform certain actions on behalf of the Scheme entity. There are two types of authorised individuals, each of which enables the appointee to take different actions. These include:
Category A – authorised individuals, which are authorised to enter into variations to data sharing agreements for the entity but cannot enter into a data sharing agreement when it is first established.
Category B – authorised individuals, which are a type of appointment only available to Commonwealth Departments, Commonwealth Executive Agencies and Commonwealth Statutory Agencies. They are not available to other types of Commonwealth entities, State and Territory government bodies, or Australian Universities. They can be authorised to enter into and vary data sharing agreements and make decisions regarding the risk of harm caused by a proposed data integration project.
Designated Individuals
The role of a designated individual in the DATA Scheme is different to that of authorised officers and authorised individuals, although it is possible for an individual to operate in more than one role. Designated individuals can undertake actions under the DATA Scheme which do not require the authorisation of an authorised officer or authorised individual, e.g. annual reporting requirements. Designated individuals may also be included in a data sharing agreement, enabling them to access and use DATA Scheme data. The scope of an individual's designation will depend on the duties of the individuals' role. For further information see Designated Individuals.
Taking actions under the DATA Scheme
The types of actions taken by authorised officers or authorised individuals of a Scheme entity will depend on the type of role they have been appointed to under the Data Availability and Transparency Act 2022 (the Act) e.g. an application for accreditation can only be made by an authorised officer on behalf of the entity.
Authorised officers and authorised individuals must be authorised to do all the activities which come with the type of role as identified in the table below e.g. a Chief Data Officer cannot be appointed as a Category B – authorised individual only for the purpose of entering or varying a data sharing agreement. If they were appointed to this role, they would also be authorised to decide that the risk of substantial harm caused by a proposed data integration project is low.
Table 1: Types of actions and authorisations
| Type of Action | Head of the Scheme Entity (s 137(1) of the Act) | Appointed Authorised Officer (s 137(2) of the Act) | Category A Authorised Individual (s 137(3) of the Act) | Category B Authorised Individual (s 137(4) of the Act - Specific Commonwealth entities only) |
|---|---|---|---|---|
| Appoint an authorised officer or authorise an individual to do certain things | Yes | No | No | No |
| Enter into data sharing agreements | Yes | Yes | No | Yes |
| Enter into variations to data sharing agreements | Yes | Yes | Yes | Yes |
| Decide that the risk of substantial harm caused by a proposed data integration project is low | Yes | Yes | No | Yes |
| Make an application for accreditation | Yes | Yes | No | No |
| Request cancellation of an entity's accreditation | Yes | Yes | No | No |
| Provide authority to share data in a data sharing project where there is more than one data custodian | Yes | Yes | No | No |
The Head of Scheme entities and making appointments
This section provides information for each type of scheme entity, including:
- who is considered the head of each type of entity
- the types of appointments which can be made, and
- who can be appointed as an authorised officer or authorised individual.
It’s important to note that only individuals can be authorised officers or authorised individuals. A committee or governance body cannot be appointed into one of these roles. Where a particular person is appointed as an authorised officer or authorised individual, it’s also important to consider that a new instrument will be required if a new person commences in the same role. As such, we recommend that an authorisation instrument identify a class of individuals (including those acting in that class) or a particular position, e.g. a Chief Data Officer.
Example 1: A Commonwealth Government body appoints an authorised officer and multiple authorised individuals The Head of a Commonwealth Government body is seeking to empower their staff to take certain actions under the DATA Scheme. The Head of the entity chooses to appoint by written instrument, the following individuals and roles:
In this scenario, both appointments are allowed under the DATA Scheme as they relate to a role, or a class of individuals. By appointing the role of CDO as an authorised officer, a new instrument is not required if the individual holding the role of CDO changes. If the CDO is also an SES Band 2 employee, the Category B - authorised individual appointment does not limit actions the CDO can take in their role as an appointed authorised officer. |
Australian Universities
The head of a Scheme entity
The below table sets out who is considered the head of each type of Scheme entity.
| Type of Scheme Entity | Head of Entity |
|---|---|
| A body corporate which does not fall within another category of entity (e.g. an Australian University) |
|
Who the Head of an entity can appoint and the type of appointments
The below table sets out the types of appointments which can be made, and who can be appointed to them.
| Type of Scheme Entity | Type of Appointment | Appointee |
|---|---|---|
| A body corporate not covered above |
| An employee of the entity |
Example 2: An Australian University appoints two authorised officers The Vice-Chancellor of an Australian university is seeking to empower their staff to take certain actions under the DATA Scheme. The Vice-Chancellor of the university chooses to appoint by written instrument, the following individuals and roles:
In this scenario, both appointments are allowed under the DATA Scheme as they relate to a role, or a class of individuals. |
State and Territory government bodies
The head of a Scheme entity
The below table sets out who is considered the head of each type of Scheme entity.
| Type of Scheme Entity | Head of Entity |
|---|---|
| A State body or Territory body that is the holder of a statutory office |
|
| A State body or Territory body (e.g. a department, agency or directorate) |
|
| A body corporate not covered above |
|
| A body politic not covered above |
|
Who the Head of an entity can appoint and the type of appointments
The below table sets out the types of appointments which can be made, and who can be appointed to them.
| Type of Scheme Entity | Type of Appointment | Appointee |
|---|---|---|
| A State body or Territory body that is the holder of a statutory office |
| An individual |
| A State body or Territory body other than the holder of a statutory office |
| An individual |
| A body corporate not covered above |
| An employee of the entity |
| A body politic not covered above |
| An individual |
Commonwealth government bodies
The head of a Scheme entity
The below table sets out who is considered the head of each type of Scheme entity.
| Type of Scheme Entity | Head of Entity |
|---|---|
| Commonwealth Department (e.g. Department of Finance) |
|
| Commonwealth Executive Agency (e.g. Australian Financial Security Authority, Bureau of Meteorology) |
|
| Commonwealth Statutory Agency (e.g. Australian Public Service Commissioner) |
|
| Corporate Commonwealth Entity (e.g. Australian Institute of Health and Welfare, Australian Commission on Safety and Quality in Health Care) |
|
| Commonwealth Company (e.g. Snowy Hydro Limited, NBN Co. Limited) |
|
| A person who is prescribed authority within the meaning of paragraph (c) or (d) of the definition in subsection 4(1) of the Freedom of Information Act 1982 (FOI Act) and not already covered above |
|
Who the Head of an entity can appoint and the type of appointments
The below table sets out the types of appointments which can be made, and who can be appointed to them.
Drafting an instrument of authorisation
To be an effective authorisation, the written authorisation instrument should clearly specify all of the following:
The person making the instrument – this must be the head of the Scheme entity.
Note: A person who is appointed as an authorised officer or individual may not delegate any part of this role to another individual or authorise another individual to perform the role on their behalf.
The type of appointment and legislative authority for making the appointment – the type of appointment must align with the type of Scheme entity:
- section 137(2) of the Act for appointed authorised officers,
- section 137(3) of the Act for category A – authorised individuals, or
- section 137(4) of the Act for category B – authorised individuals.
The individual(s) to whom the authorisation applies, this may include:
the name of the individual
a single role, e.g. the Chief Data Officer
a class of individuals performing in particular offices or positions, e.g. SES officers
a class of individuals acting in particular offices or positions.
Once the instrument is in place
Entities should retain the original of all authorisation instruments. We recommend using Dataplace as a central location to store your authorisation instruments. This ensures that you have a centralised record of all instruments and reduces the likelihood the Office of the National Data Commissioner will need to request a copy when you make an accreditation application or submit a data sharing agreement for registration.
You can read more about this on Dataplace, including how to upload your written instrument, how to add an authorised officer into a role and what that role allows them to do in Dataplace. If the authorisation instrument appoints an authorised officer, you’ll need to do this for key activities e.g. making an application for accreditation.
A DATA Scheme authorisation instrument is not a notifiable instrument. As such, it does not need to be registered on the federal register of legislation.
Authorisation Templates
See below for templates which you can use to inform drafting of a written instrument for a Scheme entity.
Guidance note 2025:1
Last updated: 14 January 2025