Data Governance Australia launches Best Practice Code

Data Governance Australia (DGA), a not-for-profit association founded in 2016 in order to establish industry standards and benchmarks around the collection, use and management of data in Australia,  has announced the launch of a draft Code of Practice (the Code).

The Code aims to promote a culture of best practice as well as to drive innovation by increasing consumer confidence and trust in the data-practices of organisations. The draft Code will be released for public consultation on 21 June until 21 July 2017.

During this period, DGA will take feedback and submissions on the Code from interested stakeholders, including government, business and consumer groups. All submissions and feedback can be sent to or alternatively through the DGA website at

“Data is one of the most valuable assets in our digital economy and there are currently many untapped opportunities for innovation using data,” said Jodie Sangster, CEO of DGA.

“The ways in which organisations collect, use, manage and disclose data will continue to change rapidly with technological advancements. The Code is an initiative to increase consumer trust and drive transparency in data-handling practices. Organisations that meet the standards outlined in the Code will be able to demonstrate that consumer trust is front and centre of their business.”

“Self-regulation is the right approach in the era of rapid transformation,” she continued. “Introducing laws and regulations run the risk of stifling innovation and creating a regime that is not flexible enough to respond to the rate of change.”

Chair of DGA Board, Graeme Samuel added, “Data is held in staggering volumes across multiple platforms and consumers are demanding transparency, proving that the time is right for Data Governance Australia to introduce its Code of Practice.

“This body exists to assist businesses to thrive through innovation and to promote greater productivity while enhancing consumer trust and greater regulatory compliance.  Ensuring that businesses gain the trust of consumers is vital, as is the empowerment of the business user through the collective establishment and enforcement of responsible  data-practices.”  

About The DGA Code of Practice

The Code will contain ten core principles and extends beyond the Privacy Act in several respects by setting higher standards and most importantly does not only apply to ‘personal information’ (as defined by the Privacy Act), but may also apply to ‘data’ about consumers more broadly. These core principles are:

  1. No-harm rule
  2. Honesty & Transparency
  3. Fairness
  4. Choice
  5. Accuracy and Access
  6. Accountability
  7. Stewardship
  8. Security
  9. Enforcement

DGA is also consulting with relevant government bodies and industry stakeholders about data portability issues.  

Some other important aspects of the Code are as follows:

‘No-harm rule’ - Organisations that sign up to the Code must ensure that they do not cause harm to consumers as a result of the collection, use or disclosure of the consumer’s personal information. This goes beyond the Privacy Act as it requires organisations to consider the potential impact of their data-practices on the consumer and use best endeavours to ensure that its data-practices do not result in harm to consumers.

Community expectations – Organisations that sign up to the Code are required to consider whether, and ensure that their data- practices, are consistent with community expectations. This aspect of the Code will promote consumer trust and the ethical use of data.

Fairness – Organisations that sign up to the Code must also consider the ‘fairness’ to the consumers in the collection, use and disclosure of personal information.  In considering the ‘fairness’ of a particular data-practice, organisations will be required to take a range of factors into account, including for example, the circumstances in which the personal information was collected, the reasonable community expectations with respect to the use of personal information, and the risk of harm a particular data-practice may pose to consumers.

Enforcement – The Code will be enforced by the Code Authority, which consists of three members from consumer groups, three members from the industry and an independent chair.

A draft copy of the Code is now available for download at:

Request further information - Article