Undertakings and declarations

Responsible use of ABS microdata

Responsible Officer undertaking, Individual undertaking, DataLab declaration of compliance, and consequences of non-compliance with undertakings

Released
8/11/2021

You are bound by your microdata undertaking, whether it is signed by your organisation’s Responsible Officer on your behalf or you sign it yourself, so it is important that you read and understand it.

Undertakings are not required for access to TableBuilder.

Responsible Officer undertaking

 \(\Huge 🗎\) Responsible Officer undertaking (U15)

To enable access to microdata: 

  • each organisation's Responsible Officer must submit a legally binding microdata undertaking to the ABS
  • the Undertaking covers all members of the organisation
  • the ABS may require the Responsible Officer to re-sign the Undertaking periodically

Send the completed Responsible Officer Undertaking to microdata.access@abs.gov.au.

The obligations are detailed in full in the Responsible Officer undertaking. In summary, the Responsible Officer agrees that all microdata users in their organisation will:

  • only use the information for statistical or research purposes
  • not attempt to identify persons or organisations to which the information relates
  • not attempt to avoid, override or otherwise circumvent the controls put in place by the ABS
  • not attempt to match the information with any other list, database or repository of persons or organisations
  • not provide microdata to anyone without ABS approval

Who can be a Responsible Officer

The Responsible Officer is usually the CEO or equivalent for the organisation.

  • For Universities: a Vice-Chancellor, Deputy Vice-Chancellor, Pro Vice-Chancellor or University Registrar.
  • For Government Departments: Statutory Head, Secretary of Department, Head of Agency or equivalent, as agreed with the ABS.
  • For all other organisations: a person who has the same legal responsibility for the actions of the entity as a Departmental Secretary does for a Government Department. This will usually be someone with the status of CEO, Company Secretary or Managing Director.

Alternatively, the Responsible Officer may be another person in your organisation with a suitable delegation. Should an organisation wish to delegate the role of Responsible Officer to an alternative level this delegation must be provided to the ABS in writing. The delegation must come from an appropriate level, as outlined above.

For example, if a government department would like to delegate the role of responsible officer to its' Chief Data Officer, it would be appropriate for the Secretary of the Department to write to the ABS to outline their delegation (email is sufficient).

The ABS withholds the right to refuse a delegation to a lower level of an organisation. A Responsible Officer who has had the role delegated to them will be subject to the same rules, regulations and consequences of breach as any other Responsible Officer.

Why the ABS requires a Responsible Officer

ABS legislation requires that the Responsible Officer for an organisation must submit a microdata undertaking before microdata access can be granted by ABS. The Responsible Officer is legally accountable for use of microdata by their organisation.

Organisations also need to nominate Contact Officers to liaise with the ABS about microdata matters.

Individual undertaking

    \(\Huge 🗎\) Individual undertaking (U15I)

    You need to sign an Individual Undertaking before accessing microdata in the DataLab. The ABS will let you know if an Individual undertaking or other documentation is required under any other circumstances.

    The obligations are detailed in full in the Individual undertaking. In summary, you are agreeing that you will:

    • only use the information for statistical or research purposes
    • not attempt to identify persons or organisations to which the information relates
    • not attempt to avoid, override or otherwise circumvent the controls put in place by the ABS
    • not attempt to match the information with any other list, database or repository of persons or organisations
    • not provide microdata to anyone without ABS approval

    DataLab forms

    \(\Huge 🗎\) DataLab declaration of compliance (U15S1)

    A DataLab declaration of compliance is required to be signed by each user prior to accessing the DataLab. By signing the Declaration of compliance you agree to comply with the requirements for accessing microdata through the DataLab, including the requirements of the Responsible Officer undertaking and the Individual undertaking.

    You may also need a DataLab referral (please email data.services@abs.gov.au for this form). Less experienced researchers must be supervised by another researcher on the same project.

    We may request that you also sign other forms for accessing particular datasets, which we will send to you if they are required.

    Consequences of non-compliance with an undertaking

    Responsible Officers sign an Undertaking on behalf of the users within their organisation in order to access microdata. Users may also be required to sign an Individual Undertaking. As a microdata user, you must comply with the requirements for accessing microdata as outlined in the Responsible Officer Undertaking and Individual Undertaking for microdata access.

    Where a person is suspected to have breached a microdata undertaking the ABS will investigate and may: 

    • immediately suspend their access to all microdata
    • inform the organisation's Contact and Responsible Officers that an investigation is underway
    • require that they surrender all microdata in their possession to their organisation's Contact Officer or to the ABS

    Following the investigation and depending on the nature of the breach, the ABS may require the development and implementation of strategies to:

    • restrict or overcome the consequences of the breach
    • ensure no repetition of the breach

    Depending on the success of these strategies and the severity of the breach, the ABS may:

    • reactivate the suspended access
    • extend suspension temporarily or permanently
    • suspend or terminate access for the organisation as a whole


    The ABS may also invoke Subsection 19 (3) of the Census and Statistics Act 1905 which provides that a person who fails to comply with an undertaking given by that person in respect of microdata is guilty of an indictable offence, punishable on conviction by a fine of 120 penalty units ($37,560 as at 1 July 2023) or imprisonment for two years, or both.

    While ABS must treat breaches of the microdata undertakings very seriously we would much rather help you and your organisation avoid the possibility of a breach. If at any time, you are unsure about your or your organisation's compliance with a microdata undertaking contact data.services@abs.gov.au so we can discuss the circumstances.

    Back to top of the page