Undertakings and Conditions of use

DataLab

Undertakings, and systems conditions of use (DataLab and myDATA)

Released

20/07/2022

Release date and time

20/07/2022 11:30am AEST

DataLab Undertakings and Declarations

The following forms are mandatory and play an important role in both the DataLab onboarding process, as well as ensuring compliance obligations are met.

Below is a summary of each Undertaking and Declaration which must be completed prior to accessing data in the DataLab.

These forms are available in myDATA once DataLab safe researcher training has been completed. The DataLab Responsible Officer Undertaking is provided separately upon request.

All forms can be signed electronically, and are to be returned upon completion via scanned copy to mydataportal@abs.gov.au.

The ABS will advise if any other forms are required under any other circumstances.

DataLab Responsible Officer Undertaking

Form	DataLab Responsible Officer Undertaking
Purpose of Undertaking	This Undertaking commits an organisation, through a senior authorised officer, to comply with ABS legal and security requirements for accessing data in DataLab. Its purpose is to: Enable the ABS to disclose microdata to an organisation for statistical and research purposes only, in line with the Census and Statistics Act 1905 and the Information Release and Access Determination 2018 Make the organisation legally accountable for the appropriate use and protection of the data Confirm that the organisation will ensure all individuals with access understand and comply with ABS conditions Set clear consequences for non‑compliance, including withdrawal of access and potential legal penalties By signing, the Responsible Officer legally binds the organisation to uphold privacy, confidentiality, security, and responsible data use standards set by the ABS.
Conditions and Responsibilities	By signing this Undertaking, the Responsible Officer legally commits any approved researchers to the following conditions and responsibilities when accessing ABS data: Use the information solely for approved statistical and research purposes, not for compliance or regulatory activities Ensure the organisation and its staff do not attempt to identify individuals or organisations represented in the data Not share the information outside of those approved on the DataLab project Ensure only authorised individuals access approved data and that individuals provide Undertakings as required by the ABS Maintain appropriate physical, technological, and supervisory controls and not bypass ABS security or access controls Not match or link the data with other datasets unless explicitly approved by the ABS Access only the data approved by the ABS and only for the stated purpose in the specific project objectives Immediately notify the ABS of any suspected data breach or unauthorised access and cooperate fully in incident management Not release outputs containing individual statistical records without written ABS approval Promptly inform the ABS if authorised individuals change roles, leave the organisation, or no longer require access Permit ABS audits and inspections to verify compliance Acknowledge that breaches may constitute a criminal offence, and may result in individuals or the organisation being permanently banned from DataLab
Signatory Requirements and Execution Process (email completed form to mydataportal@abs.gov.au)	What is a Responsible Officer? For the purposes of the Census and Statistics (Information Release and Access) Determination 2018, a Responsible Officer means, in relation to an organisation, an Officer of the organisation acting within the scope of authority exercisable by the Officer, in accordance with arrangements approved by the organisation. Whether an Officer of an organisation is a Responsible Officer will therefore depend on the approved arrangements of the particular organisation, but may include: For Universities: a Vice-Chancellor, Deputy Vice-Chancellor, Pro Vice-Chancellor or University Registrar. For Government Departments or agencies: Statutory Head, Secretary of Department, Head of Agency or equivalent, as agreed with the ABS. For all other organisations: a person who has the equivalent level of legal responsibility for the actions of the organisation as a Department Secretary does for a Government department. This will usually be someone with the status of CEO, Company Secretary or Managing Director. Alternatively, the Responsible Officer may be another person in your organisation with a suitable delegation. Should an organisation wish to delegate the role of Responsible Officer to an alternative level this delegation must be provided to the ABS in writing. The delegation must come from an appropriate level, as outlined above. For example, if a government department would like to delegate the role of Responsible Officer to its' Chief Data Officer, it would be appropriate for the Secretary of the Department to write to the ABS to outline their delegation (email is sufficient). The ABS withholds the right to refuse a delegation to a lower level of an organisation. A Responsible Officer who has had the role delegated to them will be subject to the same rules, regulations and consequences of breach as any other Responsible Officer. What if the Responsible Officer leaves the organisation? As long as the Responsible Officer is acting within the scope of authority exercisable by them, by signing the Undertaking, they bind the organisation to comply with the conditions of the Undertaking. The obligations of the organisation then continue if that Responsible Officer leaves the organisation. It follows that there is no requirement to sign a new Undertaking in such circumstances.

Individual Undertaking

Form	Individual Undertaking
Purpose of Undertaking	This Undertaking is a legally binding agreement that allows the ABS to disclose data to approved individuals for statistical and research purposes only. Its purpose is to ensure compliance with the Census and Statistics Act 1905 and the Information Release and Access Determination 2018 by: Protecting privacy and preventing identification of individuals or organisations Restricting data use to approved researchers, research and statistical purposes Setting clear conditions for access, security, use, disclosure, and handling of the data Confirming ABS oversight, monitoring, and enforcement powers Making users aware of legal consequences for misuse or non‑compliance
Conditions and Responsibilities	By signing this form, the individual formally accepts legal responsibility for using data appropriately and securely, and agrees to the following key conditions and responsibilities: Use ABS integrated and detailed microdata strictly for approved statistical and research purposes only, not for compliance or regulatory activities Not attempt to identify persons or organisations to which the information relates Access only the data explicitly approved by the ABS and follow all access controls and security measures Not attempt to match the information with any other list, database or repository of persons or organisations Not provide any data to anyone without prior written ABS approval, including releasing outputs that have not been cleared Not attempt to avoid, override or otherwise circumvent the controls put in place by the ABS, and report any suspected data or procedural breaches immediately Inform the ABS promptly if access is no longer required or organisational circumstances change Acknowledge that breaches may constitute a criminal offence and can result in loss of access, refusal of future access, and legal penalties including fines or imprisonment
Signatory Requirements and Execution Process (email completed form to mydataportal@abs.gov.au)	Signed and dated by the individual, and witnessed by a responsible adult.

Declaration of Compliance

Form	Declaration of Compliance
Purpose of Undertaking	This form formally confirms that an individual is eligible for, and agrees to, data access and system use requirements. Its purpose is to ensure researchers: understand and commit to complying with ABS rules for securely accessing and using data protect confidentiality maintaining data integrity and accept monitoring, audit, and enforcement arrangements
Conditions and Responsibilities	By signing this Declaration, the individual agrees to: Follow all ABS instructions, protocols, audits, and any current or future conditions related to DataLab access Protect screens from others when using DataLab, keep login details secure, use approved devices, and access DataLab only via secure internet connections Not to remove, copy, record, or capture any DataLab information unless it has been formally cleared and released by ABS Avoid attempting to identify individuals or organisations and not link DataLab microdata with other datasets unless explicitly authorised by ABS Access DataLab only from Australia unless explicit ABS approval is granted, and comply with additional security and travel requirements if approved for overseas access Immediately inform the ABS of any changes in role, organisation, location, travel, access restrictions, or risks of identifying individuals They have the appropriate skills and required experience to access DataLab Acknowledge that all DataLab sessions are monitored and audited for compliance Agrees the ABS may publish the researcher’s name, organisation, DataLab project details, data accessed, and links to related publications on its website Understand that failure to comply can result in loss of DataLab access for the individual and/or their organisation
Signatory Requirements and Execution Process (email completed form to mydataportal@abs.gov.au)	Signed and dated by the individual, noting question 10 must be answered for the form to be valid. By answering this question, you confirm you have the relevant statistical experience required to access DataLab (if accessing as an analyst). Requirements to become an approved researcher has more information on researcher requirements. A statement of support must be provided where applicable.

DataLab Statement of Support

Form	DataLab Statement of Support
Purpose of Undertaking	This form performs various functions, including: Provides formal assurance to the ABS that a researcher is suitable to access data and ABS DataLab in cases where additional assurance, justification, endorsement, or risk assessment is required Enables a senior supporting officer to confirm the researcher’s capability, integrity, supervision, and organisational support, and to address specific circumstances such as: limited statistical experience academic status overseas access or affiliation or where ABS‑requested character or capability checks This form supports appropriate governance and compliance for DataLab access in the following circumstances: where a researcher does not meet standard statistical experience requirements but is seeking analyst access where an academic is applying under eligible university or affiliated arrangements where DataLab access is requested from an overseas location or involves an overseas affiliation where the ABS requires formal assurance of a researcher’s character, experience, or suitability to work with detailed microdata
Conditions and Responsibilities	Under the DataLab Statement of Support, the following conditions and responsibilities apply: Requirement to provide assurance: The form must be completed when a researcher does not meet standard eligibility criteria, has overseas access or affiliation, is an academic applicant, or when the ABS requests additional assurance Accuracy of information: All information provided must be true and correct to the best of the supporting officer’s knowledge Oversight responsibility: The supporting officer accepts responsibility for ongoing supervision, oversight, and organisational support for the researcher’s DataLab access. Less experienced researchers must be supervised by another researcher on the same project Confirmation of capability: The form must demonstrate the researcher’s skills, experience, supervision arrangements, and ability to manage sensitive microdata securely and responsibly Security and risk assurance: Where applicable (e.g. overseas access or affiliation), the supporting officer must confirm security arrangements and risk considerations have been reviewed Organisational support: Confirms the organisation or institution supports the researcher’s access and use of DataLab for the approved project Awareness of ABS conditions: Both the researcher and supporting officer acknowledge the ABS conditions of access and the consequences of misuse or non-compliance This form reinforces accountability by linking DataLab access to senior oversight and explicit institutional responsibility.
Signatory Requirements and Execution Process (email completed form to mydataportal@abs.gov.au)	Signed and dated by a suitably senior supporting officer, who must endorse the researcher’s application, confirming their capability, integrity, and suitability to access ABS microdata.

Conditions of Use for Data in DataLab

Form	Conditions of Use for Data in DataLab
Purpose of Undertaking	This form sets out the operational conditions that apply specifically to the data. Its purpose is to ensure that all use of data: Complies with the Census and Statistics Act 1905 Is limited to approved research and statistical purposes only Protects the interests and operational requirements of the data custodians Ensures ABS and custodian oversight of data use, publication, and dissemination Maintains appropriate governance, confidentiality, and data integrity
Conditions and Responsibilities	By signing this form, researchers formally acknowledge their data access responsibilities. Key responsibilities include: All communication with data custodians must be managed through the ABS, not directly by researchers Permitted use only: Data may be used solely for approved research or statistical purposes as outlined in the project proposal approved Contextual disclosure: Any discussion of data limitations must be framed for research or statistical use and not imply impact on custodians’ operational functions Publication review: All intended publications or presentations using DataLab data must be submitted to the ABS at least two weeks before release for review Post‑release submission: Final published or disseminated outputs must be provided to the ABS after release Attribution and transparency: Outputs must properly reference the data source, describe any data transformations, and include the required DataLab disclaimer Ongoing compliance: Researchers must comply with any additional requirements issued by the ABS over time
Signatory Requirements and Execution Process (email completed form to mydataportal@abs.gov.au)	Signed and dated by the individual.

DataLab system conditions of use

By accessing and using DataLab, you agree to abide by the Australian Bureau of Statistics (ABS) requirements and obligations, including the conditions outlined below. If you cannot abide by these conditions, your use of the system is to cease immediately.

By using DataLab, I agree:

To adhere to all access, usage, security and other procedural guidelines within DataLab as directed by the ABS. Including those provided in the Undertaking by the Responsible Officer of an Organisation, Undertaking by an Individual, Declaration of Compliance, and other directions provided to me.
To take all necessary measures to protect the security of DataLab and the data held within, by safeguarding my access credentials and promptly notifying the ABS of any security incidents or procedural failures.     
To adhere, where applicable, to ABS system constraints.    
To the possibility that the ABS may discuss my registration and access with the administering organisation, who have the authority to remove my access.   
To comply with the ABS conditions of sale.
To use and operate DataLab in compliance with the relevant operating manuals and documentation.   
To not remove or attempt to remove content from DataLab by any means, including extracting or copying material by screen capture, handwritten notes, or transcription, without obtaining written approval from the ABS.   
To only virtually screen share using DataLab LabLink and only with approved users on the same project.
To uphold the integrity of ABS intellectual property by not removing, obscuring, or altering any ABS attributions, including logos, legal notices, or other labels visible in DataLab.   
To not attempt to load code, software or applications without seeking the appropriate authorisation from the ABS.    
To cooperate with any audit or investigation initiated by the ABS or administering organisation that pertains to any matter concerning the DataLab.
Delete or destroy data when requested to do so by the ABS.

I acknowledge that:   

My use of DataLab may be audited by the ABS.   
DataLab is authorised for use only within Australia unless prior written authorisation has been provided by the ABS.    
A breach of these conditions may result in sanctions which may include, but are not limited to, the ABS revoking my access to DataLab permanently or for a set period.   
The ABS will not provide guidance on how to conduct data analysis, modelling or how to utilise the statistical tools available.    
Features and functionality of DataLab may undergo necessary changes or upgrades without user consultation.   
The ABS does not guarantee, or accept any legal liability arising from, or connected to the use of material connected within, or derived from DataLab.

Expected behaviours: 

Comply with the protocols and instructions of the ABS.    
Access only the data I have been approved to access. and notify the ABS if you think you have access to data you shouldn't
Not attempt to avoid, override, or bypass the system or procedures.   
Maintain data confidentiality when submitting outputs for review.   
Request output clearance through the ABS DataLab Clearance procedure in all instances.   
Notify the ABS of any suspected activities that may impact the security of DataLab.

Remote access:

Remote access within Australia is permitted under the following conditions:      

DataLab must only be accessed from a work or private location.    
A secure internet connection must be used.
- A secure internet connection means any wired or Wi-Fi connection that is password protected (e.g., work, home, your hotel room, hotspotting from your phone).
- A non-secure internet connection means an open or public connection (e.g., a restaurant/cafe, airport, public transport, hotel lobby or shopping centre).  
Overseas access to DataLab is not permitted unless approved by the ABS.    
Do not use any type of internal messaging system, do not screen share unless using ABS LabLink and do not transcribe any data from the DataLab prior to output clearance

myDATA system conditions of use

Please refer to the conditions here for myDATA which are applicable to all users registered in My Data Approvals to Access (myDATA) for access to DataLab projects.

Consequences of non-compliance with an Undertaking or DataLab conditions of use

Responsible Officers - you sign an Undertaking on behalf of the users within their organisation in order to access the data held within DataLab. As an integrated data and microdata user, you must comply with the requirements for accessing this data as outlined in the Responsible Officer Undertaking and Individual Undertaking for microdata access.

Approved researchers - you have signed appropriate documentation agreeing to comply with data access provisions under relevant legislation, whenever you access integrated data and detailed microdata in DataLab.

If you suspect that you or others in your team may have failed to comply with an Undertaking or conditions of use, immediately cease the behaviour, notify the lead researcher and email mydataportal@abs.gov.au as soon as possible.

Where a person is suspected to have breached an Undertaking or conditions of use, the ABS will investigate and may:

immediately suspend their access to DataLab
inform the organisation's Contact and Responsible Officers that an investigation is underway
require that they surrender all microdata in their possession to their organisation's Contact Officer or to the ABS

Following the investigation and depending on the nature of the breach, the ABS may require the development and implementation of strategies to:

restrict or overcome the consequences of the breach
ensure no repetition of the breach

Depending on the success of these strategies and the severity of the breach, the ABS may:

reactivate the suspended access
extend suspension temporarily or permanently
suspend or terminate access for the organisation as a whole

The ABS may also invoke Subsection 19 (3) of the Census and Statistics Act 1905 which provides that a person who fails to comply with an undertaking given by that person in respect of microdata is guilty of an indictable offence, punishable on conviction by a fine of 120 penalty units ($39,600 as at 7 November 2024) or imprisonment for two years, or both.

While ABS must treat breaches of the undertakings very seriously, we would much rather help you and your organisation avoid the possibility of a breach. If at any time you are unsure about your compliance with an undertaking, contact mydataportal@abs.gov.au so we can discuss the circumstances.

Privacy

The ABS privacy policy and DataLab user privacy notice  outline how the ABS handles any personal information that you provide to us.  

The ABS Privacy Policy for Managing and Operating Our Business outlines how we handle personal information that is collected for managing and operating within the ABS.  

APA

Citation