Skip to main content

A NSW Government website

Module 6: Assigning roles and responsibilities

Back a page
Module 5: Organisational Structures
Next page
Module 7: Leadership


What is it? 

While good data governance is everyone’s responsibility, agencies need to clearly define the key people who will be responsible for governing and managing data across the organisation. Assigning responsibilities to specific roles ensures there are specific people within the organisation who are responsible for ensuring that data is appropriately managed throughout its lifecycle.

The NSW Data & Information Custodianship Policy directs the development and implementation of data and information custodianship roles and responsibilities. It also includes a Custodianship Model that sets out specific data and information roles. While the use of a standardised model can be a key enabler of cross-agency collaboration, in practice it is recognised that many variants of this model exist across the NSW Government. This is because how agencies assign roles across an organisation tends to depend on many factors – most importantly, the data maturity and size of the agency.

To ensure this Toolkit meets agency needs, outlined below is an adapted version of the Custodianship Model. The adapted model is specific to data (i.e. excludes information management) and describes the roles in functional terms rather than using traditional role titles (e.g. Data Custodian, Data Steward, Data Owner, Data Sponsor). The purpose of this is to ensure that people are assigned responsibility for undertaking these functions, and to allow agencies to assign these functions in ways that work for them.


Function Main Responsibilities  

Accountable Executive

Accountable Executives have accountability for the data and are generally the responsibility of the Agency Head (Secretary, Chief Executive, or equivalent authority), however this role is often delegated to a designated Senior Executive. This role is typically referred to as the Data Sponsor or the Data Owner.

  • Approve policies, protocols and guidelines in relation to the data asset, process and/or system
  • Ensure that all legal, regulatory and policy requirements are met in relation to the data assets management
  • Approve significant changes to the data collection, process and/or system
  • Approve budget and resourcing/provide funding for data management projects
  • Monitor the performance of data governance responsibilities and identify improvements
  • Ensure data assets held by the agency are identified and documented in a data catalogue or register of data assets
  • Delegate responsibilities for decisions and tasks to Responsible Executives.

Responsible Executive

Responsible Executives are generally Directors with delegation from the Accountable Executive to exercise overall responsibility for a specified data asset. This role is typically referred to as the Data Custodian.

  • Enforce the rules on behalf of the Accountable Executive
  • Identify and document data assets held in a data catalogue or register of data assets
  • Identify the information security classification of data assets to ensure appropriate protection and handling of the information
  • Determine the conditions for appropriate collection, storage, use and sharing of the data and approve data change requests, data sharing requests and open data release
  • Agree and set the standards for the data asset
  • Nominate the Operational Data Manager for data assets and ensure responsibilities are fulfilled
  • Develop a strategic plan for the use and management of the data asset.

Operational Data Manager

Data Managers are generally business managers, process owners or subject matter experts with the greatest operational stake in the content of the data asset. They are responsible for operational (frontline) data management and for stewarding the data through the data pipeline. This role is sometimes referred to as the Data Steward and is seen as the ‘gatekeeper’ to accessing the data asset.

  • Day-to-day operational management and operation of the data asset
  • Ensure data is shared under an agreement or license to ensure privacy, security and data quality are maintained
  • Manage the data asset in compliance with relevant legislation, policies, standards and any conditions specified by the Responsible Executive
  • Work with stakeholders to develop and maintain metadata including a data dictionary, business rules and guide for use
  • Provide advice to the Responsible Executive on the management of the asset
  • Provide advice on the proper use and interpretation of the data to Data Users
  • Provide feedback to Data Creators in relation to data quality issues and the resolution of errors in the data.

Data Creator

Data Creators are any employee, contractor or consultant who captures or creates data on behalf of the agency, to be processed as a data asset. This role is sometimes referred to as the ‘Supplier’ of data to government.

  • Ensure data is recorded or collected according to agreed data standards and liaise with the Accountable or Responsible Executive on standard requirements
  • Ensure data is accompanied by accurate and sufficiently detailed metadata that enables people to understand it (e.g. creating a data dictionary, recording your methodology and how the data was created)
  • Ensure processes are in place for the ongoing maintenance of the data
  • Ensure data security
  • Comply with legislation, policies and terms and conditions associated with data collection, including consent where applicable.


Data User

Data Users can be anyone, public and government, who uses government data.

  • Acknowledge the source of data and abide by any copyright or licensing requirements when using data
  • Understand the data and ensure it is fit for its intended purpose
  • Report any errors or omissions to the Operational Data Manager or Responsible Executive regarding data they receive in a timely manner
  • Comply with terms and conditions of the license or agreement for access to data
  • Comply with legislation, policies and standards
  • Ensure security and privacy are maintained whenever data is accessed
  • Report any breach or suspected breaches to the Operational Data Manager and/or Responsible Executive in the first instance
  • Obtain approval from the Accountable Executive or delegated authority for release of data.

Why is it important?

Under the State Records Act 1998 (NSW), agencies are responsible for the creation, management, protection and maintenance of their data, even when these management responsibilities have been delegated to another agency. It is important that agencies assign staff specific data responsibilities to ensure data is managed appropriately across its full lifecycle. A clear understanding and acceptance of custodianship roles and responsibilities can also help maximise benefits and minimise costs associated with data management for agencies, and lead to greater efficiency along data value chains.

What good looks like

  • Assigned: responsibilities are defined and formalised across the organisation and at all stages of the data lifecycle.

  • Appropriate: responsibilities are appropriately matched with the responsible person’s skills, expertise and delegation level.

  • Understood: while some staff are formally assigned data management roles, all staff who handle data understand the data responsibilities associated with their role.

  • Shared: data responsibilities are spread across all levels of the organisation and are not just the responsibility of the IT department, a specific data governance body or team.

  • Specified: data sharing agreements and service arrangements clearly specify data rights, including whether responsibilities for the data will be transferred to a third party.

How to achieve good practice

  • Assign data responsibilities across the organisation and ensure the data is mapped to the responsible person(s) in a data catalogue.

  • Develop a data governance framework or policy that specifies who is responsible for the various aspects of the data, including who is responsible for giving permissions for open release and data sharing.

  • Formalise data responsibilities where they already exist and avoid assigning responsibility to anyone who is not already undertaking the role in their day-to-day work.

  • Ensure responsibilities are matched to the responsible person’s skills, expertise and delegation level. If parts of your agency lack data expertise, recruit new staff or leverage staff in different areas of the agency with specialised data skills. 

  • Ensure staff with specific data responsibilities are provided with training and supported by workflow tools that make their jobs easier.

  • Ensure data sharing agreements specify data rights, including whether ownership of the data will be transferred to a third party.

  • Develop a visual representation of your organisation’s data roles and responsibilities that is accessible to staff within the organisation, as well as other agencies.

Download Module 6


Back a page
Module 5: Organisational Structures
Next page
Module 7: Leadership


Last updated 01 Feb 2021