This Procedure is issued under the authority of the Commissioner and should be read together with the ACNC Policy Framework, which sets out the scope, context and definitions common to our policies.
This Operational Procedure sets out the processes to be followed for the provision of bulk ACNC data disclosures1 in the following scenarios:
- providing or sharing data with other Australian government agencies (Commonwealth, State and Territory) via an agreement, Memorandum of Understanding or the Charity Passport,
- publishing data about charities onto data.gov.au, and
- sharing data with other parties through individual or ad-hoc requests (for example, requests from members of Parliament, for Parliamentary submissions, etc.).
1. ACNC data includes, but is not limited to the following:
charity identification data, such as ABN and legal name,
charity compliance data, such as revocation of registration, Annual Information Statement (AIS) submission and due dates,
responsible person or charity agent information, such as name and contact details, and
annual reporting data, such as the activities undertaken by the charity, and their financial information.
2. The Commissioner will be the discloser for all bulk ACNC data disclosures described at paragraph 1. The Commissioner is considered to have instructed ACNC staff to make bulk data disclosures in the situations outlined above.
3. ACNC staff should only facilitate bulk data disclosures where there is a documented basis to do so (for example, there is an approved Memorandum of Understanding in place or a formal request is received to supply data).
4. It is an offence under s.150-25 of the Australian Charities and Not-for-profits Commission Act 2012 (Cth) (ACNC Act) for an ACNC officer (in this case, the Commissioner) to use ‘protected ACNC information’ or disclose ‘protected ACNC information’ other than to the entity to whom the information relates or their agent, or, where the entity is a registered charity, one of the charity’s responsible persons. The penalties that may be imposed for this offence are significant.
5.There are a number of exceptions to this general prohibition, including disclosure of ‘protected ACNC information’ to an Australian government agency where certain conditions are met. Section 150-40 of the ACNC Act allows an ACNC officer to disclose ‘protected ACNC information’ if:
(a) the disclosure is to an Australian government agency;
(b) the ACNC officer is satisfied that the information will enable or assist the Australian government agency to perform or exercise any of the functions or powers of the agency;
(c) the disclosure is for the purpose of enabling or assisting the Australian government agency to perform or exercise any of the functions or powers of the agency; and
(d) the disclosure is reasonably necessary to promote the objects of the ACNC Act.
6. An ACNC officer must be satisfied that all four conditions are met before disclosing the information under s.150-40 of the ACNC Act.
7. Where the conditions under s.150-40 of the ACNC Act are not met, the ACNC can disclose data that has been lawfully made available to the public (s.150-50 of the ACNC Act). Data on data.gov.au or data shared with other parties through individual or ad-hoc requests (for example, requests from members of Parliament, for Parliamentary submissions, etc.) are generally made under s.150-50 of the ACNC Act.
8. To ensure that bulk ACNC data disclosures do not breach the ACNC Act, ACNC staff must complete the following steps (a flowchart can be found at Appendix A) when disclosing bulk ACNC data in situations described at paragraph 1.
9. Any data sharing request for ACNC data will need to be documented in writing (for example, a recurring request through an MOU or an ad-hoc request through an email). Each request will require an explicit instruction from the Commissioner to ACNC staff to make the bulk data disclosure. An MOU will be endorsed by the Commissioner at the point of entering into the agreement. An ad-hoc request for data will need to be approved by the Commissioner before data is shared.2
10. The specifications for the dataset must be documented by the area where the request initiated (business area). This will be the area responsible for coordinating the request or managing the MOU. Dataset specifications are required to be endorsed by the following Directors in the order that they appear:
11. The initial dataset will be produced and reviewed by IT using the agreed specifications.
12. The initial dataset is then to be reviewed by the business area. If no issues are identified, the Director of the business area and Director of IT will approve the dataset.
13. Where the dataset is to be re-released or published regularly (for example, datasets on data.gov.au), there will be a further check of the dataset when it is first released/published by IT to ensure there are no unforeseen issues.
Appendix A - Process
- Operational Procedure - Protected Information Procedure
- Operational procedure - ACNC data breach response plan
- Policy - Use of ACNC Data
- Policy: Information handling
1 For this operational procedure, ‘bulk ACNC data disclosures’ is defined as disclosure of a set of data items relating to all registered charities, or to a group of registered charities selected according to specified criteria (for example ‘all registered charities that are incorporated associations under the Associations Incorporation Reform Act 2012 (Vic)’), where the assessment that the disclosure of the dataset is permitted under an exception to the secrecy provisions is based on an attribute common to all members of the dataset, rather than on an examination of each individual data item.
2 The Commissioner must approve the release of ACNC data. The Commissioner must also confirm that they will be the discloser of ACNC data and that they are instructing the relevant staff member to make the disclosure.
3 If the dataset includes the disclosure of ‘protected ACNC information’, the Director of the Business area must document the relevant provision exception (refer to paragraph 6) relied upon.
4 Where the Director of Legal and Policy has concerns about the ability to share data under the ACNC Act, the matter will be referred to the Assistant Commissioner – General Counsel (or the Commissioner if appropriate) for a decision. This decision will be documented.
Date of effect
Brief summary of change
Version 1 - Initial policy
Initial operational procedure endorsed by Commissioner
Version 2 - reviewed
Updated to reflect change of template