Data Governance, Owners, Stewards & Custodians 

Data governance 

Data governance refers to the principles and processes applied to manage data and information throughout the lifecycle, including: 

  • Planning data collections 

  • Designing and changing data collections 

  • Collecting and processing data 

  • Storing and maintaining data 

  • Analysing, reporting, and sharing data 

  • Enhancing data 

  • Disposal. 

In the Department of Health (Vic), It It is important that governance roles and responsibilities, policies and standards are applied consistently across our organisation. This ensures there is a standard treatment of information assets, and executives and staffstakeholders are clear how the policies apply in all situations across an organisation. 


An Owner is defined as being the person or entity that has the legal possession of the information asset. 

For assets collected or created by the Department of Health, the Secretary is generally the Owner. 

For assets provided by other organisations, the head of the supplying organisation is generally the Owner, unless ownership has been transferred as part of a Memorandum of Understanding (MOU) or information sharing agreement. 

Steward and Custodian 

Stewards and Custodians are assigned from the business area that has: 

  • the most significant stake in the data;, and 

  • the governance or oversight of the organisations supplying the data. 


A Steward is the person who has accountability for the management of an information asset. 

The Steward is generally the person with the most direct oversight of the organisations or business areas responsible for providing the data. For health data collections, this includes health services. In the Whole of Victorian Government (WoVG) Information Management Governance Guidelines, the Steward is referred to as the delegated owner. 

The delegated owner may choose to delegate his/her tasks to another executive level officer or the custodian, however the owner still has overall accountability for the information. The delegated owner would typically be a divisional director or line of business lead.  


A Custodian is delegated responsibility for certain outcomes by the Steward as outlined in the agreed written schedule. 

Custodians have strong business knowledge of the information asset and will typically be a subject matter expert in the subject matter covered by the information asset.  

Data custodians are responsible for good data management practices, including how the information is securely collected, managed and disclosed while in their care. 

Linked Data Steward and Custodian 

In addition to the management of data assets in its unlinked form, CVDL also has a Linked data Steward and Custodian, that perform the same functions as a Data Steward and Custodian, but in the context of data in its linked form. 

In addition to the data governance obligations of other data stewards and custodians, the linked data steward and custodian adhere to the below principles. 

  • Maximise utility, access and sharing of data while complying with legislation. 

  • Understand and articulate the ethical and social licence framework in the context of linked data use, management and operations. 

  • Champion the possibilities, risks and limitations of big linked data, in the context of government and societies’ use scenarios (cases). 

  • Practice and embed the 5 safes framework in the management and operation of the linked data asset. 

  • Create and maintain trust, remain independent, and avoid real or perceived conflict in their role as linked data steward and custodian. 

CVDL relationship with Custodians 

The Centre for Victorian Data Linkage (CVDL) works closely with our data custodians to ensure they understand their responsibilities and accountability for authorising the release of their data for an approved research project. 

CVDL's objective is to ensure the terms and conditions of any agreement fully reflect the data custodian's interests and requirements, and that adequate controls are observed by all parties. 

Once the data custodian has approved a data linkage project, a member of the CVDL Client Services team will work with the data custodian to: 

  • ensure all supporting documents are in place, including at the administrative, technical and operational levels 

  • determine and document the agreed information needed for the linkage project 

  • prepare a data extraction plan prior to the extraction process commencing 

  • establish data transfer protocols to ensure security obligations are met. 

Data custodians can be confident that CVDL operates a strict security regime for linking and releasing linked data by adhering to the Victorian Data Sharing Act 2017, Victorian Health Records Act 2001, the Privacy and Data Protection Act 2014 and , the Commonwealth Privacy Act 1988 and the Data Access and Transparency Act 2022. 

To find out more about how the Centre for Victorian Data Linkages can assist you please email us at [email protected]