One in three public-sector data professionals do not trust the data held within their own departments, a recent survey showed.
The survey of 133 public-sector data professionals showed 87 per cent of respondents lacked specialised tools for tracking data assets, and more than half said their departments did not document the reasons for collecting data.
Canberra-based Aristotle Metadata and public-sector platform Public Spectrum carried out the survey at the AusGov Data Summit, the central collaborative forum for public sector data and technology leaders, held in April 2026.
The findings come amid several significant data management incidents in 2026, including an incident where 13 federal agencies engaged a transcription provider that shared sensitive court transcripts with unvetted offshore personnel in India.
Fewer than one-third of data professionals surveyed were familiar with their organisation's data governance policies and about half said they could not easily locate the data required to perform their daily duties.
The research also showed 78 per cent of respondents felt their organisation was failing to get the best value out of its data and 67 per cent said they could not easily find documentation describing what their organisation's data meant.
Aristotle Metadata owner Sam Spencer said the results showed a gap between high-level digital strategies and daily data management operations. He said without clear visibility into what data agencies held, it was difficult to ensure its protection.
"I stand by the fact that if somebody doesn't know what data they've got, they have no hope of protecting it," Mr Spencer said.
Data was not an abstract technical asset but "how we know things get done", from public servants being paid correctly to patients receiving timely medical care, he said.
The federal government now relied on the Australian Government Data Catalogue, a centralised registry that contained more than 36,000 records drawn from various public databases for data governance.
An analysis of the registry by Aristotle Metadata showed that of those 36,000 entries, 99 per cent were duplicates from older platforms.
The data also showed that 505 unique assets had not been updated by nearly a dozen large agencies in more than two years.
To manage these records, the Office of the National Data Commissioner used a framework called ONDC26, which listed 26 metadata attributes.
Ten fields were designated as mandatory and 16 as optional, including fields describing the purpose of collection, who could use the data, who it was shared with and when it should be disposed of.
Although compliance remained high for the 10 mandatory ONDC26 core fields, the Aristotle Metadata analysis showed agencies faltering on the 16 optional attributes - such as the underlying purpose of collection and data licensing rules - which were left blank for unique, sensitive assets.
Large agencies such as the education department and the Australian Taxation Office (ATO) showed a 0 per cent completion rate for the optional fields.
A finance department spokesperson said metadata in the Australian Government Data Catalogue had been prioritised based on requirements for making data discoverable and accessible outside the agency that held the data.
"Mandatory fields are those which are most important for users requesting data, including security classification," the spokesperson said.
For Mr Spencer, treating these 16 optional fields as secondary overlooked their role in day-to-day security.
Classifying attributes like the purpose of data collection or licensing guidelines as optional left agencies without the baseline visibility required to track how sensitive material was being handled, leaving it exposed to misuse and error, Mr Spencer said.
"There are seven assets about children in schools, not one of those assets write down who's allowed to use it, whether or not it's sensitive and when it's deleted," he said.
Mr Spencer said the ATO listed a single data asset in the catalogue. "Does that sound right to you?" he said.
A government spokesperson from Public Service Minister Katy Gallagher's office said that established data governance frameworks were in place and that accountable authorities were responsible for implementing them within their respective agencies.
The spokesperson said a biennial Data Maturity Assessment evaluated organisational capabilities and helped agencies identify capability priorities.
The inaugural 2024 assessment established an average public service data maturity rating of "developing" with a score of 2.02 out of five, identifying data quality, reference and metadata as the lowest-scoring focus area.
Mr Spencer said advocating for improved data governance came with personal difficulties.
He had compiled the research and repeatedly taken it to the Office of the National Data Commissioner, ministers and chief data officers, but received little engagement in return.
"I have no budget, no mandate and now I have no friends, because I'm making people very annoyed about this, because I'm making a lot of noise," he said.
Mr Spencer said there was a tendency to invest in large international software products rather than the human work of foundational governance.
"We'll get squeezed over the smallest amount of money for infrastructure, but all of a sudden there's a blank chequebook for international big-tech firms," he said. "It's like they're just going to fund anything with a flashy name."
