Skip to main content
Go to search page

Privacy Collection Notice for MDBA Audit Function

The Murray–Darling Basin Authority (MDBA) has a broad range of functions under the Water Act 2007 (Cth) (Water Act) and Basin Plan 2012 (Basin Plan), including the ability to conduct and publish audits to assess compliance with the Basin Plan (Basin Plan sections 13.10 and 13.20), together with powers to gather relevant information (Water Act s238).

Ensuring compliance with the Basin Plan, and associated accredited Water Resource Plans (WRPs), is essential to building confidence that communities, businesses and governments are fulfilling their obligations to help achieve sustainable water management. Audit is a critical tool the MDBA uses to encourage and monitor compliance with the Basin Plan.

The MDBA will undertake and publish its audits to provide the community with confidence that the Basin Plan reporting is accurate and implementation is on track. Audits and reviews may be undertaken as part of the annual compliance work program, or they may be instigated in response to a specific incident. The MDBA publishes all audit reports on its website [link].

Collection of information for audits 

It is against this backdrop that the MDBA's Office of Compliance collects, uses and discloses information for the purposes of conducting and publishing audits. In conducting audits, the Office of Compliance will collect different types of information depending on the subject of the particular audit, which could assess compliance in the following areas:

  • Water Resource Plans (WRPs)
  • Sustainable Diversion Limits (SDLs)
  • Compliance and enforcement in relation to illegal take
  • Water metering and measurement of water take
  • Planning and protection of environmental water
  • Water trade rules
  • Evaluation, Monitoring and reporting

Conducting these audits may require the collection of information relating to:

  • Water take data, at both the state, WRP and individual licence holder level
  • Licence holder information related to water take and metering
  • Trading of water between individuals and corporations
  • Environmental water use and delivery
  • Basin state processes and procedures for monitoring water compliance

Collection of information from third parties

MDBA primarily collects this information by requesting that it be provided voluntarily by Basin State regulatory authorities and other parties such as irrigation infrastructure operators or water approval authorities. Additionally, the MDBA has statutory powers under s238 of the Water Act to compel the provision of information.  

Purpose of collection

The MDBA collects this information in order to conduct audits to assess implementation of, or compliance with, the following aspects of the Basin Plan and associated legislation:

  • Water Resource Plans
  • Sustainable Diversion Limits
  • Water Trading Rules
  • Basin State water metering policies and standards
  • Protection of environmental water

Disclosure of information collected for audits 

The MDBA may disclose personal information collected for the purpose of conducting audits, in its published audit reports. Personal information may also be shared with Basin State water regulatory authorities for compliance and enforcement purposes, related to audit finding and outcomes.  

The MDBA will only disclose personal information where necessary for the performance of its functions, and where that disclosure is consistent with the purposes for which the information was collected.  

More about the MDBA's Privacy Policy

The MDBA's Privacy Policy explains the way in which the MDBA engages with and treats personal information. This policy includes information about how you may access or correct your personal information where it is held by us. It also contains information on how you can complain about a breach of the Australian Privacy Principles and how the MDBA will deal with such a complaint.

A copy of the Privacy Policy can be found at or by requesting a copy from the MDBA via email at

You can also contact the Privacy Officer on (02) 6279 0100.

Please find a list of archived MDBA compliance and enforcement documents which were published prior to Machinery of Government changes on 5 August 2021.

Updated: 05 Aug 2021