What Is a Data Custodian?

Overview #

A data custodian is an organisation or authority that maintains a record set or source system for a particular type of information. Custodians may include public authorities, regulators, statutory bodies, credit bureaus, education bodies, business registries, professional bodies and authorised third-party data providers.

Why it matters #

Knowing the custodian matters because the custodian usually determines what can be verified, which fields are available, what consent or purpose is required, how often records are updated and whether a result can be corrected directly or only at the source.

How to think about it #

• The custodian is not always the same as the platform that displays the result.
• A verification platform may connect to, request from or process data sourced from a custodian.
• Some custodians provide direct public services; others work through authorised channels or verification agencies.
• Corrections usually need to happen at the source that owns the record.

Common examples #

• Home Affairs for identity and civic-status-related records.
• Umalusi for specified school and further education certificates.
• CIPC for company-registration information.
• Credit bureaus for consumer credit information.
• SAPS-related processes for police clearance and criminal record-related procedures.

Responsible use reminders #

• Always distinguish source ownership from platform delivery.
• Check whether the requester has lawful authority to use the source.
• Do not promise correction of a record that only the custodian can amend.

Public knowledge note: This article is intended as general education for verification, compliance, fraud prevention and responsible data-use discussions. It is not legal advice and should not replace your organisation’s own compliance review, regulator guidance, or contractual obligations.