Information management

Commonwealth entities have a range of obligations related to information and records management. Information management is the responsibility of a number of entities.

Topics covered in the section of the guide:

  • Intellectual Property
  • Privacy Act and Privacy Code
  • Freedom of Information Act
  • Information, records and data management.

Useful resources and contact information are available in the tables below.

 

Intellectual Property

  • Government policy for the management of Intellectual Property
  • Government use of copyright material

Intellectual Property (IP) generated, procured and licensed by Australian Government agencies is  valuable asset and resource. Under the Intellectual property principles for Commonwealth entities, all agencies under the Public Governance, Performance and Accountability Act 2013 are responsible for ensuring it is used, managed and protected appropriately. IP should be handled in a manner that complies with relevant legislation, policies and guidelines while at the same time being consistent with organisational objectives and broader government objectives, including maximising any benefit to the Australian community as a whole.

The Australian Government provides guidance on how Commonwealth entities should manage their IP, and how different types of IP should be used. For information on the Australian Government's policy and framework for the management of IP, please see the Attorney-General's Department website. 

Key Tasks

TaskExplanationResourcesContact
Understand your obligations and responsibilities under the Australian Government's IP framework

Your entity will need to ensure that it has relevant frameworks and processes in place to manage IP in its control or custody in an effective, efficient and ethical manner, and that these processes are consistent with the Australian Government’s IP management framework.

 

Information on the Australian Government's policy and framework for the management of IP is available on the Attorney-General's Department website.

IP Australia administers IP rights for trade marks, patents, designs and plant breeder's rights.

The Attorney-General's Department is responsible for copyright policy.

Contact:
copyright@ag.gov.au

 

 

Understand your obligations and responsibilities under the Copyright Act 1968 (Copyright Act)

Your entity will need to consider the types of copyright materials it uses, and whether it needs to enter into any licensing arrangements with rights holders or the relevant copyright collecting societies for those uses.

 

Copyright Trade and Government team

copyright@ag.gov.au

 

Privacy Act

Commonwealth entities have obligations under the Privacy Act 1988 (Cth) and the Privacy (Australian Government agencies – Governance) Code 2018. These obligations outline how an agency must handle personal information and the governance arrangements they must have in place to build a consistent, high standard of personal information management.

Personal information is information about someone that identifies, or could reasonably identify that person. This could include a person’s identity information, medical information, financial or employment details.

The Office of the Australian Information Commissioner (OAIC) is responsible for the privacy functions conferred by the Privacy Act.

Australian Privacy Principles

The Privacy Act contains 13 Australian Privacy Principles, which set out standards, rights and obligations in relation to the collection, use and disclosure and security of personal information. The Australian Privacy Principles also provide individuals with rights to access and correct personal information an agency holds.

Data breaches

The Notifiable Data Breaches scheme requires agencies to notify affected individuals and the OAIC when a data breach is likely to result in serious harm to an individual whose personal information is involved.

Using contractors

When an agency engages a contractor to undertake services that require the contractor to collect and handle personal information on the agency’s behalf, the agency is required to meet certain obligations under the Privacy Act and the Australian Privacy Principles. This includes putting contractual measures in place that ensure that the agency cannot use the contract to avoid its own obligations under the Australian Privacy Principles.

Australian Government Agencies Privacy Code

Agencies are required to comply with the Australian Government Agencies Privacy Code, which sets out the key practical steps that agencies must take to comply with APP 1.2.

Key Tasks

TaskExplanationResourcesContact
Develop a clearly expressed, up-to-date privacy policyRequired under the Australian Privacy Principles.

Australian Privacy Principles

APP Guidelines

Guide to developing an APP privacy policy

Guide to securing personal information

Office of the Australian Information Commissioner

Enquiries: 1300 363 992

Enquiries (Online Form)

Develop a privacy management planRequired under the Australian Government Agencies Privacy Code.

Privacy management plan

Office of the Australian Information Commissioner

Enquiries: 1300 363 992

Enquiries (Online Form)

Appoint a Privacy Officer and a Privacy Champion, and notify the OAIC of the appointment and subsequent changes to the appointmentRequired under the Australian Government Agencies Privacy Code.

Privacy Officer toolkit

 

Privacy Code

Office of the Australian Information Commissioner

Enquiries: 1300 363 992

Enquiries (Online Form)

Develop a data breach response plan

The Notifiable Data Breaches scheme requires agencies to notify affected individuals and the OAIC when a data breach is likely to result in serious harm to an individual whose personal information is involved.

Notifiable Data Breaches scheme

Data breach preparation and response guide

 

Office of the Australian Information Commissioner

Enquiries: 1300 363 992

Enquiries (Online Form)

Develop collection notices, containing information about proposed collections of personal information by your agencyWhen an agency collects personal information about an individual, it must take reasonable steps to notify the individual of certain matters, or to ensure the individual is aware of those matters.

Australian Privacy Principles

APP guidelines

Office of the Australian Information Commissioner

Enquiries: 1300 363 992

Enquiries (Online Form)

Develop systems and processes to enable Privacy Impact Assessment (PIA) for high privacy risk projectsRequired under the Australian Government Agencies Privacy Code.Guide to undertaking PIAs

Office of the Australian Information Commissioner

Enquiries: 1300 363 992

Enquiries (Online Form)

 

Freedom of information 

The Freedom of Information Act (FOI Act) is the legislative basis for open government at the Australian Government level.

The FOI Act applies to official documents of Australian Government ministers, documents of most Australian Government agencies, and in some circumstances, contractors providing services to the Australian government.

Agencies and ministers must have regard to the Information Commissioner’s FOI Guidelines when making decisions or exercising powers under the FOI Act.

The OAIC publishes information to help agencies make decisions on FOI requests, including a checklist to identify key processing steps, guidelines to which regard must be held when making decisions under the FOI Act, and resources to help agencies understand and comply with the FOI Act including the FOI Essentials Toolkit.

Mandatory publishing requirements

The FOI Act requires agencies to publish specified categories of information under the Information Publication Scheme, including an agency’s organisational structure, functions and decision-making powers, statutory appointments, annual reports, arrangements for comment on policy proposals, information routinely released in response to FOI requests and provided to Parliament and operational information.

Agencies must also publish a plan that explains how they will implement and administer their Information Publication Scheme.

Requests for access to documents

Each person has a legally enforceable right under the FOI Act to obtain access to government documents, except if the documents are exempt or conditionally exempt from disclosure. Individuals can also apply for amendment or annotation of their personal information.

Agencies and ministers generally have 30 days to process an FOI request but this can be extended in certain circumstances.

Publication on disclosure log

Documents released in response to an FOI request must be published on a disclosure log within 10 working days of release to the FOI applicant. Exceptions apply if the documents contain personal or business information that it would be unreasonable to publish.

Review of decisions

A person who is unhappy with an FOI decision can apply for internal review by the agency or external review by the Information Commissioner. Third parties affected by a decision to grant access to documents can also ask for internal review. Timeframes apply.

Reporting

Agencies must report FOI statistics to the OAIC at the end of each quarter. See the FOI stats Guide for more information.

Key Tasks

TaskExplanationResourcesContact
Develop processes and procedures to ensure FOI requests are responded to within statutory timeframes

Under the FOI Act agencies must respond to FOI requests within 30 days (or as extended under the FOI Act).

Staff and resources must be delegated under s 23 of the FOI Act to enable compliance with the FOI Act.

Processing and deciding on requests for access

Office of the Australian Information Commissioner

Enquiries: 1300 363 992

Enquiries  (Online Form)

Develop processes to ensure applications for internal review are responded to within statutory timeframesThe FOI Act provides for internal review of all FOI decisions and imposes a 30-day timeframe to conduct the review.Internal agency review of decisions

Office of the Australian Information Commissioner

Enquiries: 1300 363 992

Enquiries (Online Form)

Publish mandatory information under Information Publication Scheme (IPS), including IPS plan

The FOI Act requires agencies to publish specified categories of information under the IPS.

Agencies must also publish a plan that explains how they will implement and administer their IPS.

Information Publication Scheme

Office of the Australian Information Commissioner

Enquiries: 1300 363 992

Enquiries (Online Form)

Report FOI statisticsAgencies must report FOI statistics to the OAIC at the end of each quarter.FOIstats Guide

Office of the Australian Information Commissioner

Enquiries: 1300 363 992

Enquiries (Online Form)

Maintain a disclosure log of released documentsDocuments released in response to an FOI request must be published on the agency’s disclosure log within 10 working days of release.Disclosure log

Office of the Australian Information Commissioner

Enquiries: 1300 363 992

Enquiries (Online Form)

 

Information, records and data management

New entities have responsibilities for ensuring that records and information are properly managed.

  • Create and maintain full and accurate records of their business.
  • Develop and implement agency specific information and records management policies and procedures, including comprehensive and accountable disposal programs.
  • Establish clear lines of responsibility for records management and ensure that staff are trained to carry out their records management responsibilities.
  • Work in consultation with the National Archives to develop Records Authorities.
  • Provide adequate resources for records management activities.

Data sharing

The Public Data Policy Statement commits Commonwealth entities to a range of actions to improve the use and re-use of public sector data,  release non-sensitive data as open by default and collaborate with the private and research sectors to extend the value of public sector data for the benefit of the Australian public.

The Office of the National Data Commissioner web page assists agencies holding Australian Government data to safely and effectively share the data they are responsible for by using five Data Sharing Principles.

The Data Sharing Agreement template embeds the use of the Data Sharing Principles, and provides a consistent approach to sharing data for the APS.

The Foundational Four provides guidance for agencies on how they can start improving their data practices and address the technical and cultural challenges that can limit their ability to get the most out of their data.

Information management

The National Archives of Australia sets standards for the management of Commonwealth information assets. It provides advice and support to Australian Government agencies to enable them to appropriately manage information and data and integrate information governance principles into their workplace practices. The Archives' Building Trust in the public record policy: managing information and data for government and community policy identifies key information management requirements for all Australian Government (Commonwealth) agencies.

Need help and support?

The Agency Service Centre can help you with advice on information management-related issues.

The information in the tables below will help further explain your entities roles and responsibilities and provide links to resources on the National Archives website.

Information management legislation, standards and policy
Information management legislationKey laws that have an impact on the information management responsibilities of most Australian Government agencies, including the Archives Act 1983.
Information management standardsInformation management standards help Australian Government agencies to create and manage business information effectively. Know which standards apply to your agency and how to implement them.
Information management policiesPolicies and strategies help agencies develop sound information management practices. Your agency must implement these to the appropriate level (known as 'required practice').
Establishing an information governance frameworkAn information governance framework is the structure an organisation uses to manage its information assets in legal, regulatory and business contexts. Documenting and assessing your agency's legal, regulatory and business requirements is an essential step in implementing an effective information governance framework.
Roles and responsibilitiesIn the Australian Government context, both agencies and the National Archives have responsibilities for ensuring that records and information are properly managed. This is supported by the Government's legislative framework.

 

Records authorities
Types of records authoritiesThe two common types of records authorities for Australian Government agencies are agency-specific records authorities and general record authorities.
Records authoritiesA records authority is a legal instrument that allows agencies to make decisions about keeping, destroying or transferring Australian Government records. Records authorities are used to determine how long to keep records and provide permission for the destruction of records once this time has passed.
Developing a records authorityDeveloping a records authority is a practical and flexible process which allows your agency to focus on information and records from one or several business areas.
General Records Authority 34Establishing and winding up entities and companies.

 

Getting started with information management
Getting started with information management

Information that you create, send or receive as part of your work for the Australian Government business is a record. It provides evidence of what your agency has done and why.

Topics include creating, capturing, describing, preserving, storing, protecting and disposing of information.

GAIN AustraliaThe Government Agencies Information Network (GAIN) Australia is a national network supporting agency information and records managers in the Australian Government. Join the network for forums and regular e-bulletins.

 


Did you find this content useful?