AUDIT: Commissioner’s 12 recommendations for Bundy council
THE Office of the Information Commissioner has released an audit on Bundaberg Regional Council's compliance with Queensland's Right to Information Act 2009 and Information Privacy Act 2009.
"Bundaberg Regional Council (BRC) is committed to right to information and information
privacy," the report found.
"Although it still needs to develop and implement some policies, and put systems and processes in place, the council has worked hard since our electronic audit in December 2018 to comply with its legislative obligations.
"For example, it has established a good process for training new staff about their right to information and information privacy responsibilities."
The audit made 12 recommendations for Council:
Within 12 months, develops and implements an information governance framework and supporting documented plans, policies and procedures to drive right to information and information privacy aims.
Within 12 months, develops and implements performance measures for access to
information and information privacy outcomes, aligned with its operational plan.
Within 12 months, implements mandatory periodic refresher training on right to
information and information privacy for all staff.
Within 12 months:
• better promotes its administrative access schemes on its website
• develops an administrative access policy that outlines the type of information staff can release, and the process for doing so.
Within 12 months:
• implements an information asset register, assigns responsibility for each asset and
classifies them to determine their suitability for public release
• develops and publishes a version of the information asset register to better inform
the community about the information it holds, and who to contact to request access
to an information holding
• implements a process to review the information asset register regularly so it
remains current and relevant.
Within 12 months, implements a process to update the publication scheme regularly
so the community has access to relevant and up-to-date information.
Within 12 months, reviews collection notices for all forms and online emails and
amends them to ensure compliance with the Information Privacy Act 2009.
Within 12 months, establishes a rolling program of regular review of collection
notices for all forms and online emails, to maintain compliance with the Information
Privacy Act 2009.
Within 12 months:
• develops and implements a policy and procedures about privacy impact assessments
• integrates privacy impact assessments in its risk management and project management methodologies and tools.
Within 12 months, develops and implements a policy and procedures for managing
its camera surveillance which:
• is consistent with the council's legislative obligations, under the Right to Information
Act 2009 and Information Privacy Act 2009
• covers all its audio and video technologies, and all devices
• provides sufficient detail to guide staff operating the system.
Within six months, strengthens its safeguards to better protect camera surveillance
footage from unauthorised access, use, modification or disclosure, and other misuse
Within12 months, reviews its arrangement with the Queensland Police Service for
the operation of camera surveillance, and takes all steps necessary to ensure the
council complies with the Information Privacy Act 2009.
Bundaberg Council accepted the recommendations and proposed a management action in response to each of them.
More to come later today.