Audit on Publishing OFFICIAL information assets: Supporting the push model through proactive disclosure
Government agencies collect, hold and use a significant amount of information. Under the Right to Information Act 2009 (the Act), they should release information as a matter of course unless there is a good reason not to. This is referred to as the ‘push model’. This proactive disclosure approach increases accountability and transparency. It also helps build trust in government.
OFFICIAL information is routine information without special sensitivity or handling requirements.
Information assets vary greatly between government agencies. A complete, current and accurate information asset register can help them manage the assets consistent with the rules governing access and use of the information.
Gaps in the registers increase the risk of unauthorised disclosure, misuse or unavailability of the information. This also means that the agencies cannot be sure that they are maximising public disclosure of the information they hold.
Publishing the information asset register, or a version of it, on a website tells the community what information an agency holds. This is consistent with the push model and reinforces that access under a legislative process is a last resort.
However, having an information asset register is not enough. Agencies need to have a documented approach with defined roles and responsibilities to approve the publication of information that supports public access to information while safeguarding the information that requires protection.
When considering whether to publish information, government agencies need to balance the information security risks against the disclosure benefits. They also need to consider other obligations they may have about the information. For example, licensing considerations.
This audit focused on how three Queensland government departments identify and classify their OFFICIAL information assets and how they support the push model through maximum disclosure of these information assets.
The audit raises issues relevant to all government agencies. We made one recommendation to all agencies – publish their information asset register, or a version of it, on their websites.
