Starter guideline and checklists for new organisations


It is easier to ensure compliance with Right to Information and Information Privacy obligations from the start than to retrofit an organisation.  The purpose of this guideline is to assist newly established agencies to do this by providing an overview of obligations contained in both the Right to Information Act 2009 (Qld) (RTI Act) and the Information Privacy Act 2009 (Qld) (IP Act). Tips on ensuring basic compliance together with information about tools and resources to support compliance can be accessed at

The Right to Information and Information Privacy Acts in a nutshell

The object of the RTI Act and the IP Act is to give a right of access to public sector information unless it is, on balance, contrary to the public interest to do so. The starting point for all public sector documents is that they are open to the public. Agencies have an obligation to proactively release information, maximise disclosure, and otherwise provide administrative release.

Access applications are considered a last resort. Possible criticism of the government, loss of confidence in the government or the mischievous use of information by applicants are factors not to be taken into account in deciding whether information is to be disclosed.

The IP Act also provides for the fair collection and handling of personal information by the public sector.

How the RTI Act and the IP Act interact

Formal applications for information can be made under the RTI Act for any document of an agency.  RTI decision makers are required to have a pro-disclosure bias and documents must be released unless it is contrary to the public interest to do so. It is usually contrary to the public interest to disclose personal information to a third party. The IP Act requires agencies to protect the personal information it holds and prevent it from being disclosed inappropriately.

These two Acts work together to ensure that there is an appropriate balance between privacy protection and government openness.  Personal information is protected unless there is a legal authority to disclose it.  If a person applies for someone else’s personal information under the RTI Act, there is scope to withhold it if releasing it would be contrary to the public interest.  If the decision maker decides to release it, the person the information is about may have to be consulted about the release.

How to use this guide

This guide provides a high-level checklist to follow when initially establishing an agency.  This initial implementation checklist is located in Appendix 1 (PDF, 59.56 KB).

It also includes more detailed checklists for officers responsible for setting up systems and procedures along with a brief explanation of the RTI and IP obligations related to the checklists.  These are located in Appendices 2 through 4 (PDF, 53.39 KB).

Ensuring effective information practices

Once the agency has been established, and the initial tasks in this guideline have been completed, the Office of the Information Commissioner’s (OIC) Self Assessment Tool can be used to audit the agency’s compliance with its RTI and IP obligations.  One of OIC’s functions is to audit agency compliance and report to Parliament.  The Self Assessment Tool contains the standards against which OIC audits.


The independent report into Queensland’s information access laws The Right to Information: Reviewing Queensland’s Freedom of Information Act1 (The Solomon Report) highlighted the need for strong leadership in ensuring successful RTI implementation and a shift in focus from processing RTI applications to effective information management practices2.  Audits undertaken by OIC have shown that effective leadership is an important factor in information reform.

1 Report by the FOI Independent Review Panel, June 2008
2 Recommendation 127, The Solomon Report