How to review and measure your agency’s progress in implementing RTI and IP

This guideline will help you understand how the Office of the Information Commissioner (OIC) measures agency compliance with the Right to Information Act 2009 (Qld) (RTI Act) and the Information Privacy Act 2009 (Qld) (IP Act), and explains some practical ways you can review your agency’s progress and implement processes to support continuous improvement.   

Why measure performance?

Managing and measuring your agency’s performance contributes to greater accountability and transparency.1 By establishing a robust framework for the qualitative and quantitative assessment of progress against a set of criteria you can determine areas of good practice and those where additional effort may be required.2

Why is measuring RTI and IP performance important?

Freedom of information is a fundamental right.3  In Queensland, the right to access information held by Queensland government agencies is established in the RTI and IP Acts.

The object of the RTI Act is to provide more information to the community by giving a right of access to government held information unless, on balance, releasing the information would be contrary to the public interest. The RTI Act supports and encourages proactive disclosure of information by acknowledging that formal applications should only be used as a last resort.  

The IP Act works in parallel with the RTI Act and provides safeguards for the handling of personal information in the public sector environment and gives people a right of access to and amendment of their personal information.   

To effectively implement the RTI and IP Acts, it is critical that chief executive officers foster an agency culture that aligns with the objects of the legislation and recognise the importance of the information their agency holds.  Just as an agency’s people, finances, equipment and buildings are important resources, so too is their information.  It should therefore be carefully managed, like any other asset.

Actively monitoring agency performance in making information available to the community is an important aspect of managing information assets.  While the Information Commissioner’s statutory functions include monitoring, auditing and reporting on agencies’ compliance with the RTI Act and chapter 3 of the IP Act,4  agencies must also develop their own performance review system to manage and measure performance.  

Senior executive officers must take an active role in the management of information and promotion of proactive release of information to ensure they are aware of, and increase, their agency’s level of compliance with RTI and IP.  Because the chief executive officer is ultimately responsible for their agency’s information governance, the performance criteria used to determine compliance must be sufficiently robust to assure the chief executive officer that information is being managed well.

Agencies can look externally for examples of performance criteria and targets to focus the agency on good practice.  For example, agencies within the same sector and with similar functions may have published performance information that could be used as a benchmark.  OIC’s review reports and guidelines contain information about benchmarks of performance for certain topics.  

The legislation’s mandatory reporting requirements5 are important performance criteria, however such requirements are focused on formal application handling which is only one component of RTI.  Other information handling practices, such as administrative release6, development and maintenance of a Publication Scheme, commitment to protecting individual’s privacy and the pro-disclosure culture of the agency can be monitored and measured under a performance measurement framework to ensure more comprehensive information about RTI and IP is available to inform review of performance.

How is RTI and IP compliance measured?

When undertaking compliance audits OIC recognises that all agencies are different, as are the ways they deliver their core businesses.7 OIC takes account of these individual differences when monitoring and reporting on agencies’ compliance with the RTI and IP Acts, though each agency’s performance is measured against five broad performance areas.

These performance areas are explained in OIC’s publication Right to Information and Information Privacy – Performance Standards and Measures for Agencies8, and briefly summarised below, can provide a sound basis for developing your agency’s self-assessment compliance framework and performance criteria.

Performance area: Culture of openness

A high level, explicit statement of your agency’s commitment to openness and achieving the objects of the RTI and IP Acts is required to effectively communicate your agency’s support for the proactive disclosure of information.


As per the intent of the Right to Information (RTI) Act and the Information Privacy (IP) Act, [Rockhampton Regional Council], as a public authority, must ensure transparency of Council decision making and business practices, and good governance by instilling a culture of bias towards pro-disclosure of information whilst maintaining our obligation to preserve an individual’s right to privacy.9

Performance area: Leadership

The success of any initiative depends on strong, active leadership and visible support from senior management.  Establishing appropriate leadership structures can effectively underpin your agency’s performance in achieving the objects of the RTI and IP Acts.  These structures might include for example, an Information Champion or Sponsor and an Information Steering Committee.  If appropriate, your agency’s ICT or Information Steering Committee may be able to assume responsibility for planning and monitoring the progress of a work program which includes information management projects or activities.


Griffith University had a dedicated Information Management Program Board (IMPB) and a Corporate Information Management Roadmap providing a strategic information management project overview for the period 2012 to 2015.  Major projects included a university wide audit of current recordkeeping content scheduled for 2013, the second stage of their Research Hub project, a staff data integrity program, employing an archivist to manage historical collections and transition to digital recordkeeping.  Monthly IMPB meeting minutes contained project updates for these significant information management projects, evidence of active monitoring of progress by the IMPB.10

Performance area: Accountability

As part of its agency compliance review process, OIC expects agencies to monitor their openness and agility in inquiring about, and responding to, community and stakeholder information needs.  By taking responsibility for your agency’s progress in implementing RTI and IP, you will not only be showing a commitment to the objects of the legislation but also helping to identify areas which may need further attention.


Local councils often have systems in place for managing feedback from the community, including complaints.  A good complaint handling system can be used to monitor and improve service delivery of RTI and IP, for example, the community’s experience of different methods of access to information. 

The Rockhampton Regional Council had a particularly effective complaint handling system explicitly linked to continuous improvement of customer service.  The Customer Service Charter listed service standards for the provision of information, for example, early resolution of enquiries and timeliness of responses.  The complaint handling system and Customer Service Charter were linked to provide direct feedback on the effectiveness of information services. 

This system encouraged community feedback and treated complaints as an opportunity for monitoring and improving Council’s information services.11

Performance area: Maximum disclosure

To achieve the objects of the RTI and IP Acts information must be routinely and proactively disclosed wherever practicable. The benefits of proactively disclosing information include fewer formal access applications and greater openness, accountability and transparency.


The manager of a business unit within the Department of Transport and Main Roads observed inefficiencies in the way the department handled requests for spatial information, for example, in handling tenderer’s requests for school bus routes in regional areas.  To address the problem he:

  • streamlined over 2000 datasets to a base of around 80 datasets supporting provision of the spatial information
  • arranged for the spatial data to be published online through the Queensland Spatial Catalogue; and
  • carefully measured the success of the new approach, and was able to report, for example, that the datasets were downloaded over 317 times in an 18 month period. 
The old system required a contract for data release to be established for each data request.  The new system saved the drafting and settling of 317 data release contracts in 18 months.12  

Performance area: Compliance

In addition to processing access applications in accordance with the RTI and IP Acts, all agencies must maintain administrative arrangements, for example, an up to date Publication Scheme and (where required) a Disclosure Log, as well as facilitating administrative access to information.  Monitoring your agency’s performance should also include regular reviews of compliance with the Information Privacy Principles (IPPs)13  including how the agency collects, stores, uses and provides information about documents containing personal information.  

How do you develop effective performance criteria?

To be an effective tool for evaluating your agency’s achievements against a set of criteria, all performance criteria must be:

  • appropriate
  • achievable
  • relevant
  • well defined
  • reliable
  • verifiable
  • attributable
  • cost effective; and
  • credible.14

The performance criteria that are appropriate for your agency will depend on a range of factors including your agency’s structures and administrative arrangements, OIC recommendations to your agency—such as desktop audit reports—and your agency’s current level of RTI and IP Act compliance.  Careful consideration should be given to those measures which are most appropriate and useful for your agency’s particular circumstances.

The examples below illustrate how a range of performance criteria for RTI and IP can be developed and implemented.  

Example 1

Agency A manages its information and communication technology (ICT) through a committee chaired by a senior executive.  The committee develops an annual ICT plan of projects to improve information and computer management within the agency.  The current ICT plan provides for an upgrade of record keeping software  and a full stocktake of information, as part of a three year Information Release project.

The first year of the Information Release project involves a stocktake of information holdings, resulting in an Information Asset Register being developed.  In the second year, the Information Asset Register will be published. In addition, information holdings assessed as ‘public’ will be reviewed to determine which information holdings can be published immediately and what further steps might feasibly be taken to increase access to other holdings.  In the third year, further identified information holdings will be published.  

The ICT committee will track performance of the Information Release project by:

  • establishing a baseline of publicly available information holdings at the start of the project, for comparison against the number of information holdings released each year
  • requiring quarterly reports from the project manager so that the progress of the project can be tracked against the milestone targets
  • monitoring requests for information to identify whether they are affected by publication of the Information Asset Register; and
  • assessing the impact of the Information Release project on the openness of the agency’s information management by monitoring the frequency of access to published information holdings on the website over time and conducting internal and external surveys of staff and public perceptions of the agency’s openness at the beginning and conclusion of the project to track perceptions of any improvement in the agency’s culture of openness.

Example 2

The push model requires agencies to proactively push information out to the community, as much as possible, with the goal of making formal RTI applications a last resort.  One way the RTI Act gives effect to the push model is to require agencies to have a Publication Scheme which publishes significant, appropriate and accurate information in seven classes:  About Us; Our Services; Our Finances; Our Priorities; Our Decisions; Our Policies; and Our Lists.  

The information that the community should be able to access through the Publication Scheme under each of these information classes, is specified in the Ministerial Guidelines made under the RTI Act.  This ensures that the community has access to certain significant information, and can easily find the same information in any agency by looking in the same place for every agency.  

Usually, this requirement is satisfied by creating the Publication Scheme on the agency’s website. To be satisfied that the Publication Scheme is making appropriate and significant information available as required, Agency B’s executive commissioned regular reports on specific performance criteria about the Publication Scheme.

Initially, Agency B commissioned annual self-audits using the desktop audit tool published by OIC to establish whether required information (particularly as specified by the legislation and Ministerial Guidelines) was being published.  Outcomes were reported to Agency B’s executive.

Subsequently, to ensure maximum publication of significant and appropriate information, Agency B recorded and reported on:

  • the proportion of information assets classified as ‘public’ published to the Publication Scheme15
  • changes over time to the proportion of information assets published to the Publication Scheme, with an expectation that this would increase; and
  • changes over time to the proportion of significant website material linked to from within the Publication Scheme.

To ensure the Publication Scheme is maintained and continuously improved, Agency B reports on:

  • meetings between the person coordinating the Publication Scheme and key agency contacts for the generation and publication of information, including information published to the Publication Scheme as a result of those meetings
  • a six monthly review of current information published online to ensure all information was still relevant and up to date, all links work and any new website publications are linked to from within the Publication Scheme.16   

Example 3

Facilitating maximum disclosure of information to the community under the RTI Act requires agencies to:

  • be aware of what information they hold
  • find out what information the community wants to access
  • identify new and existing information that can be proactively released and published in an accessible format; and
  • establish procedures to identify existing and future information which is suitable for publication or access without requiring an application under the RTI Act.

Administrative Access Schemes17 are an important means of ensuring formal access applications are a last resort and can avoid unnecessary processes and costs for applicants and agencies.  Agency C uses the OIC Administrative Access Checklist18 to identify information suitable for administrative access, implement their administrative access scheme and monitor performance.  Agency C’s performance criteria include monitoring and reporting on the:

  • volume of information released as well as commensurate reductions in formal applications for this type of information
  • time taken to provide the information requested, including any relevant comparison with other means of access (such as formal applications under the RTI Act)
  • results of user feedback, complaints or surveys
  • steps taken to identify opportunities for new administrative access schemes.

Example 4

Agencies may find it useful to compare their performance against good practice in other agencies, that is, agencies can adopt a process of benchmarking.  
An example of agency performance benchmarking can be found in OIC agency compliance reviews which compare agency performance on their use of communication with applicants to actively manage applications.

As part of the compliance review OIC calculates average application handling performance criteria such as:

  • the average number of times per application that the RTI and Privacy Unit contacts each applicant
  • the average time between contacts with an applicant on their application
  • the average total duration of each application; and
  • the proportion of contact with each applicant made by email or telephone for application processing activities (excluding the application receipt acknowledgment notification and formal decision notification).

These measures provide an indication of the extent to which an agency uses regular discussion with the applicant to handle the application, a practice which correlates with quicker application handling times.  One way in which discussion with an applicant promotes efficiency is that it enables narrowing of the scope of the information requested and identification of the best way to assist the applicant to obtain the information they need.  Discussion can also promote better relationships with applicants, leading to more successful negotiations.

The current benchmark agency contacts an applicant on average nearly five times per application, roughly once a week, using email or phone for eighty-five percent of the contacts, and has the shortest average application handling time of all agencies reviewed so far: 23.6 business days.

This is one example of benchmarking performance.  Agencies could adopt a benchmarking process for any performance measure, and particularly for performance criteria with specific, detailed metrics.

Agencies can look within their own sector or in communities of practice to establish their own benchmarks for specific business processes.  Through its review, monitoring and assistance functions, OIC is also aware of examples of good practice and might be able to assist agencies to establish benchmarks in specific topic areas.  

Agencies interested in benchmarking in specific topic areas are encouraged to contact OIC to identify possible benchmarks of good practice.  OIC will also progressively publish on our website case studies which showcase how individual agencies have established processes to review progress and support continuous improvement in implementing the RTI and IP Acts.  We welcome your contributions to this project.  

The performance criteria set out in OIC compliance review and desktop audit reports19 can also assist you in assessing your agency’s performance and deciding on performance criteria which are most appropriate. You can also use the OIC desktop audit tool to review your agency’s website to review compliance and identify opportunities for improvement. The results obtained from completing the self-assessed electronic audit can also usefully inform your agency in developing or enhancing your agency’s performance framework.  

The checklist at Appendix A20 may assist you to identify areas where your agency is progressing well in implementing the RTI and IP Act requirements and highlight areas that need attention.

  • 1 It is also a statutory requirement for many agencies. For example: section 11 of the Financial and Performance Management Standard 2009 requires each accountable officer and statutory body to comply with A guide to the Queensland Government performance management framework.
  • 2 The Auditor-General of Queensland Report to Parliament No.5 for 2010 – Performance Reviews – Using performance information to improve service delivery recommended that all Queensland Government departments consider adopting the better practice principles which are explained in the Queensland Audit Office publication Better Practice Guide Performance reviews.  The seven better practice principles provide a framework for performance review and are: Clear purpose and focus; Active executive involvement; Responsibility and accountability assigned; Relevant and robust performance information; Coordinated and documented by a dedicated team; Balanced discussion at review sessions; and Persistent follow up process.  
  • 3 The Universal Declaration of Human Rights (Article 19) and the International Covenant on Civil and Political Rights (Article 19) recognise an individual’s right to freedom of expression, including the freedom to seek, receive and impart information.
  • 4 See section 131 of the RTI Act
  • 5 Section 185 of the RTI Act and section 194 of the IP Act require statistical and other information to be provided by Ministers and agencies for the purposes of reporting to Parliament.
  • 6 Administrative release refers to the disclosure of information informally, without having to submit an RTI or IP access application.
  • 7 See Charter, Policy and Procedures Manual: Performance Monitoring and Reporting for more information about OIC’s compliance review program and processes.  
  • 8
  • 9 Taken from Rockhampton Regional Council’s Information Public Disclosure Procedure available at:  
  • 10 For more information, please refer to OIC Report: Compliance Review – Queensland Universities at page 29
  • 11 For more information, please refer to OIC Report: Compliance Review – Rockhampton Regional Council at pages 32-33
  • 12 For more information, please refer to OIC Report: Compliance Review – Department of Transport and Main Roads at page 27.
  • 13 Or National Privacy Principles if your agency is a health agency.
  • 14 Based on the Performance Measures Checklist in A Guide to the Queensland Government Performance Management Framework, page 54.  
  • 15 Identified in the Information Asset Register.
  • 16 Agency B’s website publication form requires the document publisher to state whether or not new website information can be linked to from within the publication scheme. Information collected on these forms is aggregated and reported. If information can be linked to, the form prompts the publisher to confirm that a link to the information has been created in the publication scheme.  If information is not linked, the form prompts the publisher to provide reasons, based on the significance, appropriateness or accuracy of the publication.
  • 17 For a detailed discussion of administrative release and access schemes see the OIC Guideline:  Administrative Release of Information
  • 18 Available on the OIC website
  • 19 Available on the OIC website:
  •  20 Which is based on OIC compliance review and desktop audit reports.

Current as at: June 24, 2015