Media release: Compliance audit report – Bundaberg Regional Council

Queensland’s Office of the Information Commissioner’s (OIC) compliance audit report of Bundaberg Regional Council was tabled in Parliament today.

This report presents OIC’s findings on the council’s compliance with the Right to Information Act 2009 (Qld) and the Information Privacy Act 2009 (Qld).

OIC found that the council is committed to right to information and information privacy. Although it still needs to develop and implement some policies,  systems and processes,, it has worked hard to comply with its legislative obligations.

OIC made 12 recommendations which the council supports and intends to implement. OIC will monitor the council’s progress.

Information Commissioner Rachael Rangihaeata said, “I am pleased council  took action to improve right to information and privacy compliance following our 2018 self-assessment electronic audit. It identified several aspects of its practices it could improve and developed an action plan to address them.”

“The recommendations of this compliance audit will support Bundaberg Regional Council’s accountability, transparency and safeguards for the community’s personal information.”

Key findings

Bundaberg Regional Council:

  • does not have an information governance framework that supports the proactive disclosure objectives of the Right to Information Act 2009. However, during the audit, it assigned responsibility for proactive disclosure across the council to its Information Services Steering Committee
  • has limited performance measures for monitoring progress in achieving the broader objectives of the Acts
  • like most Queensland local governments, has not yet embedded privacy impact assessments into its core business and therefore, cannot be sure it has identified and effectively mitigated the privacy risks of its activities or projects
  • is open and transparent about the personal information it holds, but the collection notice it often uses is too broad for individuals to make an informed decision whether to share their personal information
  • needs to do more work about how it operates and manages its surveillance cameras
  • has a range of administrative access arrangements in place, thus supporting the push model, however it could promote them better.

Read the full report here.

Media contact: Steve Haigh, Manager Training and Stakeholder Relations
Phone: 3234 7373