Media release: Compliance audit report – Townsville City Council - 6 March 2018

Queensland’s Office of the Information Commissioner’s compliance audit report of Townsville City Council was tabled in Parliament on 6 March 2018.

This report presents the results of our audit of the council’s compliance with the Right to Information Act 2009 (Qld) and the Information Privacy Act 2009 (Qld).

We made 24 recommendations for improvement.

The Information Commissioner Rachael Rangihaeata said, “The objectives of the Right to Information and Information Privacy Acts are clear – proactively release government-held information unless it’s not in the public interest to do so; and protect and respect personal information.”

In April 2016, Townsville City Council asked consultants to review its management structure and make recommendations to improve its operations and financial sustainability. The council adopted the report in full in September 2016, and at the time of our audit, was implementing the recommendations, including restructuring its information functions.

“Our audit found that Townsville City Council was not meeting its obligations due to significant systems issues, a lack of information governance and a general misunderstanding of the Acts and their aims.”

“As the council progresses in its restructure, it has an opportunity to build a culture of openness and transparency by incorporating the principles and objectives of the right to information and privacy in its policies, procedures and practices,” said Ms Rangihaeata.

Key findings

Townsville City Council:

  • enabled participation and dialogue with the community through its committees, but needed to actively promote community and business representatives involvement
  • was proposing to re-establish its information management steering committee to oversee its information management capability and capacity
  • had adopted a delegation model that presented additional risks
  • did not ensure its staff were aware of their right to information and information privacy obligations
  • had an information asset register, however it had not identified the information holdings suitable for public release
  • generally managed its publication scheme in accordance with legislative requirements
  • had deficient case management tools that contributed to non-compliant practices
  • used a generic collection notice that did not give enough detail to understand why the council was collecting the personal information and how it would use it
  • had good documented processes and responsibilities in place for storing, accessing and releasing camera surveillance footage however, they did not always align with the Information Privacy Act.

Read the full report here

Media contact: Steve Haigh, Manager Training and Stakeholder Relations