InfoGovANZ

Information Governance Think Tank

InfoGovANZ

2022 Information Awareness Month One Day Seminar

by

This year’s Information Awareness Month One Day Seminar took place at the iconic Institute Building (1861), the first public cultural building in South Australia and was also livestreamed. The theme was “Building Trust in Information” and discussions revolved around facets that we need to trust in order to have trust in information. These included trust in people, process, technology and government. The seminar opened with remarks from Geoff Strempel, Director, State Library of South Australia. As a society we are “drowning in data” and in a knowledge economy IM practitioners are the trustees of information. A huge challenge is the massive data sets that need computers and machine learning to extract patterns and interpretations, but human intellect is still required to assess the outcomes and ultimately arrive at wisdom. ML and AI also raise ethical and privacy dilemmas as technology enable computers to essentially have free reign across the data. […]
Member only content (join now)

NSW AI Assurance Framework

by

All NSW government agencies are required from March 2022 to use the AI Assurance Framework.  The Framework assists project teams using AI to comprehensively analyse and document their projects’ AI specific risks. It also assists teams to implement risk mitigation strategies and establish clear governance and accountability measures. Under the AI Policy and AI Assurance Framework, agencies are required to abide by the following ethical principles: Community benefit – AI should deliver the best outcome for the citizen, and key insights into decision-making. Fairness – use of AI will include safeguards to manage data bias or data quality risks. Privacy and security – AI will include the highest levels of assurance. Transparency – review mechanisms will ensure citizens can question and challenge AI-based outcomes. Accountability – decision-making remains the responsibility of organisations and individuals. View the NSW AI Assurance Framework here.
Member only content (join now)

Consumer Data Right System: New Guides

by

The OAIC has released 8 new guides designed to help businesses understand and comply with their obligations under the Consumer Data Right (CDR) system. The guides outline key privacy obligations concerning: Sponsors and affiliates under a sponsored accreditation model, which allows a person to provide goods or services directly to a consumer The disclosure of insights based on a consumer’s CDR data   Outsourced service providers (OSPs) and principals of OSPs under CDR outsourcing arrangements CDR representatives and principals under the CDR representative model. The CDR Privacy Safeguard Guidelines will be updated to reflect the content of the new guides.
Member only content (join now)

OAIC’s updated guidance on vaccination status and protecting privacy

by

OAIC has updated its guidance on COVID-19: Vaccinations and privacy rights as an employee and Vaccinations: Understanding your privacy obligations to your staff. Key points include: Vaccination status information can only be collected without consent in circumstances where the collection is required or authorised by law (including a state or territory public health order or direction). Only the minimum amount of personal information reasonably necessary to maintain a safe workplace should be collected, used or disclosed. Vaccination status information should only be used or disclosed on a ‘need-to-know’ basis. You must inform employees about how their vaccination status information will be handled. Ensure you take reasonable steps to keep employee vaccination status and related health information secure.
Member only content (join now)

New Zealand’s Privacy Commissioner releases a paper on biometric regulation

by

New Zealand’s Office of the Privacy Commissioner (OPC) has released a position paper setting out how the Privacy Act regulates biometrics.  The increasing role of biometric technologies in the lives of New Zealanders has led to calls for greater regulation of biometrics. In a statement releasing the paper, the OPC said, ‘[it] believes that the privacy principles and the regulatory tools in the Privacy Act are currently sufficient to regulate the use of biometrics from a privacy perspective.’  The paper is intended to inform decision-making about biometrics by all agencies covered by the Privacy Act, in both the public and private sectors. This position paper will be reviewed six months after publication, in consultation with key stakeholders, to assess its impact and whether any further steps are required. Read the OPC’s summary of key issues or the full position paper.
Member only content (join now)

Dr Pietro Brambilla

by

Pietro Brambilla

Dr. Pietro Brambilla heads the Digital Transformation team for Integrity & Legal Affairs within Daimler AG. A lawyer by training, he is a tech enthusiast and digital evangelist. Together with his highly diverse team he drives the development and implementation of the Digitalization and Innovation strategy for Daimler’s Legal, Compliance and Integrity functions since 2018. Pietro also serves as the Business Information Security Officer and the Data Officer for the Integrity & Legal Division within Daimler.

Pietro started his career as a litigator with Daimler in Germany. From 2012 to 2017 he worked in the U.S. where he spearheaded an Information Governance initiative for the region.

Pietro holds a Ph.D. from the University of Konstanz in the area of climate change law.
He has published different articles on innovation and the transformation of the legal sector and its impact on corporate legal departments and is a frequent speaker at industry events.

 

Tell us about yourself?

I was born and raised in Germany to Italian parents, laying the basis of my identity in these two different cultures. I’m a lover of learning and studying. I enjoyed roaming the bookshelves at the library during my years at university. Then came the Internet with its greatest gift - the democratization of information. I feel truly blessed to live in an era where thanks to modern technologies we now have the worlds’ knowledge at our fingertips.

I‘m a father of six with two sets of twins - so there is always a lot of action around the house. In my spare time, you will usually find me playing with my kids, working in the garden or spending time in nature with my family.

 

What led you into the world of Information Governance (IG)?

My early years as a litigator led me into the world of Information Governance especially when I took over more and more of our US litigation docket. You have to know that until the advent of the GDPR in the European Union, Information Governance was not very common in Germany. It was a small group of people that was interested in IG, mainly from companies that had a lot of exposure to Common Law countries. The rest kept hoarding information. I assume it’s my affinity for processes, structure and organization supported by technology that attracted me to this domain and led me to introduce it in my own field of work.

 

Tell us about your current role in IG?

My current role as Head of Digital Transformation is probably not a typical IG role but it touches many aspects of Information Governance, such as knowledge management, data analytics and ediscovery. As Business Information Security Officer I lead the information security strategy for the Integrity & Legal division and provide a bridge between the centralized security function and the business on information security aspects. The Data Officer role involves defining and driving the data strategy for the Legal and Compliance function.

 

What pressures are organizations facing to ensure IG best practices?

I see the pressure coming from three areas in particular:

  • Technology and the speed and rate of change we are experiencing and have to keep up with. We live in an area of exponential technological change that heavily affects the speed at which business has to operate. I like to refer to this as the transition from working at the speed of paper to operating at the speed of (structured) data. And IG has to adapt and support this transition.
  • Dealing with the ever-increasing complexity of the regulatory framework. In addition, technological change often runs ahead of legislation.
  • We are also seeing challenges in the workforce area. Change is a fundamental element of our new reality. The transformation is constant and therefore the need for adoption is permanent. We need to continuously learn new skills and gain new knowledge but we also need to be able to unlearn what is no longer helpful.

 

What are the biggest developments you have seen in the IG?

The traditional records and information management area has evolved to a more multidisciplinary information governance domain that is integrating and merging more and more with the growing area of data governance. This convergence of the area of information with data has led to new ways of working and the emergence of new roles that will continue to develop as technology advances.

 

How have you adapted since COVID-19?

When COVID-19 struck, we basically had to transition overnight to a “remote only” working arrangement and we have been working this way for nearly 20 months. It has required a lot of reflection and change but I’m actually getting used to it and I wouldn’t want to go back to the way it was before. I used to commute at least 90 minutes per day. Apart from the time I’m saving there is also a significant ecological benefit reducing my commutes. As the pandemic begins to ease I’m looking forward to getting back together with my entire team in person but I’m also excited that we now have the opportunity to design a hybrid model that works well for the entire team.

 

Do you have any tips for someone starting out in IG?

I have already mentioned the convergence of information and data as one of the major developments I see in this domain. What I would recommend for somebody starting in IG is to gain what I call “data literacy”. With this, I don’t mean being able to code, but you need to have a general understanding of how information is being processed today and the potential that new technologies offer. I can recommend the HarvardX “Introduction to Digital Humanities” course on the MOOC Platform edX as a good source to increase what I call “data literacy”.
But most importantly, follow your passion and never stop learning.

 

With the rapidly evolving technologies and digital disruption, where do you see IG heading in the next few years?

We live in a time of radical transformation, be it the colossal undertaking of decarbonizing our economy or the digital revolution. The IG industry will not be immune to these dramatic changes. Just picture the increase of digital information across the globe. It has grown nearly 50 fold in 10 years to over 50ZB (zettabytes = 1021 byte) in 2020 and will continue to grow exponentially. We will need new approaches in managing the information lifecycle. Artificial Intelligence will certainly be a key component in this but we will need to be able to understand it and maintain control.

 

Why is it essential to be a member of InfoGovANZ?

I’m a big believer in community building. For me the value of being a member of InfoGovANZ lies in being part of a community of like minded people that are focused on sharing knowledge and creating valuable exchanges. InfoGovANZ is not just a network but a strong community of IG experts and enthusiasts, willing to invest their time and contributing in shaping the future of Information Governance.

Culture of FOI in Victoria

by

The Office of the Victorian Information Commissioner (OVIC) published new research on freedom of information (FOI) culture in Victoria and the importance of proactive and informal release of information. “The release of documents under the FOI Act is not the only way that governments can share information with the public” said Information Commissioner Sven Bluemmel. “Governments can also get on the front foot and proactively release information, without the need for individuals to first make an FOI request.” OVIC strongly encourages all agencies to adopt policies and systems that facilitate the release of information proactively and informally. Proactive transparency will help to build public trust, which will assist governments to address complex policy issues and improve service delivery. Read the key findings here.
Member only content (join now)

Information Access Study

by

Information Access Commissioners and Commonwealth Ombudsman have released the findings of their second cross jurisdictional study of community attitudes on access to government information. The 2021 Information Access Study measures citizens’ awareness of the right to access government information, and their experiences and outcomes in exercising that right. Key findings include: The importance of the right to access information is consistently recognised by respondents in each jurisdiction. The majority of respondents in each jurisdiction were aware that they had the right to access information from government departments/agencies. In general, citizens were able to obtain information successfully in each jurisdiction. Read the statement from the Commissioners or view the research findings here.
Member only content (join now)

2021 Solomon Lecture

by

This year’s Solomon Lecture presented by the Queensland Office of the Information Commissioner featured Professor Beth Simone Noveck on ‘Solving Public Problems with Data’. Professor Noveck’s lecture explores how traditionally, the right to know is rooted in the belief that members of the public should know what their government does in order to hold the government to account, lessen the risk of corruption and shine a light on wasteful and inefficient operations. Beth Simone Noveck discusses how a focus on public problem solving and improving people’s lives changes how we think about data. She discusses specific policy prescriptions for creating a right to know that fosters better government, stronger citizenship and more agile solutions to contemporary challenges. Watch the Solomon Lecture here.
Member only content (join now)

Preventing Digital Harm

by

The World Economic Forum published Pathways to Digital Justice report to address systemic legal and judicial gaps, and help guide law and policy efforts towards combating data-driven harms. This is particularly important with the increase in online activities and digitization of services, which – when misused – can present new types of risk. The white paper, produced in collaboration with an advisory committee consisting of experts from around the world, is intended to guide policy efforts towards combating data-driven harms. The hope is that legal and judicial systems can then evolve to embed redress mechanisms that enable the creation of a data ecosystem which protects individuals and is accountable to them. Read the World Economic Forum statement here or the report.
Member only content (join now)

Urgent action needed over AI risks

by

UN High Commissioner for Human Rights Michelle Bachelet stressed the urgent need for a moratorium on the sale and use of artificial intelligence (AI) systems that pose a serious risk to human rights until adequate safeguards are put in place. She also called for AI applications that cannot be used in compliance with international human rights law to be banned. As part of its work on technology and human rights, the UN Human Rights Office has published a report that analyses how AI – including profiling, automated decision-making and other machine-learning technologies – affects people’s right to privacy and other rights. Read the UN High Commissioner for Human Rights’ statement or report.
Member only content (join now)

Digital Identity Legislation

by

The Australian Government has released an exposure draft of the Digital Identity legislation (the Trusted Digital Identity Bill) to support the expansion of the Australian Government Digital Identity System (the System). The proposed legislation aims to enshrine in law, privacy and consumer safeguards in the System as it expands to include more services and sectors. The legislation also establishes permanent governance arrangements to be guided by principles of independence, transparency and accountability. Feedback is being sought on the draft legislation and the accompanying documents to make sure the System meets the expectations of Australians and Australian businesses. Available on the Digital Identity website: Guide to the Digital Identity legislation Trusted Digital Identity Bill 2021 exposure draft Trusted Digital Identity Framework (TDIF) accreditation rules Trusted Digital Identity rules Regulation Impact Statement (RIS)
Member only content (join now)

InfoGovANZ releases the Information Governance Primer

by

Susan Bennett, Executive Director of Australian based think tank, Information Governance ANZ (InfoGovANZ), is delighted to launch the Information Governance Primer, which provides a wide-ranging overview on the fundamentals of good information governance.

In today’s digital environment, the growing number and complexity of challenges associated with data and information have outpaced traditional information and records management practices.  The Information Governance Primer address these challenges by providing a guide to developing a holistic enterprise-wide system to mitigate risks and maximise opportunities.

“The COVID-19 pandemic has highlighted the importance of access to accurate and real-time data for decision-making by senior executives and boards, access and reliability of organisational systems and information for employees to carry out day-to-day work and for decision-making at all levels throughout the organisation and information security and the increasing cyber risks arising from working remotely and the increasing use and reliance on third-party platforms and software.”

The Information Governance Primer was developed to address these unfolding issues and provide practical guidance in how organisations can implement robust governance to mitigate risks. It assists professionals to develop a well-executed IG framework and program, with appropriate leadership to deliver effective security and control of data and information by reducing costs of holding information and maximising the value of information held by the organisation.

The Information Governance Primer not only articulates persuasively the rationale for implementing good information governance, but aims to equip IG practitioners with the knowledge required to build and improve information governance across a range of organisation types including government, corporates and not-for-profits.

Ms Bennett explained, “InfoGovANZ’s mission to build the knowledge of IG, best practices and innovation led to the development of the Information Governance Primer which addresses the critical issues and challenges the IG community faces in creating and deploying effective governance”.

The Information Governance Primer provides a general overview of information governance, covering a range of important factors including the key drivers of IG, benefits of successful IG implementation, an outline of IG models and frameworks plus the role of IG leadership in establishing robust information governance.

The Information Governance Primer is free for InfoGovANZ members and is available here. New InfoGovANZ members receive a free copy when they join. Find out more about membership, including a range of benefits here.

Richard Kessler

by

Richard P. Kessler, CEO of Classifi and member of the InfoGovANZ International Council, is a pioneer in the fields of information governance, data governance, legal operations, eDiscovery and infonomics.  As the CEO of Classifi, Richard leads with a vison focused on bringing innovative solutions to complex data challenges.

Prior to taking the leadership role at Classifi, Richard was a Director at KPMG in Cyber Security Strategy and Governance as part of the U.S. Information Governance and Privacy practice.  In this role, Richard created the Data Value Model innovation comprising the ideation, design, development, expansion, and integration across multiple data and information disciplines.  Richard was pivotal in orchestrating integration of governance across pillars leading to a new way of thinking about data.

Richard fostered a great many of his ideas as an innovator and inventor during his 25+ years of experience in the global financial services industry with Citigroup and UBS, as a Vice President and Executive Director, respectively.  He developed and implemented frameworks to address information lifecycle governance, eDiscovery, cyber security and privacy requirements to address highly complex and dynamic regulatory and business environments.  Richard assumed senior leadership roles in Architecture and Technology Engineering; Group Information Security; IT, Contracting and Shared Services Legal; and Legal & Compliance Systems and Strategic Planning.

You can read more of Richard's articles here.

 

Tell us about yourself?

A driving force in my life is to make a noticeable, positive impact on society - one person at a time, in any way I can. It's what drives me personally and professionally. My business role aligns well: I'm currently serving as the CEO and co-founder of Classifi, a startup based in Omaha, Nebraska, in the United States. Together with my team, we’re building Classifi into a new type of technology company, which moves fast 'enough,' is mindful of 'breaking things,' and keeps the individual and their rights front and center.

 

What led you into the world of Information Governance (IG)?

In 2001, I became responsible for leading the technology infrastructure recovery of 7 World Trade Center for a particular Citigroup business, where we necessarily had to develop a new and holistic view of enterprise data requirements spanning multiple perspectives effectively overnight. Building on that experience, I held roles in records management, eDiscovery, data architecture, ESI consulting, and other complementary fields over the next 5-10 years. These roles prepared me well for a global position leading Information Governance at UBS, followed by a role in Cyber Security, Privacy, and IG at KPMG and, ultimately, for my current role in developing Classifi. I accelerated my learning by participating in numerous IG conferences, forums, and events over the last 20 years. I found that I assimilate new information much faster by working with industry experts in their specific fields – by speaking with them or presenting with them to teach others, for example – and I've been privileged throughout my career to be surrounded by some very accomplished subject matter experts.

 

Tell us about your current role in IG?

We're currently working on a new platform that will enable business leaders and business developers to identify hidden, new sources of revenue from their own data and - more importantly - what's available to them in other places, such as publicly available data streams and data available to them through their supply chain. This platform will facilitate unprecedented data transparency and collaboration and provide a holistic view of risk and value scoring of enterprise data assets at scale in near real-time. Among other perspectives, it requires an IG-type approach that considers the business needs of all data users, coupled to accelerate digital transformation.

 

What pressures are organizations facing to ensure IG best practices?

In addition to data volume problems, organizations have massive data quality problems; in particular, obtaining data that is accurate, trustworthy, and timely seems to be getting more complex instead of more straightforward. Organizations continue to needlessly stockpile data without understanding its meaning, context, value, risk, and level of trust, hoping that "someday it will be valuable." Would you purposely fill up your pantry with old, half-eaten food that is past its shelf life? Of course not, but that is what organizations are doing with their data. The tragedy is that identifying and getting access to clean and reliable data is exacerbated by poor data management and information governance practices coupled with the more hands-off approach of data in the cloud and places other than in their directly controlled systems. Unfortunately, this is nothing new; however, this problem extends far beyond a particular organization's data swamps to the sum of all data they may rely on, regardless of where it resides. For example, if the organization makes growth decisions based on outdated information, they create unnecessary expenditures, leading to wasteful, misdirected investment and opportunity costs.

 

What are the biggest developments you have seen in the IG?

Current IG and data management innovations are being propelled by the realization that value-driven insights require curated data assets from the data supply chain at scale. If organizations want to stay competitive, they must act quickly to level up their data management, IG, and digital transformation capabilities or risk becoming irrelevant.

 

How have you adapted your career and/or since COVID-19?

Our firm is a work-from-anywhere organization. We've built it from the ground up during Covid (founded in September 2020!) to cultivate, appreciate, and reward individuals regardless of their location and role.

 

What is a fun fact about yourself?

I'm a certified PADI scuba diver and have dived off the coast of Florida and Mexico. Although I can't wait to go scuba diving again, given the challenges with international travel, and sharing equipment during Covid, I've decided to learn how to fly planes. It's a skill set that is computer simulation-friendly, so I can do it from home and "virtually" see new places and can help obtain a pilot's license in the future.

 

Is there anything you would do differently if you were starting your career now?

I'd be conscious of mentoring more people, and especially many more women, to drive more diversity in our industry. I'd want to have 3-5 years in a role as a data scientist and, separately, 3-5 years as a data engineer. There is nothing like working in a particular role to glean the necessary experiences and insights to have an in-depth understanding! I have deep appreciation and admiration for those skill sets, amongst many others.
9. Do you have any tips for someone starting in IG?
Focus on one discipline at a time and immerse yourself fully in it. Listen to the experts. Build an extensive checklist for yourself that summarizes everything you've learned. Do this five times over five years with five IG fields. This approach will significantly expand your vision and breadth of knowledge. Try to find a single employer that will give you such freedom (Citigroup was very kind to me – every two to three years, I changed roles but remained at the same company). Listen more than you speak. There is almost always something to learn from everyone around you. Always try to be kind and patient with folks, and they will be happy to teach you continually. Pay forward the kindness and mentorship you receive.

 

With the rapidly evolving technologies and digital disruption, where do you see IG heading in the next few years?

IG must evolve beyond a risk-focused lens to stay relevant and shift to become a value-driven field that completely integrates risk but doesn't lead with it. IG may be assimilated into new digital transformation strategies that keep the individual human at the forefront of command and control, not the AI, and that truly minimizes the overcollection and retention of worthless data. IG practices need to counter the pure profit-driven handover of our futures to such AI.

 

Why is it essential to be a member of InfoGovANZ?

I find InfoGovANZ to be one of the best forums to become focused and knowledgeable about leading practices and collaborate on how to best approach global information governance innovation. It's also a great forum to learn from IG experts and insights spanning many industries and roles.

OAIC Data Breach Notification Report

by

The Office of the Australian Information Commissioner’s (OAIC) latest Notifiable Data Breaches Report highlights how OAIC expects entities to prevent and respond to data breaches caused by ransomware and impersonation fraud. The OAIC received 446 data breach notifications from January to June 2021, with 43% of these breaches resulting from cyber security incidents. Data breaches arising from ransomware incidents increased by 24%, from 37 notifications in the last reporting period to 46. Read the latest report here.
Member only content (join now)

Response to Tune Review

by

The Australian Government has agreed or agreed in principle to all 20 recommendations made by the Functional and Efficiency Review of the National Archives of Australia(NAA) referred to as the Tune Review. While the Tune Review recommended a proposed Government Information Management Model (GIMM), where records management across government would be centralised to the NAA, the Government intends as the first step to convene a committee to drive efficiencies and improvements in the short to medium term. Read the Tune review and the Government’s response.
Member only content (join now)

OVIC Guidance on Collaboration Tools

by

The rise of flexible working arrangements means that collaboration tools, such as videoconferencing and instant messaging tools, as well as cloud-based document creation and sharing services, are increasingly essential to facilitate collaboration. The Office of the Victorian Information Commissioner has provided guidance to assist organisations to consider their privacy obligations when implementing and using collaboration tools, plus information security and record-keeping considerations. Read the Guidance here.
Member only content (join now)

National COVID-19 Privacy Principles

by

The Office of the Australian Information Commissioner and State and Territory privacy commissioners have produced universal privacy principles to support a nationally consistent approach to solutions and initiatives designed to address the ongoing risks related to the COVID-19 pandemic. These high-level principles provide a framework to guide a best practice approach to the handling of personal information during the pandemic by government and business. Read the Principles here.
Member only content (join now)

Report into delay in Victorian FOI decisions

by

The Victorian Information Commissioner’s report into the delay in disclosure of government documents under the Freedom of Information Act 1982 (Vic) was recently tabled in the Victorian Parliament.  Between 2015 and 2020, the proportion of FOI decisions made on time in Victoria declined from 95% to 79%. The investigation examined the extent and causes of delay at agencies,  which included resourcing issues, process, technology, culture, communication and the impact of the COVID-19 pandemic. Read the report here.
Member only content (join now)

Protection of Personal Information in Universities

by

The protection of information by universities has come under focus in recent years as a number of Australian universities have been subject to cybersecurity attacks. These attacks highlight the risks of data breaches and the potential impact on students, staff, and research participants. This led to the Office of the Victorian Information Commissioner (OVIC) examining the policies and procedures that Victorian universities have implemented to protect the personal information that they hold from loss and misuse. The Victorian Information Commissioner released its report on  the Examination of Victorian universities’ privacy and security policies report on 29 June 2021 (report).   The findings included that not all universities have clear policies and procedures to guide staff to destroy personal information when it is no longer needed, and some do not have written guidance about sharing personal information with third parties to support staff to consider information security risks. The Victorian Information Commissioner, […]
Member only content (join now)