OAIC has updated its guidance on COVID-19: Vaccinations and privacy rights as an employee and Vaccinations: Understanding your privacy obligations to your staff. Key points include: Vaccination status information can only be collected without consent in circumstances where the collection is required or authorised by law (including a state or territory public health order or direction). Only the minimum amount of personal information reasonably necessary to maintain a safe workplace should be collected, used or disclosed. Vaccination status information should only be used or disclosed on a ‘need-to-know’ basis. You must inform employees about how their vaccination status information will be handled. Ensure you take reasonable steps to keep employee vaccination status and related health information secure.
New Zealand’s Privacy Commissioner releases a paper on biometric regulation
New Zealand’s Office of the Privacy Commissioner (OPC) has released a position paper setting out how the Privacy Act regulates biometrics. The increasing role of biometric technologies in the lives of New Zealanders has led to calls for greater regulation of biometrics. In a statement releasing the paper, the OPC said, ‘[it] believes that the privacy principles and the regulatory tools in the Privacy Act are currently sufficient to regulate the use of biometrics from a privacy perspective.’ The paper is intended to inform decision-making about biometrics by all agencies covered by the Privacy Act, in both the public and private sectors. This position paper will be reviewed six months after publication, in consultation with key stakeholders, to assess its impact and whether any further steps are required. Read the OPC’s summary of key issues or the full position paper.
Dr Pietro Brambilla
Dr. Pietro Brambilla heads the Digital Transformation team for Integrity & Legal Affairs within Daimler AG. A lawyer by training, he is a tech enthusiast and digital evangelist. Together with his highly diverse team he drives the development and implementation of the Digitalization and Innovation strategy for Daimler’s Legal, Compliance and Integrity functions since 2018. Pietro also serves as the Business Information Security Officer and the Data Officer for the Integrity & Legal Division within Daimler.
Pietro started his career as a litigator with Daimler in Germany. From 2012 to 2017 he worked in the U.S. where he spearheaded an Information Governance initiative for the region.
Pietro holds a Ph.D. from the University of Konstanz in the area of climate change law.
He has published different articles on innovation and the transformation of the legal sector and its impact on corporate legal departments and is a frequent speaker at industry events.
Tell us about yourself?
I was born and raised in Germany to Italian parents, laying the basis of my identity in these two different cultures. I’m a lover of learning and studying. I enjoyed roaming the bookshelves at the library during my years at university. Then came the Internet with its greatest gift - the democratization of information. I feel truly blessed to live in an era where thanks to modern technologies we now have the worlds’ knowledge at our fingertips.
I‘m a father of six with two sets of twins - so there is always a lot of action around the house. In my spare time, you will usually find me playing with my kids, working in the garden or spending time in nature with my family.
What led you into the world of Information Governance (IG)?
My early years as a litigator led me into the world of Information Governance especially when I took over more and more of our US litigation docket. You have to know that until the advent of the GDPR in the European Union, Information Governance was not very common in Germany. It was a small group of people that was interested in IG, mainly from companies that had a lot of exposure to Common Law countries. The rest kept hoarding information. I assume it’s my affinity for processes, structure and organization supported by technology that attracted me to this domain and led me to introduce it in my own field of work.
Tell us about your current role in IG?
My current role as Head of Digital Transformation is probably not a typical IG role but it touches many aspects of Information Governance, such as knowledge management, data analytics and ediscovery. As Business Information Security Officer I lead the information security strategy for the Integrity & Legal division and provide a bridge between the centralized security function and the business on information security aspects. The Data Officer role involves defining and driving the data strategy for the Legal and Compliance function.
What pressures are organizations facing to ensure IG best practices?
I see the pressure coming from three areas in particular:
- Technology and the speed and rate of change we are experiencing and have to keep up with. We live in an area of exponential technological change that heavily affects the speed at which business has to operate. I like to refer to this as the transition from working at the speed of paper to operating at the speed of (structured) data. And IG has to adapt and support this transition.
- Dealing with the ever-increasing complexity of the regulatory framework. In addition, technological change often runs ahead of legislation.
- We are also seeing challenges in the workforce area. Change is a fundamental element of our new reality. The transformation is constant and therefore the need for adoption is permanent. We need to continuously learn new skills and gain new knowledge but we also need to be able to unlearn what is no longer helpful.
What are the biggest developments you have seen in the IG?
The traditional records and information management area has evolved to a more multidisciplinary information governance domain that is integrating and merging more and more with the growing area of data governance. This convergence of the area of information with data has led to new ways of working and the emergence of new roles that will continue to develop as technology advances.
How have you adapted since COVID-19?
When COVID-19 struck, we basically had to transition overnight to a “remote only” working arrangement and we have been working this way for nearly 20 months. It has required a lot of reflection and change but I’m actually getting used to it and I wouldn’t want to go back to the way it was before. I used to commute at least 90 minutes per day. Apart from the time I’m saving there is also a significant ecological benefit reducing my commutes. As the pandemic begins to ease I’m looking forward to getting back together with my entire team in person but I’m also excited that we now have the opportunity to design a hybrid model that works well for the entire team.
Do you have any tips for someone starting out in IG?
I have already mentioned the convergence of information and data as one of the major developments I see in this domain. What I would recommend for somebody starting in IG is to gain what I call “data literacy”. With this, I don’t mean being able to code, but you need to have a general understanding of how information is being processed today and the potential that new technologies offer. I can recommend the HarvardX “Introduction to Digital Humanities” course on the MOOC Platform edX as a good source to increase what I call “data literacy”.
But most importantly, follow your passion and never stop learning.
With the rapidly evolving technologies and digital disruption, where do you see IG heading in the next few years?
We live in a time of radical transformation, be it the colossal undertaking of decarbonizing our economy or the digital revolution. The IG industry will not be immune to these dramatic changes. Just picture the increase of digital information across the globe. It has grown nearly 50 fold in 10 years to over 50ZB (zettabytes = 1021 byte) in 2020 and will continue to grow exponentially. We will need new approaches in managing the information lifecycle. Artificial Intelligence will certainly be a key component in this but we will need to be able to understand it and maintain control.
Why is it essential to be a member of InfoGovANZ?
I’m a big believer in community building. For me the value of being a member of InfoGovANZ lies in being part of a community of like minded people that are focused on sharing knowledge and creating valuable exchanges. InfoGovANZ is not just a network but a strong community of IG experts and enthusiasts, willing to invest their time and contributing in shaping the future of Information Governance.
Culture of FOI in Victoria
The Office of the Victorian Information Commissioner (OVIC) published new research on freedom of information (FOI) culture in Victoria and the importance of proactive and informal release of information. “The release of documents under the FOI Act is not the only way that governments can share information with the public” said Information Commissioner Sven Bluemmel. “Governments can also get on the front foot and proactively release information, without the need for individuals to first make an FOI request.” OVIC strongly encourages all agencies to adopt policies and systems that facilitate the release of information proactively and informally. Proactive transparency will help to build public trust, which will assist governments to address complex policy issues and improve service delivery. Read the key findings here.
Information Access Study
Information Access Commissioners and Commonwealth Ombudsman have released the findings of their second cross jurisdictional study of community attitudes on access to government information. The 2021 Information Access Study measures citizens’ awareness of the right to access government information, and their experiences and outcomes in exercising that right. Key findings include: The importance of the right to access information is consistently recognised by respondents in each jurisdiction. The majority of respondents in each jurisdiction were aware that they had the right to access information from government departments/agencies. In general, citizens were able to obtain information successfully in each jurisdiction. Read the statement from the Commissioners or view the research findings here.
2021 Solomon Lecture
This year’s Solomon Lecture presented by the Queensland Office of the Information Commissioner featured Professor Beth Simone Noveck on ‘Solving Public Problems with Data’. Professor Noveck’s lecture explores how traditionally, the right to know is rooted in the belief that members of the public should know what their government does in order to hold the government to account, lessen the risk of corruption and shine a light on wasteful and inefficient operations. Beth Simone Noveck discusses how a focus on public problem solving and improving people’s lives changes how we think about data. She discusses specific policy prescriptions for creating a right to know that fosters better government, stronger citizenship and more agile solutions to contemporary challenges. Watch the Solomon Lecture here.
Preventing Digital Harm
The World Economic Forum published Pathways to Digital Justice report to address systemic legal and judicial gaps, and help guide law and policy efforts towards combating data-driven harms. This is particularly important with the increase in online activities and digitization of services, which – when misused – can present new types of risk. The white paper, produced in collaboration with an advisory committee consisting of experts from around the world, is intended to guide policy efforts towards combating data-driven harms. The hope is that legal and judicial systems can then evolve to embed redress mechanisms that enable the creation of a data ecosystem which protects individuals and is accountable to them. Read the World Economic Forum statement here or the report.
Urgent action needed over AI risks
UN High Commissioner for Human Rights Michelle Bachelet stressed the urgent need for a moratorium on the sale and use of artificial intelligence (AI) systems that pose a serious risk to human rights until adequate safeguards are put in place. She also called for AI applications that cannot be used in compliance with international human rights law to be banned. As part of its work on technology and human rights, the UN Human Rights Office has published a report that analyses how AI – including profiling, automated decision-making and other machine-learning technologies – affects people’s right to privacy and other rights. Read the UN High Commissioner for Human Rights’ statement or report.
Digital Identity Legislation
The Australian Government has released an exposure draft of the Digital Identity legislation (the Trusted Digital Identity Bill) to support the expansion of the Australian Government Digital Identity System (the System). The proposed legislation aims to enshrine in law, privacy and consumer safeguards in the System as it expands to include more services and sectors. The legislation also establishes permanent governance arrangements to be guided by principles of independence, transparency and accountability. Feedback is being sought on the draft legislation and the accompanying documents to make sure the System meets the expectations of Australians and Australian businesses. Available on the Digital Identity website: Guide to the Digital Identity legislation Trusted Digital Identity Bill 2021 exposure draft Trusted Digital Identity Framework (TDIF) accreditation rules Trusted Digital Identity rules Regulation Impact Statement (RIS)
InfoGovANZ releases the Information Governance Primer
Susan Bennett, Executive Director of Australian based think tank, Information Governance ANZ (InfoGovANZ), is delighted to launch the Information Governance Primer, which provides a wide-ranging overview on the fundamentals of good information governance.
In today’s digital environment, the growing number and complexity of challenges associated with data and information have outpaced traditional information and records management practices. The Information Governance Primer address these challenges by providing a guide to developing a holistic enterprise-wide system to mitigate risks and maximise opportunities.
“The COVID-19 pandemic has highlighted the importance of access to accurate and real-time data for decision-making by senior executives and boards, access and reliability of organisational systems and information for employees to carry out day-to-day work and for decision-making at all levels throughout the organisation and information security and the increasing cyber risks arising from working remotely and the increasing use and reliance on third-party platforms and software.”
The Information Governance Primer was developed to address these unfolding issues and provide practical guidance in how organisations can implement robust governance to mitigate risks. It assists professionals to develop a well-executed IG framework and program, with appropriate leadership to deliver effective security and control of data and information by reducing costs of holding information and maximising the value of information held by the organisation.
The Information Governance Primer not only articulates persuasively the rationale for implementing good information governance, but aims to equip IG practitioners with the knowledge required to build and improve information governance across a range of organisation types including government, corporates and not-for-profits.
Ms Bennett explained, “InfoGovANZ’s mission to build the knowledge of IG, best practices and innovation led to the development of the Information Governance Primer which addresses the critical issues and challenges the IG community faces in creating and deploying effective governance”.
The Information Governance Primer provides a general overview of information governance, covering a range of important factors including the key drivers of IG, benefits of successful IG implementation, an outline of IG models and frameworks plus the role of IG leadership in establishing robust information governance.
The Information Governance Primer is free for InfoGovANZ members and is available here. New InfoGovANZ members receive a free copy when they join. Find out more about membership, including a range of benefits here.
Richard Kessler
Richard P. Kessler, CEO of Classifi and member of the InfoGovANZ International Council, is a pioneer in the fields of information governance, data governance, legal operations, eDiscovery and infonomics. As the CEO of Classifi, Richard leads with a vison focused on bringing innovative solutions to complex data challenges.
Prior to taking the leadership role at Classifi, Richard was a Director at KPMG in Cyber Security Strategy and Governance as part of the U.S. Information Governance and Privacy practice. In this role, Richard created the Data Value Model innovation comprising the ideation, design, development, expansion, and integration across multiple data and information disciplines. Richard was pivotal in orchestrating integration of governance across pillars leading to a new way of thinking about data.
Richard fostered a great many of his ideas as an innovator and inventor during his 25+ years of experience in the global financial services industry with Citigroup and UBS, as a Vice President and Executive Director, respectively. He developed and implemented frameworks to address information lifecycle governance, eDiscovery, cyber security and privacy requirements to address highly complex and dynamic regulatory and business environments. Richard assumed senior leadership roles in Architecture and Technology Engineering; Group Information Security; IT, Contracting and Shared Services Legal; and Legal & Compliance Systems and Strategic Planning.
You can read more of Richard's articles here.
Tell us about yourself?
A driving force in my life is to make a noticeable, positive impact on society - one person at a time, in any way I can. It's what drives me personally and professionally. My business role aligns well: I'm currently serving as the CEO and co-founder of Classifi, a startup based in Omaha, Nebraska, in the United States. Together with my team, we’re building Classifi into a new type of technology company, which moves fast 'enough,' is mindful of 'breaking things,' and keeps the individual and their rights front and center.
What led you into the world of Information Governance (IG)?
In 2001, I became responsible for leading the technology infrastructure recovery of 7 World Trade Center for a particular Citigroup business, where we necessarily had to develop a new and holistic view of enterprise data requirements spanning multiple perspectives effectively overnight. Building on that experience, I held roles in records management, eDiscovery, data architecture, ESI consulting, and other complementary fields over the next 5-10 years. These roles prepared me well for a global position leading Information Governance at UBS, followed by a role in Cyber Security, Privacy, and IG at KPMG and, ultimately, for my current role in developing Classifi. I accelerated my learning by participating in numerous IG conferences, forums, and events over the last 20 years. I found that I assimilate new information much faster by working with industry experts in their specific fields – by speaking with them or presenting with them to teach others, for example – and I've been privileged throughout my career to be surrounded by some very accomplished subject matter experts.
Tell us about your current role in IG?
We're currently working on a new platform that will enable business leaders and business developers to identify hidden, new sources of revenue from their own data and - more importantly - what's available to them in other places, such as publicly available data streams and data available to them through their supply chain. This platform will facilitate unprecedented data transparency and collaboration and provide a holistic view of risk and value scoring of enterprise data assets at scale in near real-time. Among other perspectives, it requires an IG-type approach that considers the business needs of all data users, coupled to accelerate digital transformation.
What pressures are organizations facing to ensure IG best practices?
In addition to data volume problems, organizations have massive data quality problems; in particular, obtaining data that is accurate, trustworthy, and timely seems to be getting more complex instead of more straightforward. Organizations continue to needlessly stockpile data without understanding its meaning, context, value, risk, and level of trust, hoping that "someday it will be valuable." Would you purposely fill up your pantry with old, half-eaten food that is past its shelf life? Of course not, but that is what organizations are doing with their data. The tragedy is that identifying and getting access to clean and reliable data is exacerbated by poor data management and information governance practices coupled with the more hands-off approach of data in the cloud and places other than in their directly controlled systems. Unfortunately, this is nothing new; however, this problem extends far beyond a particular organization's data swamps to the sum of all data they may rely on, regardless of where it resides. For example, if the organization makes growth decisions based on outdated information, they create unnecessary expenditures, leading to wasteful, misdirected investment and opportunity costs.
What are the biggest developments you have seen in the IG?
Current IG and data management innovations are being propelled by the realization that value-driven insights require curated data assets from the data supply chain at scale. If organizations want to stay competitive, they must act quickly to level up their data management, IG, and digital transformation capabilities or risk becoming irrelevant.
How have you adapted your career and/or since COVID-19?
Our firm is a work-from-anywhere organization. We've built it from the ground up during Covid (founded in September 2020!) to cultivate, appreciate, and reward individuals regardless of their location and role.
What is a fun fact about yourself?
I'm a certified PADI scuba diver and have dived off the coast of Florida and Mexico. Although I can't wait to go scuba diving again, given the challenges with international travel, and sharing equipment during Covid, I've decided to learn how to fly planes. It's a skill set that is computer simulation-friendly, so I can do it from home and "virtually" see new places and can help obtain a pilot's license in the future.
Is there anything you would do differently if you were starting your career now?
I'd be conscious of mentoring more people, and especially many more women, to drive more diversity in our industry. I'd want to have 3-5 years in a role as a data scientist and, separately, 3-5 years as a data engineer. There is nothing like working in a particular role to glean the necessary experiences and insights to have an in-depth understanding! I have deep appreciation and admiration for those skill sets, amongst many others.
9. Do you have any tips for someone starting in IG?
Focus on one discipline at a time and immerse yourself fully in it. Listen to the experts. Build an extensive checklist for yourself that summarizes everything you've learned. Do this five times over five years with five IG fields. This approach will significantly expand your vision and breadth of knowledge. Try to find a single employer that will give you such freedom (Citigroup was very kind to me – every two to three years, I changed roles but remained at the same company). Listen more than you speak. There is almost always something to learn from everyone around you. Always try to be kind and patient with folks, and they will be happy to teach you continually. Pay forward the kindness and mentorship you receive.
With the rapidly evolving technologies and digital disruption, where do you see IG heading in the next few years?
IG must evolve beyond a risk-focused lens to stay relevant and shift to become a value-driven field that completely integrates risk but doesn't lead with it. IG may be assimilated into new digital transformation strategies that keep the individual human at the forefront of command and control, not the AI, and that truly minimizes the overcollection and retention of worthless data. IG practices need to counter the pure profit-driven handover of our futures to such AI.
Why is it essential to be a member of InfoGovANZ?
I find InfoGovANZ to be one of the best forums to become focused and knowledgeable about leading practices and collaborate on how to best approach global information governance innovation. It's also a great forum to learn from IG experts and insights spanning many industries and roles.
OAIC Data Breach Notification Report
The Office of the Australian Information Commissioner’s (OAIC) latest Notifiable Data Breaches Report highlights how OAIC expects entities to prevent and respond to data breaches caused by ransomware and impersonation fraud. The OAIC received 446 data breach notifications from January to June 2021, with 43% of these breaches resulting from cyber security incidents. Data breaches arising from ransomware incidents increased by 24%, from 37 notifications in the last reporting period to 46. Read the latest report here.
Response to Tune Review
The Australian Government has agreed or agreed in principle to all 20 recommendations made by the Functional and Efficiency Review of the National Archives of Australia(NAA) referred to as the Tune Review. While the Tune Review recommended a proposed Government Information Management Model (GIMM), where records management across government would be centralised to the NAA, the Government intends as the first step to convene a committee to drive efficiencies and improvements in the short to medium term. Read the Tune review and the Government’s response.
OVIC Guidance on Collaboration Tools
The rise of flexible working arrangements means that collaboration tools, such as videoconferencing and instant messaging tools, as well as cloud-based document creation and sharing services, are increasingly essential to facilitate collaboration. The Office of the Victorian Information Commissioner has provided guidance to assist organisations to consider their privacy obligations when implementing and using collaboration tools, plus information security and record-keeping considerations. Read the Guidance here.
National COVID-19 Privacy Principles
The Office of the Australian Information Commissioner and State and Territory privacy commissioners have produced universal privacy principles to support a nationally consistent approach to solutions and initiatives designed to address the ongoing risks related to the COVID-19 pandemic. These high-level principles provide a framework to guide a best practice approach to the handling of personal information during the pandemic by government and business. Read the Principles here.
Report into delay in Victorian FOI decisions
The Victorian Information Commissioner’s report into the delay in disclosure of government documents under the Freedom of Information Act 1982 (Vic) was recently tabled in the Victorian Parliament. Between 2015 and 2020, the proportion of FOI decisions made on time in Victoria declined from 95% to 79%. The investigation examined the extent and causes of delay at agencies, which included resourcing issues, process, technology, culture, communication and the impact of the COVID-19 pandemic. Read the report here.
Protection of Personal Information in Universities
The protection of information by universities has come under focus in recent years as a number of Australian universities have been subject to cybersecurity attacks. These attacks highlight the risks of data breaches and the potential impact on students, staff, and research participants. This led to the Office of the Victorian Information Commissioner (OVIC) examining the policies and procedures that Victorian universities have implemented to protect the personal information that they hold from loss and misuse. The Victorian Information Commissioner released its report on the Examination of Victorian universities’ privacy and security policies report on 29 June 2021 (report). The findings included that not all universities have clear policies and procedures to guide staff to destroy personal information when it is no longer needed, and some do not have written guidance about sharing personal information with third parties to support staff to consider information security risks. The Victorian Information Commissioner, […]
Carol Feuerriegel
Carol Feuerriegel is a member of the InfoGovANZ International Council, Intel Leader and Group Manager of Enterprise Information and Knowledge for Inland Revenue NZ. She is an expert in information management practice with extensive experience working with Australian and New Zealand organisations as their lead on enterprise information management, information governance and enterprise information architecture.
Carol’s experience spans both public and private sector industries including higher education, local government, engineering & project management, health & medicine, banking & financial services, law, energy and transportation.
Carol holds Master’s degrees in Information Management and in Information Architecture, with Bachelor’s degrees in Library and Information Science, and an Honours degree in Sociology.
Carol is currently completing doctoral research with Victoria University of Wellington in the area of Information Governance, Privacy and Decision-making with a research focus on understanding the relationships between information governance as a component of corporate governance and the data and information required to enable robust delegated decision-making in large organisations.
Tell us about yourself?
I am a dual citizen of Australia and New Zealand and I currently live in regional South Australia and work full-time remotely in New Zealand.
I started work in libraries not long after I left school. I completed an undergraduate degree with Honours in Library and Information Science and worked in a range of public, private, and academic libraries. I became involved in corporate information management and records management when I started working for a mining company during the resources boom and subsequently completed a Master of Information Management. After working as an Enterprise Information Architect and Information Governance Manager at Queensland Rail, I followed up with a Master of Information Architecture a few years later. Along the way I also completed the ARMA Information Governance Professional certification (IGP).
What led you into the world of Information Governance (IG)?
I have worked in a variety of roles in a variety of different industries and organisations in my career. I love the flexibility I have as an information professional, but I also realize the reason my skills are sought-after is because organisations in every industry are struggling with the same issues - How to maximise the value of data and information while minimizing the risks. Responsible and effective information management is an uphill battle unless there are foundational elements in place that enable an organisation to understand what data and information they create, store, and use and there are the right mechanisms in place to make informed decisions about its management – without these foundations it is a losing battle. I don’t like to lose! So, I started to research and develop the IG tools I needed to do my job well. This included defining the key enabling capabilities that organisations need to have in place, what instruments they need to effectively govern data and information, and what accountabilities and decision rights are needed to enable the right actions to be taken.
Tell us about your current role in IG?
My current role is the Intelligence Leader for Enterprise Information and Knowledge (Kaihautū Mōhiotanga in te reo Maori) with Inland Revenue New Zealand (IR). IR has about 5000 staff in locations across New Zealand. Every citizen or resident of New Zealand is a customer of Inland Revenue. In addition to being the primary revenue agency for the NZ government, IR also administer social policy programs such as Child Support, Student Loans and Kiwsaver (the kiwi version of superannuation). I have been with IR for about three years reporting to the Deputy Commissioner for Information and Intelligence Services. I have a few different teams reporting to me – Information Governance, Information & Knowledge Management (which includes records management) and Information Sharing. In December 2021, the Digital Content Management team which manages IR’s web sites and online tax system will also join us. I lead a wonderful and diverse bunch of information professionals who very ably manage operational information management processes for Inland Revenue while I focus on information strategy and on building our information governance capability.
What pressures are organisations facing to ensure IG best practices?
Modern organisations are facing enormous pressures these days. There is significantly more information in our landscape and it’s no longer captured in old-style information systems. ‘Old-style’ in the sense that the data being captured is structured or semi structured and therefore easier to manage. Many of the systems corporate and public service entities now use are democratised – employees have a lot more freedom to capture and create information and save it onto corporate infrastructure through collaborative technologies. The introduction of social computing like M365 into the business landscape has also meant that organisations not only have to manage the information that their employees are creating in their formal IT systems as part of business processes; they must also maintain oversight over collaboration spaces and ad-hoc online conversations. This means they must focus on building information capability and awareness in their employees through training, education and experiential learning programmes, so their employees know how to ‘do the right thing’ with the organisation’s data and their customer’s information.
The range of data, information, and knowledge that organisations are accountable for is huge and the governance issues are equally huge – and multi-dimensional. They range from the basic supply and quality issues that every organisation must address to get the ‘right information to the right people at the right time, and the whole-of-lifecycle activities which ensure that the organisation’s information environment isn’t complex and bloated with redundant and out-of-date information, to the dynamic challenges of data protection and information ethics. Responding to these pressures requires robust foundational IM capability; and answering the emerging questions around the responsible uses of data and information requires strategic thinking and mature future-focused information governance. There is a huge opportunity for information governance practitioners to deliver real value and make a significant contribution by building their organisation’s information governance muscle.
How have you adapted your career since COVID 19?
All my previous qualifications I have completed remotely via distance learning through Charles Sturt University (NSW) while working full time– so working remotely as I do now is actually ‘my happy place’! However, in 2016 I was thrilled to join the PhD Programme at Victoria University in Wellington ‘in person’, where my research focus has been on developing an enterprise Information Governance framework and the tools needed to support effective information governance. Unfortunately, COVID and family commitments have made ‘in person’ participation impossible, but I am continuing with my research from South Australia, working with some very talented people (Doug Lambert and the IG team) at Inland Revenue to road-test the thinking and the tools in the real world which has enriched and accelerated my research enormously.
With the rapidly evolving technologies and digital disruption, where do you see IG heading in the next few years?
What experience has taught me is that with the right Information Governance tools in place an organisation is no longer perpetually in crisis mode, responding to spot-fires like security breaches or compliance failures, with inadequate understanding of either their business opportunities or their risk position. Technological change is a given so organisations need to be able to adapt in response to these changes but to also understand the principles they need to adhere to ensure they can realize value without creating unacceptable risk. Information governance is fundamental to effective corporate governance and social responsibility which requires a clear line of sight for ownership and accountability of the information assets and practices supporting the business and shaping business decisions. A robust IG framework enables an organisation to respond to changes in the external environment in a deliberate way. Emerging issues like privacy, consumer and indigenous data rights, and information ethics (the ‘Just because we can, should we?’ questions) can be discussed and addressed proactively (instead of reactively) by the right people at the right level in the organisation.
Do you have any tips for someone starting out in IG?
I think it’s important to recognise that data, information, and knowledge are all elements of a continuum. The nature of the transition is that data becomes information, information becomes both tacit and explicit knowledge for the people who work with it. Whether it is a resource (raw data) or an asset (information or knowledge), each has different characteristics; each need different management techniques but the governance an organisation applies must be consistent and principle-based for all these elements or else you run the risk of solving a problem for one element that either diminishes the value of or amplifies the risks with one of the other elements.
Is there anything you would do differently if you were starting out your career now?
Not a thing! I have loved every minute of it, and I look forward to taking on the challenges that things like the hybrid workplace, artificial intelligence, data sovereignty and algorithmic transparency will bring. A career mantra I would memorize though is ‘Information is not technology’ - if the organisation you are working for can’t tell the difference – find another organisation!
A fun fact about yourself?
Hmmm, well it’s fun for me! I have recently become obsessed with sea kayaking. I spend every spare moment either paddling, buying kayaks (I am up to four!) or reading books about kayaking. It’s the only legitimate exercise I know that I can do sitting down!
Why is important to be a member of InfoGovANZ?
I love InfoGovANZ as it gives me the opportunity to connect with other people who are as passionate as I am about the role information plays in people’s lives – for good and for bad. There is such a great range of expertise and knowledge in InfoGovANZ members, and they are generous in sharing their knowledge freely. I think it’s a great professional community and I always look forward to participating in our conversations.
IAM 2021 Events Summary Report
Information Awareness Month (IAM) is the opportunity for industry bodies and industry practitioners to work together to celebrate the amazing profession of managing information. The collaboration of industry groups continues to evolve by strengthening relationships which in turn, provides added exposure to all things information for all members. Industry bodies worked together to determine the trending issues impacting Information Management (IM) in 2021 and agreed that the National Archives of Australia (NAA) new policy “Building Trust in the Public Record” provided guidance on the theme for this year’s IAM. The IAM 2021 Events Summary report provides collaborative group members a summation of the discussions that occurred at each of the round tables with ideas to follow up in the ensuing years.
NAA receives $67m to digitalise old records
Almost 300,000 records of Australian history including radio recordings of former prime minister John Curtin and a petition to King George V for Indigenous representation in Federal Parliament will be saved after a $67.7 million funding injection into the National Archives. The Tune Review, released in March this year said immediate action was needed to preserve deteriorating records in paper-based form, as well as magnetic tape audiovisual records, photos and film, to ensure they weren’t lost forever. Cybersecurity was also underscored as an urgent priority, with the collection of government records otherwise vulnerable to obsolescence, attack, compromise or loss.