InfoGovANZ

Information Governance Think Tank

Information Governance

IG Industry Report 2023 Released

by

InfoGovANZ is delighted to release the IG Industry Report 2023, which tracks the key developments and trends in IG. This year’s key findings include:

  • The key drivers and priorities for information governance activities within organisations were:
    • External regulatory, compliance or legal obligations
    • Good business management practices
    • Internal technology restructuring or transition; and
    • Mitigating risks associated with data that can be defensibly deleted.
  • The survey results revealed that a quarter of all IG projects either underway or planned to be underway in the next year were driven largely by changes or foreshadowed changes to privacy laws with a further quarter being ‘somewhat’ driven by changes or foreshadowed changes to privacy laws.
  • Organisations are increasingly governing with a formal IG framework. The number of respondents reporting that their organisation is doing so has increased from 51% in 2019 to 64% in 2021 and then 71% in 2023.
  • In another positive sign, nearly two-thirds of respondents assessed their organisation’s IG maturity as intermediate or advanced.
  • A significant increase in IG projects is planned across the next 12 months from 74% in 2021 to 82% in 2023.
  • Over a third of respondents indicated their organisations are expecting to increase their IG spend this financial year.

As recent high-profile data breaches have shown, boards and governing authorities of organisations need to have in place robust information governance to reduce information risks across the enterprise. Boards need to ensure they are actively monitoring the governance of data and information lifecycle– from collection to use and disposal - to comply with privacy regulations and reduce overall risks, including reputational and legal risks and costs to the organisation.

IG Industry Report 2023 Download

Name(Required)
Sign up to receive notifications about other events and webinars(Required)
This field is for validation purposes and should be left unchanged.

Legalweek 2023 – the perspective from down under

by

The key takeaway from Legalweek 2023 is that the AI revolution has begun. Its impact will be profound and, as we have seen with the further generative AI developments announced during Legalweek, it will be delivered with great speed. Highlights The highlight was the closing keynote with Dan Schulman, CEO of PayPal.  When you hear a CEO on the one hand emphasising the benefits of technology that can be a ‘real force multiplier’ for good, but on the other hand calling for regulation of AI, it is clear we need urgent action for legislated guardrails to ensure there is ethical use of AII, so that it doesn’t result in #discrimination and misuse of personal information. In a conference dominated by ChatGPT and generative AI, the juxtaposition of the opening and closing keynotes with many of the sessions could not have been more stark. LeVar Burton (Roots, Star Trek, Reading Rainbow) spoke about the power of storytelling and emphasised the ‘importance of the human element.’ In the closing keynote interview with […]
Member only content (join now or login)

Information Lifecycle Management: what is it and how it reduces risk?

by

Most organisations are collecting and generating exponentially increasing volumes of data each year.  However, many organisations struggle to safely and efficiently dispose of data that is no longer needed for regulatory retention requirements or for legitimate purposes, as required, for example, under the Australian Privacy Principles (APPs), the General Data Protection Regulation (GDPR) and the Californian Privacy Rights Act (CPRA). On top of the complexity of keeping track of data within the organisation, the perception that data is ‘the new oil’ and increasingly cheap storage costs are typical reasons why data is not actively managed and disposed of when no longer required.

The Optus Data Breach and the increasing number of decisions by regulators in the US and EU underscore the risk and consequences of over-retention of data for organisations.  Most of these decisions on over-retention of data arise from inadequate cyber security and have resulted in monetary sanctions and, in some instances, ongoing supervision by third parties of the organisation’s cybersecurity and information lifecycle management measures. With increasing regulatory focus on protection of personal information, organisations should be reviewing their overall information lifecycle management and specifically how they manage data collection, classification, retention and disposal to be compliant with applicable records, privacy and cybersecurity regulations and reducing risk.

What are the risks?

Failure to properly govern information assets and implement a robust data lifecycle management program will result in significant risks and costs for organisations.  In a data breach, the loss of historical personal data that the organisation has no legitimate reason to be holding onto compounds the reputational damage, increases the likelihood of heavier regulatory investigations and actions, and adds fuel to the fire of any potential class actions against the organisation and directors and officers arising from the breach. Additionally, retaining unsupported legacy systems to host and manage historical data also increases the chances of a breach incident and reduces the overall security posture of the organisation.

As part of due diligence on information governance, boards and senior executives need to satisfy themselves that the organisation has an effective information lifecycle management program to manage data (and paper) from collection all the way through to secure archiving and disposal.  With the volume of data being generated and collected by organisations ever increasing, this requires a collaborative and planned program carried out on an ongoing basis.

What is information lifecycle management (ILM)?

ILM is the system by which an organisation controls the collection and generation of data, storage, use and disposal of data and information.   It is important to remember it also includes management of physical records, paper documents and artifacts, which continue to be generated and stored in archives either onsite or in external storage facilities.

What are the benefits of information lifecycle management?

The benefits of robust ILM include:

  • Improved data availability and reliable access for authorised users in their day-to-day work.
  • Compliance with business requirements (i.e., policies and procedures) and legal/regulatory obligations such as record retention and disposal
  • Security, auditability and custodianship of data and information are maintained, regardless of any changes in the underlying ICT infrastructure.
  • Ensuring ICT infrastructure supports the business and business users to carry out their work efficiently.
  • Minimising risks by reducing volume of personal data collected/retained and active disposal of information no longer required for business or legal purposes.
  • Cost efficiencies through reduced storage, streamlined eDiscovery processes in legal proceedings, and decreased forensic costs in data breach investigations.

ILM Policies

Many organisations find it challenging to even initiate an ILM program, encountering significant change resistance when attempting to balance the tension between various business processes wishing to retain data (e.g. marketing and business development) and following best practices for privacy and regulatory requirements for data minimisation.  It is important to ensure that all the relevant policies and processes relating to ILM across the organisation are aligned and that there is an ongoing collaborative mechanism to improve, implement and resolve issues.

IG Alignment of Policies and Procedures Diagram

Some standard ILM policies and processes organisations should be ensuring are operating effectively and efficiently include:

  • Privacy Policies and Collection Notices which inform customers about personal data that is collected, how it is used and managed, and how long it will be retained.
  • Data Privacy and Information Security Impact Assessments for internal data analytics and business intelligence and for technology projects involving the use of third-party technology.
  • Data Standards and Processes, which inform employees about the standards for data including, data owners, metadata, data classification and data taxonomies.
  • Record Retention and Archiving, which governs retention periods of different classes of documents in accordance with regulatory and business requirements and the archiving requirements.
  • Litigation Holds and eDiscovery which governs document production in litigation, legal proceedings and investigations.
  • Decommission of systems, which governs the process for data removal and transfer and/or disposal of data.
  • Procurement policies and processes and requirements around third-party suppliers in relation to data storage and location, information security standards of the third-party supplies and auditing of security post contract.

As can be seen from the above, ILM policies typically cover a number of different organisational areas with different types of professionals responsible for implementing and overseeing the execution of these policies. For example, the records retention and archival policy is the responsibility of the Records area, which sets the retention periods for each category and type of document in accordance with the myriad of regulatory requirements with advice from the Legal Department and the requirements of the business. All data and records collected and generated should be securely disposed of in accordance with records and retention policy.

However, the action of deletion and secure disposal of electronically stored data is usually undertaken by IT specialists.  This requires the IT department to be confident in executing on disposal of data, meaning a good working relationship between Records, Legal and IT is essential to ensure that data disposal is carried out in accordance with all of the relevant policies and proceedings. A good example of how this working relationship should operate is when organisations are involved in legal proceedings or regulatory investigation. The ordinary destruction of relevant data and records is required to be halted by the placing of a ‘legal hold’.  The legal hold is generally issued at the order of the Legal Department, pursuant to the Legal Hold Policy and the cessation of data and records disposal continues until the ‘legal hold’ is lifted when the proceedings have concluded.  While the Legal Department is responsible for the issuing and lift of ‘legal holds’, the actual work to stop the ordinary destruction process of relevant data is the responsibility of the IT area.

Deletion rules can and should be coded into the technology systems holding the data to enable automatic deletion at an appropriate point in time.  This requires appropriately skilled Records and IT personnel to set the retention and deletion rules for all the different types of data within the technology system.  At the moment however, most organisations are still at the starting gate and there is very little, or no data being automatically deleted when it should be. It is far more common for data in organisations to be simply moved from primary systems to archival systems or other storage containers.

In the face of increased regulatory activity to sanction organisations that fail to have adequate systems in place to protect personal data and information, it will be increasingly important for organisations to improve on the status quo.  Implementation of effective ILM policies and processes along with appropriate oversight mechanisms through robust Information Governance to ensure ongoing best practice is essential for the effective management of data and information.

ILM – where to start?

 The starting point is to identify any gaps in the organisation’s policies and procedures and then to ensure that all the relevant policies and processes are aligned under the overarching Information Governance policy and framework.  Alignment of policies and processes across the organisation is key to ensuring that everyone within the organisation from the board and senior executives down to each user within the organisation is both able to understand and comply their obligations to protect the organisation’s data and manage it in accordance the policies and procedures.

A collaborative mechanism to improve, implement and resolve issues is necessary. Ideally, this should be the Information Governance Committee, which can provide oversight on the adequacy and compliance of all policies and procedures relevant to the overarching Information Governance framework, which includes ILM. Where gaps are identified, the Information Governance Committee should ensure that adequate action is taken to remedy the gap on an ongoing basis.

The role of Information Governance and ILM

Information Governance provides an overarching mechanism for boards and governing authorities of organisations to control and effectively manage enterprise-wide information assets so that value is maximised and risk is reduced to acceptable levels.  As the diagram below illustrates, there are many different parts of the organisation with different drivers around data and information, including ILM.

For example, innovation, AI and use of innovative technologies may lead to personal data being over collected and stored on an ongoing basis.  Retention and use of this data, particularly if it is personal or sensitive in nature, needs to be balanced against the risks of ensuring compliance with changing and growing privacy regulations.  This example would also require consideration of ethical use of AI in light of reputational issues that may arise.

The InfoGovANZ Model highlights that while different areas across the organisational silos are responsible for different aspects data, information and technology, effective governance will ensure they are also co-ordinated and aligned so that overarching organisational objectives can be achieved. ILM is a core part of the overall Information Governance model, sitting along the bottom row as a foundation element along with records management, archiving and long-term preservation and risk and compliance.

Traditionally, record retention and archiving has been the responsibility of Records and Information Managers who traditionally reported to the General Counsel, and in many organisations continue to do so.  However, the modern reliance on IT systems to carry out the execution of ILM policies have skewed responsibilities increasingly towards the IT Department. Regardless of where responsibility resides, these processes need to be co-ordinated between records, legal and IT.  Where organisations are not actively managing their information lifecycle, implementation of these processes will require substantial effort to overcome change resistance and bring departments together. It often will require further investment in upskilling of staff to both understand and given them confidence to actively manage data through its lifecycle and across the organisational silos.

A robust information governance framework implemented from the top-down and an overarching Information Governance Steering Committee are key factors which can help organisations to implement and drive ongoing ILM.

Read more here in the Information Governance Primer

AuthorSusan Bennett, LLM(Hons), MBA, FGIA, CIPP/E                                                                                                                                                                          Founder of InfoGovANZ, Governance and Privacy Lawyer

2022 Information Awareness Month One Day Seminar

by

This year’s Information Awareness Month One Day Seminar took place at the iconic Institute Building (1861), the first public cultural building in South Australia and was also livestreamed. The theme was “Building Trust in Information” and discussions revolved around facets that we need to trust in order to have trust in information. These included trust in people, process, technology and government. The seminar opened with remarks from Geoff Strempel, Director, State Library of South Australia. As a society we are “drowning in data” and in a knowledge economy IM practitioners are the trustees of information. A huge challenge is the massive data sets that need computers and machine learning to extract patterns and interpretations, but human intellect is still required to assess the outcomes and ultimately arrive at wisdom. ML and AI also raise ethical and privacy dilemmas as technology enable computers to essentially have free reign across the data. […]
Member only content (join now or login)

New Frontiers and Information Technology Governance

by

Professor Michael Adams, Head of UNE Law School, InfoGovANZ Advisory Board

Introduction

The last two years have been a period of disruption due to COVID-19 pandemic and the need for all businesses and organisations to “pivot”. In the information governance space this has been a major positive and a serious risk. The positive is an up-grade in technology, so people can work from home. The use of collaborative tools, such as Sharepoint, MS Teams, ZOOOM, Google docs and many more have been a boon for flexibility.

The EY 2022 Future Workplace Index [1] based on over 500 company responses across many sectors that 75% anticipate no central physical office in the foreseeable future and 72% have hybrid remote/office approaches in place.

The big news is Pre-COVID about 45% of companies expected everyone in the office and only 15% could work remotely. Currently the status is only 27% in the office with 31% fully remote and hybrid leading the way with 42%. But the survey also asked about the future anticipated arrangements with 35% expected in the office, 20% remote working and a massive 45% in hybrid mode.

The negative side of this quantum shift is cyber-security and privacy poor control of data. In a corporate environment, control over passwords and storing sensitive data is much easier to enforce.  People working from home, logging in with less than secure wi-fi networks add to a myriad of other issues.

 

What is the impact of cybersecurity? [2]

GRC2020 published “2021 Trends: Governance, Risk Management & Compliance (GRC): An integrated focus on business integrity and resiliency” in January 2021. This document explains the lessons learnt from 2020 with GRC functions. Governance needs reliably achieve objectives and risk management to address uncertainties. Compliance must act with integrity and there is a need for interconnected risk analysis. Disruption has become the norm and only dynamic and agile businesses can survive.  2022 will without doubt rely upon integrity, resilience and integration. 

Information security from cybersecurity issues, will be the number one issue for the next few years. The 2020 pandemic has required greater focus on health and safety, as well as the broader environment. Similarly, the greater use of GRC technology to address these changing trends. Greater engagement with stakeholders, especially consumers and regulatory authorities, as well as the number employee perspective.

It has been reported that cyber ramson threats have been made to 1500 key bodies in Australia in 2021.[3] The organisations have been governments, schools, healthcare providers, law firms and other entities. Data has been stolen by cyber criminals or held to ransom. More than 75,000 organisations worldwide have failed to update their Microsoft Exchange email servers following the discovery of a major vulnerability in January 2021. It is believed that Chinese state-sponsored hacking group, called “Hafnium” was behind the majority of the cyber-attacks. Although Microsoft released multiple security updates, had 92% update the vulnerability by March 2021, that still left a major hole to be exploited.

This same issue hit the Prime Minister’s office in Malaysia, the US Chemical Safety/Hazard Board and the Michigan Supreme Court, to name a few organisations. No Australian federal or state government domain are identified as being at risk. However, 32 Australian healthcare providers have not updated their servers and are at risk, as well as 18 law firms and 24 private schools.

In September 2021, a government report was released that showed the Australian Cyber Security Centre received 67,500 reports, last financial year, of attacks – up 13% on the previous year. It appears that China is responsible for more than two-thirds of state-sponsored cyber-attacks around the world. [4] Additionally, in September 2021 a former UNSW student has been sentenced to seven years imprisonment for pleading guilty to stealing A$123million (US$90m) from investors in a crypto currency fraud. Mr Stefan Qin was born in Canberra and was convicted in a New York Court for deliberately falsifying account statements from over 100 investors for personal gain. The then 20-year-old ran a crypto fund called Virgil Sigma Fund from Sydney in 2017 through a company (Virgil Capital). He was reported to have made 500% over 12 months for his clients by the Wall Street Journal. [5] The outbreak of war between Russia and Ukraine has lifted the level of cyber-attack occurring throughout the world.

 

Human face of information leakage

In October 2021, the former Facebook (now Meta) executive, Frances Haugen, testified before the US Senate subcommittee on the influence of social media giants. She demonstrates that the unstoppable juggernaut bulldozing society on its way to the bank at the expense of citizens and legal rights. [6] The exposures of Facebook via leaked internal documents, as reported by the Wall Street Journal, illuminated the inside knowledge of the damage that was being done to body image teenagers and misinformation of COVID vaccines. 

The question, as put by Malcolm Gladwell’s 2000 book The Tipping Point is how little things can make a big difference. For corporate executives, directors and other officers, the use of corporate information governance is absolutely crucial. The author pointed this out back in June 2018 at the NSW Governance and Risk Forum under the acronym SEMTEX, where the “T” represented technology. [7]

This was followed by a doctoral thesis at the University of New England by Saranne Cooke entitled “Relationships, Risk and Remuneration: ASX200 Director’ practices of the ASX Corporate Governance Council Principles”. Cooke identified from a large sample of interviews with ASX200 companies that the number one fear was expressed as “my fear is not what I know and what I decide upon, but what I don’t know”. 

Directors are very aware of their personal circumstances and the political catastrophic consequences for their companies from poor decisions – but the critical importance of the relationship and trust between executives and the board. Technology playing a central role in giving all stakeholders greater certainty of flagging critical issues.

The President of the Australian Law Reform Commission, Justice Sarah Derrington, and former Professor of Law at the University of Queensland, is chairing an enquiry into the complexity of the Corporations Act 2001 (Cth). In particular, why there are 13,000 acts, 5,000 legislative instruments and over 100,000 court judgments that impact on corporate officers?

One last consideration for directors is the growing role within technology of cybersecurity and the growth in blockchain technology, from cryptocurrency (like Bitcoin) to new governance models known as DAO. [8] The Australian Securities and Investment Commission (ASIC) has issued a Report 429 on the issue [9] and a case ASIC v R I Advice Group Pty Ltd [10] (2021). The Australian Cybersecurity Strategy 2020 [11] is proposing major reforms on the role of privacy laws, consumers, data protection laws and directors’ duties, via an Australian Standard on Cybersecurity.

 

The growth and importance of information governance

Information governance, data protection and security, privacy, cybersecurity and artificial intelligence (AI) have all become critical topics for boards and government bodies to consider. Historically, the issues tended to be dealt with under either “IT” issues or records and information compliance issues.  In recent years, the importance of cybersecurity, AI and data analytics together with changing privacy regulations have brought new governance challenges to the forefront of the minds of directors.  

One of the top law firms, King & Wood Mallesons, in its 2016 Directions report had listed digital disruption at number 3. By the release of its 2019 Directions: navigating a new order [12] report, the issue of managing IT and cybersecurity had moved to the number 2 spot as a priority for boards.  Similarly, the 2019 Governance Institute of Australia released its own paper, entitled “The Future of the Governance Professional” [13] and had three major themes – technological disruption was the third highest priority for governance changes into the future (2025). Over 75% of the respondents agreed that the issue was vital or very important due to “the use of new technology and its effects on the workforce, and also because the rate of change and implementation of these technologies is accelerating”. [14]

There is acceptance that machines will be better than humans at some tasks, including taking minutes, gathering vast amounts of information and highlighting what is relevant for directors. But there will still be a need for emotional intelligence and creativity, which humans bring to the table (with bias and other unconscious attitudes). As well as AI, the developments in real-time information flows, big data analysis, increased automation and improved ‘regtech’ with blockchain and voice recognition to all affect the governance role. 

Previously, the author examined the link between corporate governance and the digital economy in Governance Directions. [15] The definition of information governance has generally been accepted as:

 “the activities and technologies that organisations employ to maximise the value of information while minimising associated risks and costs”. 

This definition has been affirmed by 90% of the Information Governance ANZ (InfoGovANZ) survey report, published in 2019. [16] The 2021 survey report accepted the definition by 81% of the respondents. [17] This survey built on the 2017 edition [18] and reinforced that information governance is an umbrella concept that describes all information management activities.

 

Conclusion

As we transition from pandemic to endemic and the world returns to a “new normal” the traditional governance processes are just not fit for their purpose now. What stakeholders, including governments, regulators, owners and employees actually expect has had a seismic change. There is a distinction between governance practices in the digital age and a framework for contemporary governance. The importance of cyber-security, new working frameworks and the value of information governance.

 

[1] https://www.ey.com/en_us/real-estate-hospitality-construction/ey-survey-on-future-workplace-index

[2] Legal Issues in Information Technology (editor Mark Perry),Lawbook Co 2022, Michael Adams chapter 2 “Theoretical frameworks and governance of information” pages 7-48.

[3] Liam Mendes, ‘Cyber ramson threat to 1500 key bodies’ (2021) The Australian 16 September, 7.

[4]< Anthony Galloway, ‘China behind majority of cyber attacks’ (2021) Sydney Morning Herald 16 September 15.

[5] Jessica Sier, ‘UNSW dropout jailed for $123mcrypto scam’ (2021) Australian Financial Review 17th September 18.

[6] Australian Financial Review, 8th October 2021 p2

[7] Michael Adams, “Top 2018 governance concerns: #SEMTEX” Governance Directions, Sept 2018

[8] Decentralised Autonomous Organisations

[9] LINK to ASIC website: https://asic.gov.au/regulatory-resources/find-a-document/reports/rep-429-cyber-resilience-health-check/

[10] [2021] FCA] 877

[11] https://www.homeaffairs.gov.au/about-us/our-portfolios/cyber-security/strategy

[12] King & Wood Mallesons, Directions 2019: Navigating a new order – https://www.kwm.com/en/au/knowledge/hubs/directions-non-executive-directors

[13] GIA, The Future of the governance professional, August 2019 – https://www.governanceinstitute.com.au/media/884166/govinst_the-future-of-the-governance-professional_august-2019.pdf

[14] Corporations and Markets Advisory Committee, 2006, Personal Liability for Corporate Fault Report 9.

[15] Adams, M & Bennett, S, 2018, “Corporate governance in the digital economy: The critical importance of information governance” 70(10) Governance Directions

[16] Information Governance ANZ, IG Industry Survey, July 2019 https://www.infogovanz.com/wp-content/uploads/2020/01/IGANZ2019ReportFinal.pdf

[17] Information Governance ANZ, IG Industry Survey, May 2021  https://www.infogovanz.com/wp-content/uploads/2021/05/InfoGov_IndustrySurvey_MAY2021.pdf

[18] Information Governance ANZ, IG Industry Survey, August 2017 https://www.infogovanz.com/wp-content/uploads/2020/01/IGANZ_Industry_Survey_AUGUST_2017.pdf

InfoGovANZ releases the Information Governance Primer

by

Susan Bennett, Executive Director of Australian based think tank, Information Governance ANZ (InfoGovANZ), is delighted to launch the Information Governance Primer, which provides a wide-ranging overview on the fundamentals of good information governance.

In today’s digital environment, the growing number and complexity of challenges associated with data and information have outpaced traditional information and records management practices.  The Information Governance Primer address these challenges by providing a guide to developing a holistic enterprise-wide system to mitigate risks and maximise opportunities.

“The COVID-19 pandemic has highlighted the importance of access to accurate and real-time data for decision-making by senior executives and boards, access and reliability of organisational systems and information for employees to carry out day-to-day work and for decision-making at all levels throughout the organisation and information security and the increasing cyber risks arising from working remotely and the increasing use and reliance on third-party platforms and software.”

The Information Governance Primer was developed to address these unfolding issues and provide practical guidance in how organisations can implement robust governance to mitigate risks. It assists professionals to develop a well-executed IG framework and program, with appropriate leadership to deliver effective security and control of data and information by reducing costs of holding information and maximising the value of information held by the organisation.

The Information Governance Primer not only articulates persuasively the rationale for implementing good information governance, but aims to equip IG practitioners with the knowledge required to build and improve information governance across a range of organisation types including government, corporates and not-for-profits.

Ms Bennett explained, “InfoGovANZ’s mission to build the knowledge of IG, best practices and innovation led to the development of the Information Governance Primer which addresses the critical issues and challenges the IG community faces in creating and deploying effective governance”.

The Information Governance Primer provides a general overview of information governance, covering a range of important factors including the key drivers of IG, benefits of successful IG implementation, an outline of IG models and frameworks plus the role of IG leadership in establishing robust information governance.

The Information Governance Primer is free for InfoGovANZ members and is available here. New InfoGovANZ members receive a free copy when they join. Find out more about membership, including a range of benefits here.

IAM 2021 Events Summary Report

by

Information Awareness Month (IAM) is the opportunity for industry bodies and industry practitioners to work together to celebrate the amazing profession of managing information. The collaboration of industry groups continues to evolve by strengthening relationships which in turn, provides added exposure to all things information for all members. Industry bodies worked together to determine the trending issues impacting Information Management (IM) in 2021 and agreed that the National Archives of Australia (NAA) new policy “Building Trust in the Public Record” provided guidance on the theme for this year’s IAM. The IAM 2021 Events Summary report provides collaborative group members a summation of the discussions that occurred at each of the round tables with ideas to follow up in the ensuing years.
Member only content (join now or login)

InfoGov IAM2021 Roundtable Report

by

The Information Governance (IG) Roundtable had an engaged discussion covering a wide range of current issues and drivers for information governance. The discussion covered: Drivers of Information Governance in 2021, the compelling reasons for organisations to implement Information Governance, what are the current challenges and actions for protecting information and more. Participants included Roxanne Missingham, Kathryn Dan, Alex Caughey Hutt, Dr Chris Colwell, Dani Wickman, Fiona Beatty, Judy Anderson, David Brous, Genevieve Dwyer, Brandon Voight, David Church, Amanda Dolman and Simon Costello.  The roundtable was hosted by InfoGovANZ, facilitated by Susan Bennett and sponsored by ActiveNav.    IG Drivers in 2021  Our discussion considered key trends in IG, noting that the InfoGovANZ IG Industry Report 2021 identified the three main drivers for IG as:  External regulatory compliance and legal obligations;   Good business management practices; and  Internal technology restructuring or transitions.   The role of regulatory compliance as a mechanism to elevate […]
Member only content (join now or login)

Pioneer of IG – Dame Fiona Caldicott

by

Dame Fiona Caldicott, the first UK National Data Guardian for Health and Social Care passed away this year.  Dame Fiona was the UK pioneer of Information Governance, with the publication of the Caldicott Report in 1997 setting the benchmark for the collection and use of personal information and the need for robust information governance to protect personal information. The Caldicott report established what became known as the Caldicott principles of information governance. The original six principles included: justify the purpose for using confidential information; use confidential information only when it is necessary; use the minimum necessary confidential information; access should be on a strict need-to-know basis; making sure anyone accessing confidential information is aware of their responsibilities; and comply with the law. In 2013, the Information Governance Review Report, chaired by Dame Fiona added a seventh principle and following a further review in 2016 an eighth principle was added. These made it clear […]
Member only content (join now or login)

Building trust in the public record – Public Release schedule

by

The National Archives of Australia‘s new whole-of-government information management policy, Building Trust in the Public Record: managing information and data for government and community is now in force – https://bit.ly/3nfgGlV The new policy supports a holistic approach to information and asset management using information governance. The aim of the policy is to continue to improve information management capability within the Australian Government (Cth) to meet current and future needs for trusted, authentic and reliable records, information and data for government and community. Accompanying the policy release are new, updated and existing National Archives guides and supporting advice to help government agencies implement the policy and meet each of the 17 policy actions. Learn more about what is required here including reviewing and updating your information governance framework to incorporate enterprise-wide information management including governance of records, information and #data: https://bit.ly/3ndX5CC
Member only content (join now or login)

Building Trust in the Public Record Highlights

by

Information Governance ANZ was pleased to host an interactive forum with David Fricker, Director-General of the National Archives of Australia regarding the new policy Building Trust in the Public Record: managing information and data for government and community. This interactive session covered: ·       Key information management requirements for Australian Government agencies ·       Actions that agencies can take to build information management capability and address areas of low performance ·       Current and future needs for authentic and reliable information and dat a by government and community The importance of trust David outlined the role of the National Archives and its responsibilities under the Archives Act 1983. NAA identifies archival resources, preserves them and provides the government and community with access to those resources. The Archives also develops standards to help Commonwealth agencies manage data and information – ensuring the integrity and accessibility of these resources for as long as they are needed. The public […]
Member only content (join now or login)

Universities information governance in a time of COVID-19

by

Without a shadow of a doubt, 2020, will be remember for the impact of COVID-19, lockdowns, deaths and hospitals stretched to the limits. For Australia, the pandemic also followed the worst drought in a century and the worst bushfires in recorded history. This has had a profound impact on one of Australia’s largest exports, valued at over trillion dollars, education. Universities across Australia have been impacted in so many ways, which have pushed their systems to their limits. It has highlighted the importance of data and technology and the crucial importance of information governance. Issues In April 2020, I was interviewed by GRC Professional journal on the risks to universities (before COVID-19 had taken a grip, but once Chinese student visas were cancelled). I was asked “What are some the broad risks that universities face?” My reply was the current risk in Australian universities is, without doubt, the impact of […]
Member only content (join now or login)

AI Transparency in Digital Government

by

In celebration of International Access to Information Day and Right to Know Week in NSW 2020, we held an event on AI Transparency in Digital Government with NSW Information Commissioner Elizabeth Tydd, Victorian Information Commissioner Sven Bluemmel and Dr Jat Singh, Senior Research Fellow at the University of Cambridge. The discussion focused on the duty government agencies have to disclose algorithms used in providing services and making decisions about services and benefits to citizens. The Commissioners highlighted that robust procurement processes are essential where technology using algorithms are being procured by agencies. Commissioner Bluemmel said the bar needs to be set really high where the algorithmic decision-making involves people and their liberties and livelihood. Transparency is necessary to understand how the decisions are made in order to assert our rights. Dr Singh pointed out that transparency needs to be meaningful so that it allows us to be able to interrogate, scrutinize and challenge, and it requires organisations to give careful consideration […]
Member only content (join now or login)

NAA’s new policy: Building Trust in the Public Record

by

The National Archives of Australia (NAA) published in July 2020 the draft  policy Building Trust in the Public Record: managing information and data for government and community. It was been released together with a list of supporting advice that exists, or will be developed or updated, to support the policy. InfoGovANZ submitted its feedback in response to the new policy, which is available here. The new policy will take effect from 1 January 2021 and will follow the current Digital Continuity 2020 policy (DC2020) which concludes at the end of this year. The policy seeks to improve information management capability within the Australian Government to meet current and future needs for authentic and reliable information and data by government and community.
Member only content (join now or login)

For Governance, Integration Matters

by

Effective corporate governance is not a one-size-fits-all approach, as recognised by regulators and self-regulatory organisations around the world. Principles propounded by local advisory and governing bodies provide guidance on how to effectively and transparently manage an organization and ensure it is meeting its obligations to all stakeholders. We will examine how corporate governance principles can be enhanced and improved by the explicit integration of information governance into companies’ corporate governance schema.   Corporate Governance Corporate governance is, in its most general terms, how a business is controlled, governed, and operated. Principles of good corporate governance include fairness, accountability, responsibility, and transparency. A company’s system of governance is its framework of rules, relationships, controls, and processes. Company management and boards have myriad responsibilities. These range from planning for pandemics, natural disasters, and other major events that can affect a company’s basic ability to conduct business and disrupt operations; managing the company’s […]
Member only content (join now or login)

Information Governance Key to Good Corporate Governance

by

Information governance, data protection and security, privacy, cybersecurity and artificial intelligence (AI) have all become critical topics for boards and government bodies to consider. Historically, the issues tended to be dealt with under either ‘IT’ issues or records and information compliance issues.  In recent years, the importance of cybersecurity, AI and data analytics together with changing privacy regulations have brought new governance challenges to the forefront of the minds of directors. Top issues for Directors There are common themes in the surveys of top issues confronting Boards of Directors, which have been carried out in recent years.  These include the opportunities and challenges arising from technology innovation and disruption, the overriding concern of cybersecurity and data breach, which is highlighting the importance of information security, and regulatory compliance including changing privacy regulations. The Akin Gump Lawyers group in the USA report an annual “Top 10 topics for Directors” each year, […]
Member only content (join now or login)

COVID19 – Global Open Data Initiatives

by

The Open Government Partnership (OGP) has created a webpage collating government approaches responding to COVID-19. The open government community is focused on applying the principles of transparency, accountability and participation to the COVID-19 response.   The webpage contains a crowd sourced list from a wide range of countries with a variety of initiatives, including: the release of theoretical models and data underpinning governments’ strategies; digital platforms and apps to keep citizens informed; and efforts tackling misinformation and disinformation online. The Open Government Partnership (OGP) is a multilateral initiative that aims to secure concrete commitments from national and local governments to promote open government, empower citizens, fight corruption, and harness new technologies to strengthen governance. Formed in 2011, its members now include governments from across 78 countries and thousands of civil society groups, representing more than 2 billion people worldwide. Open government strives to provide transparency and accountability to the public, […]
Member only content (join now or login)

Information and Data Governance Driving Interoperability

by

Achieving interconnected services, sharing and re-using information and data assets requires strategic planning and investment. The Data Interoperability Maturity Model (DIMM) is the latest advice from the National Archives of Australia for building interoperability under the Digital Continuity 2020 Policy. It highlights the importance of information and data governance to drive interoperability initiatives. The Director-General of the National Archives of Australia, David Fricker stated,  ‘it is often said the data is the ‘oil’ of the 21st century, because in the future data will be the principal resource that drives our economy and our way of life.   Just like oil, data has to be properly managed.  It must discoverable, and of sufficient quality – pure, authentic and reliable – to drive the processes that rely on it.  Unified information and data governance empowers an organisation to align its interoperability objectives while balancing associated risks.’ The DIMM’s downloadable assessment tool helps your […]
Member only content (join now or login)

Automated Speech Recognition

by

While Automated Speech Recognition (ASR) technology has been present in various forms for decades, advances in statistical modelling, artificial intelligence (AI) and automation connectively have resulted in a new frontier for speech-based interaction between humans and computer systems. In this article Dr Peter Chapman, Director in the KPMG Forensic Technology team and InfoGovANZ advisory board member, details some of the current applications of ASR technology and offers guidance on a number of emerging governance issues associated with these technologies. As a concept, computerised Automated Speech Recognition (ASR) has been around almost as long as the computer itself. However, only in the last decade have the capabilities of ASR technology reached the point where wide-scale commercial adoption is viable1. Natural human speech contains slang terms, dialect peculiarities, abbreviations and other “non-standardised” content. While humans are very adept at managing these issues, the enormous variability of human speech makes ASR a very […]
Member only content (join now or login)

Information Governance 2020

by

The Information Governance 2020 Roundtable took place on Monday, 18 November at the Governance Institute of Australia. The event covered highlights from the recent InfoGovANZ Survey Report, privacy developments and trends globally, the new ISO working group developing an Information Governance standard, and the new records management cloud-based system utilising machine learning at the Australian Human Rights Commission. There was a great turn out of members, sponsors and interested parties for a fantastic session covering a broad range of IG topics. Executive Director, Susan Bennett started the ball rolling with a summary of valuable insights from the most recent InfoGovANZ IG Survey Report, noting the trend towards improved Information Governance awareness and leadership recognition since our 2017 survey.  Just over half of the organisations surveyed have an formal IG framework with clearly articulated policies and procedures. 90% of respondents expressed agreement with the definition of ‘information governance’ – although some […]
Member only content (join now or login)