So, good morning, everyone and welcome to this online Records Managers Forum.
My name is Martyn Killion I'm the Executive Director of State Records NSW and also the Director of Collections of Museums of History NSW. I'd like to start today's meeting by acknowledging
traditional owners of the lands on which we're all meeting today, for me it's Gadigal land,
and to pay respects to Elders past present and emerging of those various Nations.
Welcome everyone to the Records Managers Forum, the final Records Managers Forum for this year,
but as always, I'm very pleased to see such a great attendance at the forums and we know
from the feedback that we often get that you all find the forums of great value so
it's wonderful to see so many people and to see so many familiar and also new faces today.
Before we start just a few words of housekeeping, first of all this meeting is being recorded,
just so you all know that, and as always, the Forum will be placed on the website for
those who wish to watch back or certainly for those people who aren't able to attend today,
they ll also receive notification that that recording is available. In terms of questions and discussion, as always it is a forum, so any questions and
discussion are very welcome. We suggest that you put any questions or any points
that you'd like to raise in the chat. We will have a chance for questions and answers at the end of the session, but we'll also attempt to answer some of those chat remarks or
questions as we go throughout the next hour or so. If there are any in-depth matters that
anyone raises, please be assured that you won't be ignored but we will take those offline and
deal with those outside of the Forum. I'm thrilled today that the Information
Commissioner has accepted our invitation to speak to us here today on the work of the IPC and its
relationship with a type of work that we do, particularly at State Records NSW, so I'll hand
to Rachel and introduce her in a few minutes. You will also many of you be aware that Museums
of History NSW has a new Chief Executive Officer Annette Pitman, and Annette will also be coming
along to the Forum a little later to speak for a few minutes and to introduce herself.
We'll then have updates from State Records NSW, and then also updates from Museums of History NSW,
and finally we'll be finishing with any remaining questions, and to close off the session,
there's a threatening chance that I may wish you all a Merry Christmas, even though that seems a little early to be doing already this year. All right, so let's get moving. I am very pleased
to introduce Rachel McCallum to you, who of course is the NSW Information Commissioner
and CEO of the Information and Privacy Commission. Rachel s predecessors in the
Information Commissioner role also addressed the Records Managers Forum, so as I said we're delighted to have Rachel here with us today. Rachel, of course, has extensive an extensive
background in legal, regulatory and policy positions, not only in the NSW Government,
but also the Commonwealth Government and in the private sector, and most recently prior to her
appointment as Information Commissioner was the Executive Director and General Counsel at the NSW Electoral Commission. Arguably, Rachel's finest achievement is as
a much valued member of the Board of State Records NSW, and it's been a great pleasure
to work with her in that capacity. So, Rachel, I might hand over to you.
Yes, I was wondering where you were going there, Martyn, with the finest achievement but I'm happy with the thing that you identified, so I suppose that is one of the key ways in which
the two offices have worked together. My predecessor, too, was on the Board, and I guess those appointments are made in recognition of the fact that there is clearly, if
not a specific overlap, a clear alignment between both the practices and the policy objectives of
records and information access laws. So it's been my pleasure, thank you,
to come to a couple of the board meetings where, as your audience here probably know,
the key point there is that we are exercising those regulatory functions of the Authority
in relation to disposal and other regulatory instruments that will apply to agency's records.
So it's not a governing board as such in relation to the agency, we're not there in
the typical board sense of a company, we're there in that regulatory sense and there's a variety of
representatives on that board, so different voices are heard about what those regulatory
arrangements are, or what those authorities should be, in relation to all your agencies, so there's that variety there and I guess I'm there as a public sector representative
but I'm also able to wear that oversight hat. I suppose that as well to bring that perspective
to those functions, so it's been really very interesting to be on that board and,
as a consequence, I was alerted to the fact of that very interesting presentation of the
1802 - I hope I'm getting that right, Martyn - for the muster book recently which was very old,
am I right in saying that's the oldest government record that exists in NSW? So we saw in in person or in in real life, which was a bit thrilling,
but I guess that not all of our records are as thrilling as the 1802 muster book, but you never know, I guess, is the message. My role is really more in the here and now, people
wanting to access information about the current and not so long ago activities of government,
not that there is a time frame per se but that is really where the focus is in relation to that
participation by people in whether it's just their personal circumstance in relation to their own
personal circumstances or a broader interest in what government is doing so seeking information
about that through a statutory framework. I know most of you have worked for a long time
in government I'm going to guess and you have absolutely heard of GIPA and of its predecessor FOI, but I'll just take you through for those of you who
are new just a quick reminder here of what the Information and Privacy Commission is and does,
a couple of current issues of interest to us and then just draw your attention to some of that.
As I said there's a bit of at least an alignment or an overlap where we are interested in the same thing where we're interested in encouraging good recordkeeping
for accountability reasons really. As I said we're the Information and
Privacy Commission, we have both the information access part which I've just touched upon and the
privacy oversight role as well two separate Commissioners, the Information Commissioner,
that's me so I'm also the public service head of the agency, and the Privacy Commissioner
which are both independent statutory officers appointed for fixed terms to exercise the
statutory functions that are conferred on them. The Information and Privacy Commission therefore
that's actually a government agency like probably a lot of your government agencies but I might get
to that distinction in a minute, so some of our commissioner functions I suppose are we promote
and protect privacy and information access rights and we provide also a guidance and assistance role
to government agencies as well as individual members of the public, so people can ring us
up email us etc and seek guidance and advice. Obviously, we're not here to give legal advice as
such, putting on my former legal hat again, that's not what we do, but we do provide advice about how
to exercise the rights in return in in relation to those individual members of the public who
are raising concerns or seeking guidance or how an agency should approach their obligations under the
under the relevant legislation that we have. So we do have a review and oversight rather
audit function which is pretty typical of regulators to have a power which can be used
in both individual circumstances investigation but also in relation to looking at those systems
and policies practices at a higher level so both Commissioners have specific statutory
functions in relation to that activity. We also can investigate complaints and also
manage PIDs about privacy and information access, PIDs being of course public interest disclosures,
shouldn't use the acronym, so there we are in what's defined as an Integrity agency
under the Public Interest Disclosures Act. So not only, I mean all of us as government
agencies have new and probably expanded obligations in relation to the receipt
and then management of PIDs, but as well we - as in the two statutory office holders,
actually not the IPC as an agency, but we have specific additional obligations in
relation to privacy and information laws. There is a little crossover there with State
Records too but it's probably a bit technical to get into in this circumstance today and we
do provide advice as well when asked which is quite often actually to the NSW Government and
I'm drawing that distinction between us and the NSW Government because we are an integrity and
oversight agency about legislation and technology projects that they are exploring and we'll say in
a minute where one of those is a normal statutory role rather than more of a consultative role.
We do have a pretty broad jurisdiction, pretty much like State Records NSW I guess, very broad
not just, when we say the public sector, we're not just talking about the typical state government department or agency, we're also talking about the universities, all of the local councils, minister
s offices, State-Owned corporations, quite recently there was a more limited application
there, and other NSW public authorities. We also do in the privacy space, just for
your info, we also have a role in relation to the private sector there in Health Service Providers,
there is a dual jurisdiction there in some cases with the Commonwealth, so we have a very broad remit there as does as is the case with State Records NSW, those are
legislation that I won't go through them other than to say we are called out specifically in
those last two as well the PID Act as I said and the Digital Restart Fund which I'll mention in a
moment because of the focus even though the fund itself is perhaps not a current focus.
The projects around technology remain a focus for government and are something that our organisation
has a lot to do with, we are oversighted by a Parliamentary Committee, it is sadly a committee
that doesn't have our name in it but it is the committee on the Ombudsman, the Law Enforcement Conduct Commission and the Crime Commission and that underlines I suppose that we are a little bit
different from State Records NSW in that way. We are directly accountable as statutory office
holders to the Parliament so it maintains that line of direct accountability to the Parliament
rather than to the Executive so we cannot be directed in the exercise of our powers etc. by
the Executive so that is why we are subject to parliamentary oversight which essentially means
we are called before them on a semi-regular basis to reflect on our operations and answer questions
concerning both any special reports or annual reports that we might table in the Parliament.
So we do table those directly to the Parliament as well rather than the way the annual reporting
might work in your agencies for those of you who are in more typical state agencies,
I'm sure some of you are from other sectors within the broader public sector as well.
In relation to my role in particular I've gone through some of those I might just say we do
issue guidelines and publications, I'll just focus on that because of the that alignment
that I was referring to earlier between the State Records NSW jurisdiction and us,
so we do have guidance which some of you may be familiar with and you can
subscribe to find out updates as they occur. I thought I'd just draw attention to some of
the digital records guidance that's available from our office, a fact sheet it is it I think,
it is worthwhile for records managers, if you haven't had a chance to read that, to read that fact sheet just to absorb how closely aligned I think some of our functions really are.
So some of the things in that fact sheet that I was just refreshing my own understanding of,
is the way in which it emphasises the requirements around good recordkeeping
in the digital space in order to support those information access rights that I referred to.
So agencies cannot fulfil their own obligations to search for records or information in our case
that is held by their agencies. They must undertake reasonable searches for that if
a valid access application has been made and so the way in which agencies undertake that,
or how successfully agencies undertake that, is really dependent upon the tools that they have
within their agency, both technical and capability I suppose, and the broader understanding of the
people in your agency including your executives about what those obligations really are beyond
just a simple keyword search potentially. So I would encourage you to have a read of
that where it talks about those challenges that exist in relation to searching. There were always
searching challenges in relation to the old style big files of paper as well, but the way in which
agencies organise their digital records is really critical to successfully fulfilling
those transparency obligations that apply, I dare say, to their privacy obligations as well.
So another thing that particular fact sheet emphasises is the need which I'm sure you all
struggle with in your agencies and organisations, the proliferation of digital collaboration tools
and social media usage of your colleagues, and how those records might be captured if they if
they need to be captured as State records. So the fact sheet talks about that issue and the
need for education in agencies to just keep a very high level of awareness that just because you're
talking in a less formal way on a Teams chat or on Yammer or whatever it might be that these things
may be records, they certainly could be subject to GIPA applications, so our guidance stresses
the need for people to be in agencies and sorry when I say agencies I am using that in a very
small way referring to all of you who may be here today, that they really do need to grapple with
the fact that these things can't just float off into the ether once important government business
and decision making is taking place on these sorts of platforms that needs to be captured somehow and
that needs to be searched for so it's a difficult thing I know for all records managers to emphasise
that need for people who are very busy doing whatever they're doing delivering whatever
they're delivering to take the time to, even ahead at the beginning of a project or at the beginning
of a piece of work, to think how am I capturing these key records so that people know that they
are have obligations both under State Records legislation but also obligations under information
access and then if it is personal information obviously putting on that privacy link as well.
Right, just on to the next one, I've just put this here because I thought it was just interesting
to remind people that we've just had a Right to Know Week as well which is based around a
Universal Access to Information Day which is a UN declared day which is in fact based on
Article 19 of the Universal Declaration of Human Rights, so I thought it was interesting just to
put that there to have people thinking about information as in that human rights context.
It is something that the international community talks a lot about and actually my predecessor is
now on the committee of the International Conference of Information Commissioners. For the first time there's an Australian representative on that and she is now the
Australian Information Commissioner, so she continues in this role, she's not doing that
in her personal capacity, that's in her official capacity. So it is interesting I think just to remember that whilst we are talking about day-to-day matters
of state public sector administration there is underlying that quite an interesting a broader
rights basis. I might just for timing reasons skip over that as I mentioned we International Day for
Universal Access to Information was recently, that was the theme for this year which hopefully some of you knew and thank you to those of your agencies who were champions for that week,
the Right to Know Week was Mainstreaming Access to Information and Participation in the Public Sector, so that you can see still I think on our website some of those the material that
was made available for use in your agency to try to raise that profile around that importance.
I mean it might help sometimes if you are having to talk to people about their State records related obligations that you do reference perhaps these other underlying obligations in
relation to say public participation because at the heart of information access is allowing that
relationship between the government and the governed to be an effective and participative
model and indeed at the beginning of the GIP Act it does invoke maintaining and supporting
our system of representative democracy, so there are some very grand policy reasons for taking an
interest in and in maintaining agency records according to the State Records Act and meeting
also the obligations under information access. I will just keep forwarding a little bit there and
I did just allude to that those objects of the Act which talk about the open and accountable,
fair and effective system of government but there it also articulates in a quite neat way three
other related purposes. I should say how the Act actually does that, I just wanted
to mention authorised proactive release and I hope you can still see I notice the chats come up on my screen thank you whoever shared that fact sheet now I can see what you're chatting about.
So I talked a little bit there about the rights of people to ask for the information
that agencies hold, one of the other ways in which agencies can or we are required to uphold those
objectives of information access legislation is by mandatory release of information and proactively,
even if it's not mandatory, just proactively releasing information unless there is what's the
Act refers to as an overriding public interest against disclosure. You'll hear people saying the term OPIAD, that is an acronym, and what that's referring to is an overriding
public interest against disclosure, which are set out in the Act itself. I won't go particularly into those today but one thing we were emphasising during
the recent Right to Know week was trying to lift some capability of agencies around
their proactive release programs. It is a requirement of the GIPA Act
that agencies review it on an annual basis, at least an annual basis, and to date in our what
we call our GIPA tool, which is how you can all use our GIPA tool to manage your applications,
but also using it to report your statistics which you are required to do under the Act.
You can answer some more questions please this year if you be so kind to give us some insights
into how you are going about that, how you are meeting that obligation in relation to
your proactive release obligations. I appreciate that as records managements
not all of you will specifically have that in your structures that might be your job to do that but I
think there is an opportunity perhaps for whoever is dealing with information access or governance,
or in your organisations more generally, to talk to you about this proactive release
obligation and to think about it ahead of a minute to midnight when you have to report
to us that you've actually done it. So to date we've asked for a tick a box,
this year we're not asking that, we're asking a little bit more and we're hopeful that you
can provide some insights into that. This is not a compliance tool per se in
relation to your specific agencies, this is about understanding what is what is going on,
what is looking like good practice and giving us some knowledge on which
to base our own further work programs. As I said there was two kinds of proactive
release, I suppose there's mandatory open access information, sorry two types of Open Access,
there's something that you might proactively release but also there are some mandatory
proactive release obligations as well. One of those mandatory obligations which I could
see would be relevant, well I think should be relevant, to records managers to get involved in a
conversation about with whoever else is dealing with GIPA or governance or just transparency
generally in accountability in relation to your agencies is the Agency information guide.
You or everyone needs one of these. Everyone is required to have one of these, I should say,
under the legislation. I've just really reproduced there what those things need
to contain and one thing this year we've been emphasising more is the obligation in relation to
this, describes the way in which the functions including in particular decision-making functions
of the agency affect members of the public. So we've been drawing agency's attention to the
recent work of the Ombudsman in relation to automated decision-making and asking agencies
to turn their minds for the purposes of their Agency information guides to what tools they're
using for automated decision-making, not in a technical sense necessarily
but just thinking about how you can be more transparent in this, using this obligation
that already exists to make sure members of the public understand what automated decision
making might be in play in your agencies. Some Guides have been put out in relation to that,
some guidance rather has been put out in relation to that, and that's something we'll be continuing to focus on and not surprisingly the broader public sector is of course function
focusing on this type of thing, including the transparency obligations that exist around
not just automated decision making but AI more generally and I will address that in a moment.
So some recent issues I've talked about there just for those of you who are maybe from councils
on the call, we have done some recent auditing work around mandatory open access information
in your sector and you can see there that what the focus of those audits were and you can find those
on our website but that goes to some of those issues have been addressed specifically since.
There's a great diversity of size in the local government sector and resourcing challenges
may differ from council to council but the obligations are in fact the same for each council,
so I would encourage councils to turn their minds to that, and for the records managers
here to perhaps use the information access obligations, or to draw those information
access obligations to the attention of their, well senior managers certainly, but hopefully
to the councillors themselves There's just been an election, there are a bunch of new councillors out there, of course, who no doubt are being trained in,
or have been at least introduced to, the varied obligations that apply to their entities.
I did earlier mention that we have a specific role in relation to advising in proposals coming
under the Digital Restart Fund that is referenced there, the fund was very active in former years.
I'm not sure what its future will be or whether the IPC will continue to have a significant role in that but we have had a very significant role in looking at ICT projects and in the
context of that making clear to the proponents that, in designing those and thinking about
the data, and thinking about the design of those projects, that transparency and privacy
by design should be a common and very early part of the thinking around these projects.
We will continue to be doing that the AI framework, I'm just going to click through to that. These are some of the specific questions that we ask of agencies, we ask ourselves, when we
are being tasked to give advice about it. In more broad terms there are ways in which
the information access legislation touches upon digital, but I just wanted to get to that bottom point quickly before I finish up, which is we are. You will have probably noticed that this is
more relevant to state government agencies actually about the AI assessment framework, but the issue of the regulation of AI is such a current one across all levels of government,
across all industry, across our society generally and it is of course something
that is going to be of interest to records managers, I'm sure, as well.
So we saw a refreshed AI assessment framework, but it does draw specific attention, as did
the previous one, to the one of the ethical principles of AI use being transparency.
So that raises recordkeeping challenges and opportunities right there,
so that is something that we will continue to be interested in oversighting and understanding
where that is going to go and, as I said, we've started with just using what's there in the GIPA Act in the Agency information guides and saying, well the first thing you
can do is at least say what you've got and what you're doing, in at least a summary format.
So that's a starting point around transparency, but transparency in AI goes further than that in
the end, so that's not the end of the policy frameworks or regulation that I think might
come the way of government in the future, and indeed the Commonwealth is running
a consultation process right now on its mandatory guard rails proposal paper.
So you can have a look at that if that's of interest to you. So that goes through different options. Guard rails is the term used, not necessarily legislation, it could
be legislation, but it could be other forms of safeguarding I guess the rights and of us all.
So you can look at that on the Commonwealth Department of Industry site,
so that is something that I know that the NSW Government's actively taking an interest in, obviously all governments around Australia will be taking an interest in that,
and what that means for and information commissioners as well because of what that might mean for the way in which you can exercise those information access rights
and maintain those policy objectives of information access legislation.
That's just a bit of detail about what transparency must mean under the government framework so you can have a look at that yourself, that's all on the Digital NSW website if you
would care to take a look at that. I just thought I'd mention some of what we're
thinking about here, like every government agency we have a long list of potential legislative
amendments. I won't share all of those with you, but one of those was, even though I would say
that our Agency information guides obligations already are expressed in a technology neutral
way and can capture this, given the novelty of the technology, that it may be useful to mandate
the disclosure of information about this. That is certainly one of the potential responses
that's being considered, not necessarily under information access legislation,
but it could be under AI specific legislation in various inquiries and, if you would care to look,
there is a government response. Hence, I say government, it's not my
response it's a government response to the recent AI in NSW inquiry report in the NSW Parliament,
so there's some future work that will touch upon us all I'm sure.
I'm also thinking about, as Regulators always do, powers to do things. I'm sure that State Records NSW also would like some powers to do things more than it has,
and yes I've been looking at some interesting ways in which the UK Information Commission's
Office approaches that regulatory task. It is a bigger jurisdiction obviously in the
United Kingdom and it has broader powers than we do but there's some interesting examples there
around publishing more information. Again I suppose it's using the transparency as
in fact the tool for achieving transparency, which sounds a little circular when I say it
like that but it is it is quite interesting to see how formal that approach is in the UK and
no doubt other regulators in different areas of regulation have similar types of powers.
I do in fact have a power to go to the Supreme Court and injunct people who are not complying
with their GIPA obligations, and I am not aware that that power has ever been used,
but it would be a very serious case in which that power was used.
I would probably just finish up there and see if anybody else has questions. I'm not
sure that there's any questions flowing in so I'm happy to be referred some later or if your
subsequent discussion throws anything up. Wonderful, Rachel, thank you so much. I think
this is the second time you and I have worked together, the first being on the Right to Know week panel. Yes, thank you very much for doing it.
Indeed, a great pleasure, and I think again those themes of accountability and transparency,
evidence through records in terms of disclosure or indeed privacy issues, are all so interlined,
that the work of our two agencies is so interlined, so it was it was a great pleasure
to have you here today and to hear about in more detail the work of the IPC and I know
the 150 or so records managers and recordkeeping practitioners who are online today have lapped up
that all that information so thank you so much. If you have time, you are very welcome to stay on.
The only question or comment we had was a link to the digital records and GIPA fact sheet that you
referenced and we've provided a link to that. Let us continue on our agenda and I'm very pleased
to introduce Annette Pitman, who is the Chief Executive Officer of Museums of History NSW.
This is week four for Annette, and it is very timely for us to have this Records
Managers Forum for Annette to say hello, and I dare say we'll be hearing more from Annette
throughout the future records managers Forum but as an introduction, Annette, I might just
hand over to you, if you don't mind. Thank you, Martyn, and hi everyone, it is an incredible privilege to be leading Museums of History NSW, and
I've got a particular affinity if you will with the records management side of the organisation.
That's actually how I started my career, doing really on the ground indexing and listing and digitising and making vital
birth deaths and marriages records available all those years ago.
So I really understand the importance of our records and making sure that we are keeping them
properly as evidence of government decision making and we all have a shared responsibility for that.
The State Records Act is a really important piece of legislation that
we all work together to uphold, both State Records NSW and Museums of History NSW,
and all of you who are on this call. So we really see all of you as quite valued
stakeholders, you are our customers, and we're here to help you meet your obligations around
that Act and we're really committed to providing good quality services to all of you to help make
your jobs as easy as possible. So that's all I wanted to say, thanks very much, Martyn. Thanks very much, Annette, and
thank you for taking the time in what I know is a very busy schedule for you to come in at speak today and please also do if you're able to hang around, but we might move
on now to updates from State Records NSW and I'll hand over to Catherine Robinson,
one of our two senior advisers in State Records NSW, so Catherine over to you.
Great, hi, hello everyone, so the first update we have is the standards and codes of best practice.
I just wanted to mention that the consultation processes for the revised standard on the physical storage of State records, the revised standard on records management,