Managing Compliance & Risk in a
Complex Legal Environment:
The new regulatory framework for
public sector recordkeeping in Victoria
Kathy Sinclair, Policy Officer, Public Record Office Victoria
Introduction
• In Victoria, recordkeeping requirements in the
public sector have become both more prominent
and more directive in the last decade
• Agencies have adapted to take into account
these new or changed requirements … but how
has that affected day to day business?
Outline of presentation
• What are the main ways in which things have
changed?
• What are key areas of forthcoming change?
• What impact has this had on Victorian
organisations, particularly government sector?
• How can organisations integrate these new
requirements into their recordkeeping practice?
Overall theme of legal changes
• Probity
• Ethical practice being supported in both public and private
sectors by solid and recorded processes
• Accountability
• Government actions and decisions being transparent
• Protection of citizens’ rights
• Individuals’ rights to proper treatment being enforced
Relationship to government policy
focus
• These themes have permeated government
policy and legislative change - not just in the
recordkeeping area
• Government has a stated commitment to
improving accountability and transparency
3 key types of changes
•
•
•
Rights protection measures
Probity, technology & business utility
measures
Legal changes to the status and character of
records / their management
1. Rights protection measures
•
•
•
•
Document Destruction
Information Privacy
Health records
Whistleblowers
Document Destruction
• Unique (at this stage) to Victoria
• Outflow of McCabe v BAT actions and resultant
Salman report
• Crimes (Document Destruction) Act 2006 & Evidence
(Document Unavailability) Act 2006
• The Acts deal with the legality of document
destruction and establish more stringent
requirements at law than previously existed
Information Privacy
• Information Privacy Act 2000 (public sector)
• Commonwealth Privacy Act covers private
sector
• Designed to protect an individual’s interest in
the privacy of information about themselves
Health sector
• Health Records Act 2001:creates a framework
to protect the privacy of individuals' health
information
• 10 Health Privacy Principles (similar to IPPs)
Whistleblowers protection
• Whistleblowers Protection Act 2001
• Designed to protect the integrity of
Whisteblowers investigations processes and
subsequent enquiries
• Implications across other investigation types
also
2. Probity, technology & business
utility measures
•
•
Electronic Transactions
Changes to FOI
Electronic transactions
• Electronic Transactions Act 2000
• Same principles as Commonwealth and other
state legislation
• Endeavouring to reduce / remove any bias
against transactions in electronic form
FOI
• FOI has imposed, since its inception, the
potential for significant recordkeeping costs for
agencies
• Interaction between FOI and privacy (as
between privacy and public records) has been
problematic at times for agencies
3. Legal changes to the status and
character of records / their management
a) Copyright / DRM
b) Proposed changes to Evidence law
c) Possible changes to Public Records Act (AuditorGeneral’s review)
Copyright / DRM
• Changes to copyright law as a result of
Australia-US Free Trade Agreement 2004
• This has become a very thorny issue for
organisations (public AND private) using
digital rights management (DRM)
Evidence law
• Victoria is still a common-law evidence state
(one of very few remaining)
• VLRC report of February 2006 recommended
Victoria adopt a version of the Commonwealth
/ NSW Uniform Evidence Law (UEL)
• Review and revision of Evidence Act expected
in coming 5 years (but no program of review
yet announced)
Public Records
• Public Records Act 1973 is the authorising
legislation for state Public Record Office and
its standards
• Victorian Auditor-General is auditing Victorian
government recordkeeping in 2007-08
• Public Records Act may also be reviewed as
part of Bracks government commitment to
reviewing all Acts more than 10 years old
How has it all complicated
recordkeeping?
• More requirements, which imposes more layers of
action around records management
• Undefined or ambiguous requirements lead to
inability to act
• Potentially / apparently contradictory requirements
• Many new requirements have yet to be teased out /
tested and interpreted in court
How has it all assisted recordkeeping?
• Provided excellent opportunities to raise the profile of
recordkeeping within government
• Led to formation of informal policy and advisory links
between PROV and other regulatory bodies (better
service for agency records managers)
• May end up being the key driver for extra resourcing
for recordkeeping (pending Auditor’s report)
How have organisations dealt with
these changes?
• Greatly increased procedural and policy
structure to recordkeeping
– Eg. every public sector organisation must have a
Privacy Policy
– as organisations start to apply the technological
possibilities and increasingly acquire EDRMS, the
opportunity exists for process and procedures to
be built in
How have organisations dealt with
these changes?
• Some increase in overall awareness of the
value of recordkeeping and the gaps in the
way it is currently resourced / performed
(Auditor-General’s audit is responding to this)
How have organisations dealt with
these changes?
• Increase in training, information provided, and
role of recordkeeping as a part of upfront
induction programs
– Inclusion of detailed recordkeeping responsibilities
in induction
– PROV’s training program growing rapidly,
including Certificate programs (which cover
recordkeeping regs)
Conclusion
• Victorian public sector records management
now operates within a tighter web of
compliance than ever before
• The pain of legislative change can be more
than offset by the potential gains - if we take
the opportunity offered
More information
• PROV’s Advices to Agencies:
http://www.prov.vic.gov.au/records/standards.a
sp#guides
• Contact PROV: Kathy Sinclair
• [email protected]