Managing Compliance & Risk in a Complex Legal Environment: The new regulatory framework for public sector recordkeeping in Victoria Kathy Sinclair, Policy Officer, Public Record Office Victoria

Introduction In Victoria, recordkeeping requirements in the public sector have become both more prominent and more directive in the last decade Agencies have adapted to take into account these new or changed requirements … but how has that affected day to day business?

Outline of presentation What are the main ways in which things have changed? What are key areas of forthcoming change? What impact has this had on Victorian organisations, particularly government sector? How can organisations integrate these new requirements into their recordkeeping practice?

Overall theme of legal changes Probity Ethical practice being supported in both public and private sectors by solid and recorded processes Accountability Government actions and decisions being transparent Protection of citizens’ rights Individuals’ rights to proper treatment being enforced

Relationship to government policy focus These themes have permeated government policy and legislative change - not just in the recordkeeping area Government has a stated commitment to improving accountability and transparency

3 key types of changes Rights protection measures Probity, technology & business utility measures Legal changes to the status and character of records / their management

1. Rights protection measures Document Destruction Information Privacy Health records Whistleblowers

Document Destruction Unique (at this stage) to Victoria Outflow of McCabe v BAT actions and resultant Salman report Crimes (Document Destruction) Act 2006 & Evidence (Document Unavailability) Act 2006 The Acts deal with the legality of document destruction and establish more stringent requirements at law than previously existed

Information Privacy Information Privacy Act 2000 (public sector) Commonwealth Privacy Act covers private sector Designed to protect an individual’s interest in the privacy of information about themselves

Health sector Health Records Act 2001:creates a framework to protect the privacy of individuals' health information 10 Health Privacy Principles (similar to IPPs)

Whistleblowers protection Whistleblowers Protection Act 2001 Designed to protect the integrity of Whisteblowers investigations processes and subsequent enquiries Implications across other investigation types also

2. Probity, technology & business utility measures Electronic Transactions Changes to FOI

Electronic transactions Electronic Transactions Act 2000 Same principles as Commonwealth and other state legislation Endeavouring to reduce / remove any bias against transactions in electronic form

FOI FOI has imposed, since its inception, the potential for significant recordkeeping costs for agencies Interaction between FOI and privacy (as between privacy and public records) has been problematic at times for agencies

3. Legal changes to the status and character of records / their management a)Copyright / DRM b)Proposed changes to Evidence law c)Possible changes to Public Records Act (Auditor- General’s review)

Copyright / DRM Changes to copyright law as a result of Australia-US Free Trade Agreement 2004 This has become a very thorny issue for organisations (public AND private) using digital rights management (DRM)

Evidence law Victoria is still a common-law evidence state (one of very few remaining) VLRC report of February 2006 recommended Victoria adopt a version of the Commonwealth / NSW Uniform Evidence Law (UEL) Review and revision of Evidence Act expected in coming 5 years (but no program of review yet announced)

Public Records Public Records Act 1973 is the authorising legislation for state Public Record Office and its standards Victorian Auditor-General is auditing Victorian government recordkeeping in Public Records Act may also be reviewed as part of Bracks government commitment to reviewing all Acts more than 10 years old

How has it all complicated recordkeeping? More requirements, which imposes more layers of action around records management Undefined or ambiguous requirements lead to inability to act Potentially / apparently contradictory requirements Many new requirements have yet to be teased out / tested and interpreted in court

How has it all assisted recordkeeping? Provided excellent opportunities to raise the profile of recordkeeping within government Led to formation of informal policy and advisory links between PROV and other regulatory bodies (better service for agency records managers) May end up being the key driver for extra resourcing for recordkeeping (pending Auditor’s report)

How have organisations dealt with these changes? Greatly increased procedural and policy structure to recordkeeping –Eg. every public sector organisation must have a Privacy Policy –as organisations start to apply the technological possibilities and increasingly acquire EDRMS, the opportunity exists for process and procedures to be built in

How have organisations dealt with these changes? Some increase in overall awareness of the value of recordkeeping and the gaps in the way it is currently resourced / performed (Auditor-General’s audit is responding to this)

How have organisations dealt with these changes? Increase in training, information provided, and role of recordkeeping as a part of upfront induction programs –Inclusion of detailed recordkeeping responsibilities in induction –PROV’s training program growing rapidly, including Certificate programs (which cover recordkeeping regs)

Conclusion Victorian public sector records management now operates within a tighter web of compliance than ever before The pain of legislative change can be more than offset by the potential gains - if we take the opportunity offered

More information PROV’s Advices to Agencies: asp#guides Contact PROV: Kathy Sinclair