CEI 1.5 Protection and Disclosure of Information

1. Scope of these instructions

These Chief Executive's Instructions (CEI) outline the requirements for the protection and disclosure of information. They reflect the department's obligations for collecting, storing, disclosing, amending and using information detailed in the Privacy Act 1988 (the Privacy Act) and other relevant legislation and government policies, including the Freedom of Information Act 1982 and the Declaration on Open Government.

The CEI applies to all information held by the Department of Agriculture, Fisheries and Forestry (the department).

Further information is available in "All about protection and disclosure of information – additional guidance to CEI 1.5".

2. Policy principles

• Public access to information in the department's possession is appropriate and must be given or denied in accordance with the governing legislation, regulatory and policy frameworks for both the acquisition and release of that information. In practice, this means that information that can reasonably be released should be, unless otherwise prohibited by legislation.
• Information must not be released to the public without the prior approval of an SES employee.
• By default, departmental publications should have open licences.
• The Privacy Act requires the department to comply with eleven Information Privacy Principles established under that
  Act. These principles govern:
• • how personal information is collected, stored, maintained and secured
  • access by individuals to their own personal records
  • the use of personal information and its disclosure to third parties.
• Officials handling personal information must comply with the Information Privacy Principles.
• The use of personal information beyond its intended purpose is prohibited.
• The onus rests on officials to ensure that disclosure of information held by the government accords with relevant government policies and statutory obligations (see paragraph 6).

3. Target audience

These CEIs are applicable to all officials in the department.

4. Departmental instructions

4.1. Responsibilities

Officials:

• must, subject to the approval of an SES employee, routinely make information in the public interest available on the department's websites and in other publications.
• must, when considering whether or not to release all types of information to the public:
• • determine if it is appropriate to disclose the information, in accordance with Public Service Regulation 2.1 and any departmental policies
  • determine, in consultation with Corporate Communications Branch, if the information should be published on the department's website(s), and/or through any other media, including printed publications, social networking sites or by broadcast means.
  • establish if an exemption applies under the Freedom of Information Act 1982 when assessing a formal request
  • consider the implications and possible repercussions and apply balance and sound judgement and, in accordance with normal operating procedures:
  • • seek advice from a supervisor, the Privacy Contact Officer, the Freedom of Information Coordinator and/or the department's Corporate Legal Unit if unsure whether it is appropriate to disclose the information and
    • document the rationale for the action taken, other than for routine communication activity.
• must not disclose information which has been obtained or generated in connection with their employment if the information:
• • was, or is to be, communicated in confidence within the government or
  • was received in confidence by the government from a person or persons outside the government.
• must comply with the following in relation to personal information:
• • protect the confidentiality of personal information provided to the department and ensure it is not subject to misuse
  • comply with the department's procedures and guidelines for the collection, storage, disclosure, amendment, use and destruction or disposal of personal information
  • contact a Privacy Contact Officer if there is a personal information security breach
  • take contractual measures to ensure the department's privacy obligations are extended to contracted service providers and any subcontractors they may engage
  • when collecting the personal information from individuals must inform them:
  • • of the purpose for which the information is being collected
    • whether this is authorised by or under law and, if so, which law and
    • whether it is the department's policy or practice to disclose this information to any third party.
• may have access to their own personal information, except where a record-keeper is required or authorised to refuse access to that record under a Commonwealth law.

Privacy Contact Officer (PCO):

• must investigate any potential or actual breaches of the Privacy Act.
• must collate and provide the department's response for the Personal Information Digest published annually by the Privacy Commissioner.

4.2. Reporting

• The Privacy Act 1988 requires the department to provide the Privacy Commissioner in June each year with an outline of the types of personal information it holds, in the form of a Personal Information Digest. The PCO provides this information to the Privacy Commissioner on behalf of the department.
• Divisions must maintain accurate and up-to-date records of what personal information held by that division, including:
• • the nature of the various types of records of personal information kept by the division
  • the purpose for which the records are kept
  • the class of individuals to which the records apply
  • the period for which the records are kept
  • details of how individuals can get access to records about themselves.
• Divisions must ensure this information is available to be provided to the PCO each year.

5. Breaches

Officials are bound by section 13 of the Public Service Act 1999 (the PS Act Code of Conduct), the Privacy Act 1988 and section 44 of the Financial Management and Accountability Act 1997 (FMA Act) to use Commonwealth resources in an efficient, effective and ethical manner. They are also bound by the legal and regulatory framework underpinning information management. Officials who do not comply with this CEI may be found to be in breach of these provisions and sanctions may apply. Officials may be investigated and managed in accordance with the department's official conduct procedures and/or referred to the police for consideration under Section 70 of the Crimes Act 1914.

6. References

6.1. Legislation

• Archives Act 1983 (Division 3 – Access to Commonwealth records)
• A New Tax System (Australian Business Number) Act 1999 (Part 3 - Administration)
• Census and Statistics Act 1905 (Part IV - Administration)
• Crimes Act 1914 (Section 70 – Disclosure of Information by Commonwealth Officers)
• Criminal Code Act 1995 (Division 135 – Other offences involving fraudulent conduct)
• Financial Management and Accountability Act 1997 (Section 44)
• Freedom of Information Act 1982 (Part II – Publication of certain documents and information; Part III – Access to documents; Part IV – Exempt Documents)
• Privacy Act 1988 (Part III Division 2 – Information Privacy Principles)
• Public Service Act 1999 (Section 13 - APS Code of Conduct; Section 15 – Breaches of the Code of Conduct)
• Public Service Regulations 1999 (Regulation 2.1 – Duty to not disclose information)
• Statistics Determination 1983 made under section 13 of the Census and Statistics Act 1905

6.2. Internal guidance/instruction

• All about protection and disclosure of information– additional guidance to CEI 1.5
• Classification of DAFF material
• Protocol for publishing staff contact details on the DAFF website
• DAFF Guide to preparing ministerial and departmental correspondence
• Internet and Email Code of Conduct
• DAFF Protective Security Procedures
• DAFF Protective Security Policy
• DAFF Record Keeping Standard
• DAFF social media policy

6.3. External guidance/instruction

• The Australian Government's Protective Security Policy Framework
• Report of the Government 2.0 Taskforce - Engage: Getting on with Government 2.0, the Government Response to this report and guidance issued under the auspices of these reports
• Declaration on Open Government

6.4. Related CEIs

• CEI 1.6 on Record keeping

7. Definitions and acronyms

Change History