Government agencies are being called upon to ensure staff meet legislative obligations when using messaging apps.
A review of 22 agencies by the Australian Information Commissioner has found apps such as Signal, Telegram, WhatsApp, and Facebook Messenger are regularly being used without adequate policies in place to ensure public servants are meeting the mandatory requirements.
“While the technology being used to conduct government business is evolving, the need for agencies to equip staff to uphold legislative obligations remains,” Australian Information Commissioner Elizabeth Tydd said. “Messaging apps raise novel considerations for key pillars of our democratic system of government, including transparency and accountability.”
A report released by the Office of the Australian Information Commissioner – the independent national regulator for privacy and freedom of information – reveals only half of the 16 agencies that permit the use of messaging apps for work purposes had policies in place to meet the statutory obligations (three agencies prohibited the use of apps; three did not have a position).
However, the policies adopted by agencies generally did not address freedom of information, privacy or other key obligations, says the report.
The OAIC asked the 16 agencies that permitted the use of messaging apps for work purposes – and the three agencies that didn’t hold a position about their use – whether messaging apps were used to convey personal information about members of the public.
- 68 per cent were confident messaging apps weren’t used to convey personal information
- 32 per cent were unsure.
“The varied approaches to use of personal devices and the limited guidance and/or absence of procedures and policies that address information governance requirements introduces a significant risk to the preservation of information access and privacy rights,” says the report.
Without sound policies in place, “APS employees operate without the tools necessary to uphold their responsibilities and agencies are not able to monitor compliance and confidently secure fundamental rights.”
The OAIC report contains a number of recommendations:
- agencies should review existing policies or develop a policy to clearly set out whether or not they permit the use of messaging apps for work purposes
- agencies that permit the use of messaging apps should have policies and procedures that adequately address information management, FOI, privacy and security considerations
- agencies should examine the features of messaging apps needed to support official work
- agencies that permit the use of messaging apps should conduct due diligence to ensure any preferred messaging app collects and handles personal information appropriately.
We must uphold information governance safeguards
“Our digital environment demands a shift from a compartmentalised to a holistic approach to information governance by government agencies,” Tydd said. “As a public asset we must implement policies and practices to uphold these information governance safeguards.”
The OAIC says it’s important agencies know:
- how are they managing information – directly within agencies or indirectly through outsourcing arrangements
- what information governance requirements apply
- how they are meeting those requirements
- what information they are collecting and/or preserving
- why they are collecting and/or preserving that information
- how robust their systems and processes are in managing information governance requirements.
“These are questions for all leaders including agency heads, oversight bodies, and audit and risk committees,” Tydd said. “As a regulator of information access and privacy rights they are of paramount concern to the OAIC.”
Leave a Reply