Integrity and Information Management: guidance for Australian Government agencies

This guide sets out the considerations and obligations of Australian Government agencies to manage data, information and records with integrity.

It applies to people working for or providing support to Australian Government agencies such as Australian Public Service employees (APS), contractors, consultants as well as reservists and volunteers. It includes those appointed under other legislation including members of the Australian Border Force, Australian Defence Force, Australian Federal Police and Australian Maritime Safety Authority.

National Archives of Australia (National Archives) consulted with other agencies including the Australian Public Service Commission (APSC) during the development of this advice.

This advice does not apply to agencies under the jurisdiction of Australian states and territories.

The Integrity in Information Management video and transcript from the Director-General, National Archives of Australia.

Video

Transcript

As an Australian government employee, contractor or consultant, you should be aware of the important role played by good records and information management in supporting integrity across the public service.

You're also probably aware government records of significance come to us here at National Archives. We then manage them, preserve them and make them accessible to the public.

You play such a vital role within your agency in ensuring that the records can be trusted as evidence of the decisions and actions that occur, and that when your records come to us, they can be managed appropriately.

I believe you have 3 key obligations, 3 things to do when performing your duties.

Firstly, make an accurate record as evidence of your actions and decisions.

Secondly, make sure the information is managed in line with your agency's policies.

And finally, do not destroy the information unless authorized to do so.

A good quality record should be able to act as evidence of a decision or action. It must be accurate, authentic and reliable. In this way it has integrity and it can be trusted.

It must contain sufficient detail to meet current agency needs and to be understood by others in the future.

And for a record to have integrity, it needs to be managed appropriately so that it is not changed, lost or damaged.

All the different types of records, information and data that you create, use, send or receive while performing your duties in the APS are records under the Archives Act.

I'm talking about all kinds of information and data, regardless of where they're managed or stored.

Electronic documents, images, data sets, social media content, paper files, photographs, sound recordings and physical objects, you name it.

The information that is determined to have enduring value to the country is then transferred by your agency to National Archives.

Mismanagement of information can unfortunately lead to security and privacy breaches, which, as we've learned recently, can result in personal information landing in the wrong hands.

Mismanagement can also lead to incorrect disposal of records, which can have significant impact on agencies and members of the public.

Records are vital if we are to protect the vulnerable, have proof of rights and entitlements, evidence of past injustices and hopefully contribute to healing and reconciliation.

Poor information management can quite literally be devastating for members of our society.

Managing records, information and data with integrity is really quite simple and comes down to good governance.

Create a record to provide evidence of decisions or actions.

Make sure you capture records in approved systems where they can be easily managed.

Don't delete or destroy the information you create, send or receive in the course of your work unless you are authorised to do so, and make your records full, reliable and meaningful.

At National Archives, we take our lead role in information management seriously. We provide advice, develop policy, educate and support networks across the APS.

We work to understand the risk and value of agency records. This helps inform how long those records should be kept and how they should be managed.

We're focused on building and sustaining trust in the APS, and we do this by integrating best practice to keep information assets of the Australian government safe.

If there's one takeaway message here, it's that something you write or save today might be evidence of important decisions or actions made by government. That information can come to us at National Archives waiting to be reused to aid future decision making and support personal rights and entitlements.

Your records are powerful.

We need to look after them now so that they are accessible for generations to come.

Overview
What is an Australian Government record?
What are information and records?
What do information and records management mean?
What is official Australian Government information?
Trust and information management
Integrity obligations: APS employees and non-APS
Managing information with integrity
What are the risks?
Assessing the risks
The role of Australian Government agencies
The role of leaders and managers
What do you need to do?
Learn more

Overview

In this guidance we discuss some key concepts and responsibilities that will help you understand the connection between integrity and information management.

The Archives Act 1983 (Archives Act) provides the basis to make agencies responsible for the creation, maintenance, retention, disposal of Commonwealth records subject to National Archives' authorisation.

For more information please explore our Getting Started with information management web pages.

Access and public release

The Archives Act governs access to Commonwealth records. Anyone can access most of these records once they enter the open access period by either applying for a record or finding a record that has already been released by National Archives.

The majority of records enter the open access period after 20 years from the date of creation. Some records are exempt in accordance with section 33 of the Archives Act.

National Archives assesses records to identify and withhold exempt information. Sometimes this is done in consultation with departments and agencies. Under the Archives Act we are required to release as much information as possible.

Responsibilities

National Archives:

develops records management policies and standards for the Australian Government
provides records management advice, guidance and resources to agencies
authorises the retention and destruction of Commonwealth records by issuing records authorities
stores, protects and makes accessible records of enduring significance which are identified as archival resources of the Commonwealth and selected for retention as 'national archives'.

Agencies:

create and maintain full and accurate records of their business
develop and implement agency specific information and records management policies and procedures
establish clear lines of responsibility for records management and ensure that staff are trained to carry out their duties
work in consultation with National Archives to develop Records Authorities
provide adequate resources for records management activities
maintain the role of senior managers to take responsibility for information management.

What is an Australian Government record?

Under the Archives Act, an Australian Government record comprises a document or object in any form including electronic formats. Archives Act 1983, section 3.

What are information and records?

Put simply, information and records can be anything created, sent, received or used in the course of your agency's business. They can be in paper, digital or other formats. They include structured information such as data in databases and business systems and unstructured information such as documents, emails, images, tweets and websites.

What do information and records management mean?

When we refer to managing information and records, we are talking about the processes involved in making and maintaining all forms of information to ensure they meet the business needs of the organisation and provide reliable evidence of business transactions. Everyone who uses or creates information has some level of responsibility for managing it properly.

What determines the level of management for information and records depends on their value to the business, as evidence, or their historical or cultural value. For example, a request for a staff meeting would be of low value whereas a draft piece of legislation annotated by a minister would have ongoing value and demand a higher level of management to ensure it is available for long-term access

What is official Australian Government information?

All information that your agency creates, uses, receives or shares as part of its business will be official Australian Government records. Some examples are decisions made, the reasons behind them and anything relied upon when preparing advice on behalf of the agency.

The Protective Security Policy Framework also covers official information but from the perspective of protecting people, information and assets, security classifications or handling instructions attributed to information.

Trust and information management

Public trust in the functions of agencies depends on accountability—our ability to show that decisions have been made on the basis of reason and evidence; Australian Government resources are being used appropriately; and that consideration of the public interest is foremost in our work.

Australian government information is a national resource. Maintaining sound information management practices ensures good stewardship of government information—which, in turn, safeguards our collective knowledge through periods of change.

The Australian Government has a framework for managing information which is administered by various agencies. The framework includes legislation, standards, policy and legislative instruments such as the following:

Archives Act and Archives Regulations 2018
Privacy Act 1988 (includes agency obligations) and Freedom of Information Act 1982 (accessing government information)
Information Management Standards (to create and manage agency information effectively)
The whole of Australian Government information management policy: Building trust in the public record information management and data for government and community (sets the requirements and actions that will help agencies manage their information assets)
Records Authorities issued by National Archives (that agencies must implement in order to meet their legal obligations).

Integrity obligations

There are obligations regarding information that need to be considered no matter what your role is with an agency. We have outlined some of the considerations for APS employees and non-APS stakeholders to guide people on which approach might be more relevant to them. There should be people in your agency who can provide more advice.

APS employees

APS employees engaged under the Public Service Act 1999 (Public Service Act), including Secretaries, Agency Heads, and the Senior Executive Service, are required to uphold the APS Values and Employment Principles, and comply with the APS Code of Conduct (set out respectively in sections 10, 10A, and 13 of the Public Service Act).

The Australian Public Service Commissioner's Directions 2022 (Directions) include directions on the scope and application of the Values, and set out what it means for individual employees, having regard to their duties and responsibilities, to uphold each Value.

Section 16 of the Directions provides that upholding the Accountable Value includes:

being open to scrutiny and being transparent in decision-making
being able to demonstrate that actions and decisions have been made with appropriate consideration
being able to explain actions and decisions to the people affected by them
being able to demonstrate clearly that resources have been used efficiently, effectively, economically, and ethically.

Directions on the Committed to Service Value (section 13) include managing data to enhance evidence‑based policy advice, ensuring information is readily available to the community.

Non-APS

Agencies may have a diverse workforce made up of personnel who are not employed under the Public Service Act. They may also have contractors, consultants as well as reservists or unpaid volunteers. These stakeholders may need tailored assistance from their agency to meet their obligations and successfully manage information assets.

Managing information with integrity

Trust in the public record of government relies on agencies managing information with integrity. National Archives has issued advice on this topic that starts with six actions. These are:

Know your responsibilities
Control the risks
Listen to the experts
Make information searchable and reusable
Develop skills
Think ahead

What are the risks?

Poor information management can undermine an agency's integrity culture as well as trust in its professionalism in order to deliver services and support to stakeholders. Some examples of risks for agencies are:

being unable to find or provide evidence of decisions made or who made them—e.g., asserting that a decision was made on legal advice which cannot be found.
compromising the privacy of the community—e.g., inadvertently publicly releasing clients' case management details, which can be used to commit identity crime.
undermining community trust in the government's capacity to manage and use information properly—e.g., emailing personal information of clients to an incorrect recipient.
making it harder for the community to access services and advice in a timely manner.
unauthorised release of sensitive information, potentially breaching the privacy of individuals—e.g., releasing the personal information of applicants for a refugee visa.
wasting public money by storing and managing information that is no longer needed.
being unable to properly advise or report to the Minister and other stakeholders.
making poor business decisions—e.g., buying business equipment that is not fit-for-purpose.

Assessing the risks

While the level of risk posed by poor information management will depend on the circumstances, some practices are more likely to undermine public trust. These include:

Information which is inaccurate, incomplete or which cannot otherwise be relied on as evidence.
Poor, inconsistent or insufficient description and use of metadata to identify and control information assets means they can't be easily identified.
Wasting time trying to find the relevant information or giving up the search and doing the work again.
Information systems that are not fit-for-purpose thus increasing the risk of breaches of information or obsolescence making it potentially inaccessible.
Prematurely destroying information, or not being sure that its destruction was properly authorised.

In most cases, risks can be avoided or mitigated through the use of a risk plan and risk register that incorporates proper management of information. Utilise the expertise of your agency's information management professionals when identifying, controlling and mitigating risks.

The role of Australian Government agencies

Ideally every agency should have its own business area with primary responsibility for creating and maintaining the agency's information governance framework. In practical terms this is not feasible for all agencies. In these circumstances any questions can be directed to National Archives via the Agency Service Centre.

Your agency should have:

a Chief Information Governance Officer or similar role
an information governance committee
information management professionals
a recordkeeping registry or similar unit.

Each agency should provide:

hints, resources, and training to ensure employees know how to use business systems in their day-to day-work
advice on how to document and save work in approved locations
information on how to use a record plan
good data, information and records management practices
information about record authorities and normal administrative practice that govern managing and disposing of data, information and records including their transfer to National Archives.

The role of leaders and managers

In addition to their individual obligations, leaders and managers have particular responsibilities for information management and must lead with integrity to protect information assets. These include:

role-modelling good information management practices and fostering a pro-integrity culture
ensuring information management and reporting obligations are met—and taking responsibility when they are not
calling out and addressing questionable or improper practices, rather than walking past them.

National Archives has issued advice that describes six actions for senior managers who need to understand their obligations and build their knowledge and skills in managing information. These are:

Know your responsibilities
Influence the culture
Resource for success
Control the whole life cycle
Use standards and best practice
Manage the risks

What do you need to do?

Do the right thing by understanding the roles and responsibilities in your agency that relate to managing information assets, complying with agency requirements and supporting a pro-integrity culture. Ask for help if you are uncertain.

The APSC has an Integrity Portal with great resources. Please also have a look at the information management resources made available by National Archives.

Further enquiries

If you have further questions about this guidance, please contact National Archives' Agency Service Centre.

If you have questions about integrity in the APS, please contact the APSC's Ethics Advisory Service on (02) 6202 3842 or ethics@apsc.gov.au.

Learn More

Integrity resources published by the APSC

Information Management resources published by National Archives

Building trust in the public record managing information and data for government and community policy, commenced January 2021.
Six actions to manage information with integrity - manage information with integrity and build public trust
Quick overview: six actions for senior managers - to stay ahead in information management and lead with integrity to protect data, information and records.

Getting started with information management

An overview of relevant legislation, responsibilities, professional development and key aspects for properly managing information with links to related content.

Using normal administrative practice

Managing your agency's business information. Explains different types of information, what can be deleted with confidence, what needs consideration and what must be retained permanently.

Introductory training resources

A range of videos and e-learning modules are available to help you do the right thing when managing information in your agency. The modules can only be accessed by agencies under licence. These videos are publicly available on YouTube:

Information matters – understanding your responsibilities
Meta…what? Metadata!
Managing email
What's in a name?

These modules were updated in 2023 and require an APS Academy login:

APS essentials – records management
Keep it or delete it (also available to agencies on LearnHub)

More information

Building trust in the public record