From the Newsroom

Local News

Privacy commission: CVC fails disclosure test

The NSW Information and Privacy Commission has handed down a damning report on Clarence Valley Council’s (CVC) noncompliance with the open access requirements of the Government Information (Public Access) Act 2009 (GIPA Act).

However, CVC’s general manager, Ashley Lindsay, says the council will implement the IPC’s recommendations.

Among its conclusions the IPC wrote that despite “extensive regulatory engagement undertaken by the IPC in advance of this audit, the practices adopted by CVC demonstrated noncompliance or inadequate compliance with the requirements of the GIPA Act”.

“A fundamental threat to the right to access open access information was also identified during the course of this audit,” the report states.

“That threat manifests as evidence of a failure to properly apply the public interest test set out … [in] the GIPA Act.”

The IPC found that CVC had used a “tick box approach to claim” there was “an overriding public interest against disclosure”.

“The use of a check box for designated persons [and councillors] to elect to have their personal information withheld from public access does not demonstrate compliance with the conduct of the public interest test under the GIPA Act,” the report states.

The IPC points out that CVC has behaved in a recalcitrant manner: “Of utmost concern is that the draft processes containing the tick box approach [is] absent [of] any evidence of the requirement to conduct the public interest test [which] appear[s] to have been developed by CVC, following regulatory engagement and guidance [with and by the IPC] regarding the requirements of the GIPA Act.

“The findings also reflect a pressing need to adopt a culture of compliance.”

To achieve this compliance, the IPC states that “leadership and commitment by leaders and those in positions of power [are] instrumental in achieving cultural change”.

“Accordingly, whilst all of the recommendations contained in this report are designed to support CVC in achieving compliance … recommendation [15] expressly recognises the role and responsibility of the General Manager, CVC, as principal officer with ultimate responsibility for compliance under the GIPA Act.”

The council’s general manager, Ashley Lindsay, told the Independent that he had “assessed” the IPC’s recommendations and that “we are making every effort to implement their recommendations”.

The IPC finds that CVC does not comply with the Model Code of Conduct, regarding a lack of consistency in how the disclosures have been filled out and has referred this to the Office of Local Government (OLG).

Mr Lindsay said he had “not yet heard from the OLG, [however], it will be one of the things I have to follow up with them”.

“On the check box issue,” Mr Lindsay said that decision was “guided by staff”.

“We sought legal advice on that, that’s the reason it’s on our declarations, it is based on legal advice.”

Mr Lindsay said the IPC’s highlighting of deficiencies on CVC’s website would be addressed in the current financial year.

The IPC report states: “Importantly, information may be available on [the] website, but it may not, in practice, be readily accessible.”

Mr Lindsay said: “One of the projects in our budget and operational plan this year is to implement a new website process, addressing issues raised by the IPC, which are linked to getting the website up and running”.

Mr Lindsay said one issue, “in particular” was that the IPC “didn’t like the fact that designated persons [executive staff] and councillors were accessed differently – the councillors all had a link on the councillors’ page – they [the IPC] wanted just to be able to go to one spot and see everything”.

The IPC found that CVC had failed all three governance criteria and criticisised how CVC deals with complaints/complainants.

“The information made available to the IPC indicates that the approach adopted by the CVC up until the regulatory engagement by the IPC was incompatible with the requirements of the GIPA Act in the purpose and practice,” the report states.

“…In this regard the Information Commissioner has formed the view that the systems, policies and practices of CVC in dealing with information access complaints are inadequate and require immediate remediation.”

Recommendation 13 states that CVC has until October 14 to “finalise the procedures document” for handling complaints.

Mr Lindsay said: “We’re implementing the recommendations of the IPC report.”

All up, the IPC made 15 recommendations and it “has interpreted [CVC’s] response as fully adopting the recommendations”.