WA proposes new Privacy Commissioner and government Chief Data Officer

The government of Western Australia is proposing to introduce a whole-of-government framework to govern the way the public sector manages the information it holds on citizens.

In releasing a discussion paper [PDF] on Monday, Attorney General John Quigley and the minister responsible for innovation, IT, and science Dave Kelly said WA is one of only two Australian jurisdictions without privacy legislation, "putting individuals and the state at considerable disadvantage".

See also: Privacy policy (Tech Pro Research)

"WA has the opportunity to learn from the legislative models and experiences of other jurisdictions that already have privacy and information sharing arrangements," the paper says.

Currently in WA, a person who believes their information has been incorrectly handled or shared has no clear pathway for complaint and resolution. As a result, one of the proposals aimed at protecting the privacy rights of individuals is to appoint a WA Privacy Commissioner.

The government is also proposing the appointment of a government Chief Data Officer, who will be charged with the responsibility of supporting the public sector in the correct use and reuse of information, as well as management of data.

"The WA government recognises there are many different types of information, some more sensitive than others, and that public sector agencies will require training and direction to ensure acceptable reasons for sharing information they hold," the discussion paper said on appointing a chief data officer.

"The WA government is committed to introducing a whole-of-sector approach to protecting privacy and enabling safe information sharing within the public sector and with authorised third parties."

See also: Unintended inferences: The biggest threat to data privacy and cybersecurity (TechRepublic)

The proposed framework to protect privacy of personal information sees whole-of-government standards for the responsible collection, management, and use of personal information; a "comprehensive and consistent" framework to govern the responsible sharing of information within government and with authorised third parties; provisions to enable the use of information to deliver better services and outcomes; and mechanisms to ensure accountability and public confidence through independent oversight and clear pathways for resolving complaints.

The resulting legislation is expected to provide stronger privacy protections, improved accountability and transparency, and better services and outcomes for the community.

While the paper said the WA public sector has systems and processes to protect personal and sensitive information at an agency level, and that there are avenues to penalise public servants found to have misused information, whole-of-government arrangements to protect privacy will improve the system.

"These should include independent oversight, and increased accountability and transparency in the protection and use of information -- particularly where it is personal or sensitive," the paper said.

The government also believes that sharing information such as addresses or phone numbers across agencies could help reduce bureaucracy and streamline services.

In 2007, the then WA government recognised the need for privacy legislation with its Information Privacy Bill. The Bill passed through the Lower House, but lapsed as a result of a state election being called.

"The lack of whole-of-government privacy legislation has led to WA public agencies and other governments, particularly the Australian government, being generally reluctant to share data in an effort to manage risk in an uncertain legal environment," the paper explains.

"The absence of a clear, whole-of-government privacy framework has resulted in considerable complexity, inconsistency, and inefficiency in how public sector agencies approach the management and use of information."

Currently, the state has a handful of data initiatives in place, such as the Western Australian Data Linkage System (WADLS).

The paper said the WADLS spans about 50 data collections, representing more than 115 million linked records, some dating back to 1945. Additionally, about 350 data collections have been linked on a one-off basis for specific research projects. More than 800 projects have used WA linked data since 1995.

See also: Digital Council reports NSW and Victoria have the most data-based digital initiatives

The Shared Land Information Platform (SLIP), meanwhile, shares government land and geographic information to improve access and use of spatial data. While the Open Data in WA initiative has seen a total of 2,266 data sets from 66 organisations shared through data.wa.gov. au, as of April 2019.

The WA government last year binned the recently formed Office of the Government Chief Information Officer (GCIO) function, transferring it to the Department of Premier and Cabinet. It then announced Greg Italiano as government Chief Information Officer, charged with improving cybersecurity across the WA government, and leading the state's digital reform agenda. 

Feedback closes for the discussion paper on November 1.

MORE FROM THE WEST

• WA Auditor General report finds state entities still don't get infosec
• Western Australian Auditor General exposes holes in GovNext business case
• WA shifts government CIO position to Premier's department
• WA's grand plan to rid government of IT ownership
• WA pumps AU$35m into digital government
• WA Department of Finance moves to Microsoft Azure