PSI handling and rights (Vic) : 2
Posted by Dave Bath on 2009-06-30
4. That the Victorian Government adopt a narrow definition for the public sector for the purpose of establishing the government Information Management Framework. Initially this definition should comprise only Victorian Government departments.
Whenever I hear "narrow definition" or "broad definition" I become alert for escape clauses and weasel words. This is no exception.
First, consider the following phrases:
- Data created or held by a government agency
- Data created or held by an agency of government.
These two phrases might seem equivalent. You’d be correct in thinking that the rules governing the handling of the data are identical under legislation. However, they are very different in the eyes of many public sector managers and the executive, all too eager to find any excuse to remove accountability for compliance with those rules.
Consider data associated with finding jobs for unemployed persons, and the links to unemployment benefits (or cessation of those benefits), remembering that such data has relevance for the unemployed individual (and the Privacy Act), and also for policy makers using aggregated data.
Is the aggregated information (such as the average number of job interviews per month per unemployed person) from an individual private sector organization carrying out activities as an agency of government included in this "narrow definition"? If not, how does this affect the quality of conclusions based on the information created directly by the government agency, with the information from outsourced government service supplies hidden? Will such data incompleteness give politicians an excuse not to act on conclusions based on the information that is publically available?
In between the government agency and a private organization acting as an agency of government are statutory authorities and quangos (like VicRoads).
Under a narrow definition of "Victorian Government departments, authorities such as VicRoads would be excluded, meaning that raw information about things like accident site statistics would not be covered by the Information Management Framework would not be subject to the default rule for public release. Such information, which in the hands of an independent statistician could help save life and limb, could be hidden as a result. This undermines the entire thrust of any open access PSI policy.
Remember that recommendation 4 is absolute, and has no qualitative or quantitative reference to time.
5. That implementation of the Information Management Framework be conducted via a staged approach, with the executive branch of the Victorian Government leading development of the framework, and encouraging other agencies and entities to adopt similar frameworks, in the following order:
- Victorian Government;
- Parliament of Victoria, the judicial system and statutory authorities; and
- other public sector agencies, including public hospitals and local councils.
While a staged approach to anything is usually sensible, the rules governing information management have been in place for a long time, and consistent across any organization acting as an agency of government. As the requirements haven’t changed, then the staging process shouldn’t take much time. If one agency of government can do it, even if it involves introduction of software (more on this later), the next agency of government should be able to do it very quickly.
Again, I see no mention of private organizations acting as agencies of government. If these are excluded, how much incentive is there for managers to outsource even more things, with even sloppier contracts that don’t mention information handling requirements?
What is particularly interesting is that the Parliament of Victoria, which is relatively small compared to non-Parliamentary government agencies, and deals with information much more important to citizens than any individual agency, should probably be the first cab-off-the-rank for getting their act together, yet is defined for a later stage. Why is this?
So much for lead-by-example!
Can anybody think up a single valid reason, something that could be admitted in public, why a smaller area that probably doesn’t hold any sensitive information about individuals, yet is of greater importance for the development of good public policy, and therefore has an easier task, not be first cab off the rank?
Consider a proper service-oriented data feed that included all legislation introduced into parliament, all inquiries and associated information, all voting patterns of legislators. This is incredibly useful information to anybody who wants greater citizen involvement in policy development. It is exactly the sort of data that can be usefully manipulated and filtered by groups of citizens.
6. That the Victorian Government, through individual departments, employ a systematic approach to identify materials for release and publish those materials on department websites.
It’s really quite simple here, and follows the standard principle in both law and information management disciplines (and a major rule-of-thumb for information security professionals):
So, given that any document (electronic or hardcopy, including raw data) should have been classified at the time of creation or editing, then this recommendation should read "systematic approaches to (i) identify information that should not be publically released and (ii) publishing materials for release on department websites.
Personally, I’d see the only valid systematic approach including not just publication on government websites, but using a central "clearing house" (similar to the Obama-created data.gov catalogs). More important than merely publishing information on government websites, and perhaps as useful as making that information available to citizens, is the proper classification and availability by a clearing-house (that would have a consistent web-interface, both human and API) to those inside government so that the decision-makers have the best-quality information (accuracy, relevance and completeness) on which to base their decisions.
After all, just as citizens might "mash" data from one or more agencies, agencies themselves might create "mashups" of information from other agencies. For example, the Transport Accident Commission might usefully mashup information from the health department (on medical interventions and incidents), VicRoads, and Victoria Police.
Similar considerations apply to use by government agencies outside of Victoria. Even without public release, the availability in a form suitable for public release (but even without public release, which avoids the burdens of any decision as to whether that information should be publically released) and encouraging "mashups" would be incredibly useful for the federal government, both for politicians, and for decision-makers within federal agencies.
In this light, the only systematic approach to information management rules, including the rules for classification of information, must be co-ordinated across all levels of government. I’m reasonably confident that AGIMO (and other expert federal agencies) are more competent than their equivalents at state (or council!!!) level.
7. That the Victorian Government seek legal advice to ensure it is fully covered for all areas of possible legal action that may arise from the release of public sector information.
This is one of the more interesting recommendations, because of the phrase "all areas of possible legal action".
One type of action is where information that should not be released, is released. Privacy-related information is obviously in this category, but a less obvious one is where a private company claims to have been harmed by that release.
This perceived harm can itself come in at least two flavors: the loss of exclusive commercial rights to the information (putting aside that in my opinion, no non-government entity should have exclusive commercial rights to government information). The other flavor is where information about a non-government organization is released, leading to things like loss of market share (just think of various "Price Watch" initiatives).
Yet another case relates to the consequences of the government releasing poor-quality information.
On the quality-of-information issue, it’s worth looking at relevant bits from the policy pages at data.gov:
For all data accessed through Data.gov, each agency has confirmed that the data being provided through this site meets the agency’s Information Quality Guidelines.
Data accessed through Data.gov do not, and should not, include controls over its end use. However, as the data owner or authoritative source for the data, the submitting Department or Agency must retain version control of datasets accessed. Once the data have been downloaded from the agency’s site, the government cannot vouch for their quality and timeliness. Furthermore, the US Government cannot vouch for any analyses conducted with data retrieved from Data.gov.
So… here are my opinions of legal impacts:
- Governments must be held accountable if privacy-related information is released that should not be released. That’s simple.
- Governments must be held accountable for any impacts of poor-quality data coming out of government. That’s simple too.
- Legal action on loss of exclusive commercial use of information is tricky. It would have been easy if the sensible policy of not allowing exclusive commercial use had been standard practice.
- If accurate information (e.g. price comparisons), not subject to privacy considerations causes a loss to a company, then the company should wear the loss.
Of course, the much more interesting legal actions would involve the consequences of the government not releasing information that should have been released according to the information management framework and associated determinations and guidelines. That’s the doozy for the politicians! Personally, I’d say if release of certain types of information is required of government, then the government should be accountable for failure to fulfil its obligations.
(Legal and political philosophers can now go away and argue whether such failures to release appropriate information flouts the social contract).
That’s enough for today. Stay tuned for more.