Tuesday 13 June 2017

Coming soon! Cyber security audits announced by VAGO


The Victorian Auditor-General’s Office (VAGO) has this month announced plans to conduct audits on departments and agencies to assess their implementation of the Victorian Protective Data Security Framework (VPDSF) and Victorian Protective Data Security Standards (VPDSS), as well as cyber security strategy.

The audits, to run in 2018-19, will ascertain whether the VPDSF and VPDSS have been effective in improving cyber resilience in government to determine whether departments and agencies can adequately prevent, respond to and recover from cyber security attacks.

The Commissioner for Privacy and Data Protection released the VPDSF and VPDSS in mid-2016 to provide direction for Victorian public sector agencies on their data security obligations.  Department heads must prepare Protective Data Security Plans to address the VPDSS and submit the plan to the Commissioner.

Whilst VAGO will be undertaking performance audits for the purpose of ascertaining the effectiveness of the VPDSF and VPDSS in improving government's cyber resilience, the Commissioner may also conduct monitoring and assurance activities, including audits, to ascertain whether departments and agencies are complying with data security standards.

If you would like to know more, contact:

Rebecca Radford
9947 1403

Snezana Stojanoska
9947 1412

James Stephens
 9947 1422

Friday 9 June 2017

Commonwealth Government introduces Government Procurement (Judicial Review) Bill 2017

Procurement practitioners may have noticed that on 25 May 2017, the Commonwealth Government introduced the Government Procurement (Judicial Review) Bill 2017 designed to give the Commonwealth procurement rules some extra teeth.

What does the Bill propose?

The Bill would enable the Federal Court to grant an injunction or order for compensation for a contravention of relevant Commonwealth Procurement Rules by a Commonwealth entity.

A supplier whose interests are affected by the relevant conduct (which includes a potential supplier ie bidder) may make an application to the court for compensation or an injunction, which may halt the procurement process or preserve the supplier's rights in the process.  

The Bill also provides for complaints to be made to the accountable authority of a relevant Commonwealth entity about a contravention of the relevant Rules, which must then be investigated.


Does this impact Victoria?

The bill does not affect state procurements.  In Victoria, an unsuccessful bidder has to bring proceedings (including an injunction) against an agency under contract law, for breach of the contract that may have been formed through the procurement process. 

If you'd like any more information about government procurement, please contact:

Assistant Victorian Government Solicitor
9947 1404

Managing Principal Solicitor
9947 1403


Thursday 1 June 2017

Time for a change: Eight ways to get ready for amendments to the FOI Act

The passing of the Freedom of Information Amendment (Office of the Victorian Information Commissioner) Act 2017 has brought about notable changes to Victoria’s Freedom of Information (FOI) regime for agencies and applicants.

Victoria's amendments are designed to promote a culture of open government through access to information and strengthen oversight of the administration of the FOI Act.
The changes come into effect on 1 September 2017.

Contact us for the complete suite of updated FOI templates, available for a fixed fee.

Here are eight things FOI agencies need to do to be ready for the changes.


1. Shorter time frames for processing FOI requests

Agencies and Ministers must make decisions on FOI requests within 30 days, instead of the previous 45 day period.
With the agreement of an applicant, this time frame can be extended by up to 30 days, with the possibility of additional extensions, so long as the extension is granted before the relevant period expires.
Decision makers are permitted an extension of up to 15 calendar days for requests that require consultation with specified third parties (under sections 29, 29A, 31, 31A, 33, 34 or 35) before a decision is made.
Action: Update correspondence templates, FOI manuals and other materials.  Importantly, consider ways of streamlining your document searches, FOI processing and other processes to make them as efficient as possible.


2. New Office of the Victorian Information Commissioner

On 1 September 2017, the new Office of the Victorian Information Commissioner (OVIC) will replace the existing Offices of the Freedom of Information Commissioner and the Commissioner for Data Protection and Privacy.
OVIC is an independent regulatory body.  It will comprise an Information Commissioner who will be assisted by two Deputy Commissioners responsible for FOI and privacy and data protection respectively.
Action: Watch out for updates and free training on the new OVIC to be offered by the current Office of the Freedom of Information Commissioner.

3. Power to review decisions of principal officers and Ministers 

OVIC has power to review FOI decisions made by principal officers and Ministers.
The amendments also provide that OVIC can accept a complaint about a decision made by a Minister that a document does not exist or cannot be located, or a failure by a Minister to comply with new Ministerial professional standards (see below).
Action: Update decision letter templates to advise that review of a decision to refuse a document, or a complaint about a ‘no documents’ decision made by a principal officer or a Minister, can be made to OVIC within 60 days after the date of the decision.

4. Power to review decisions refusing access to Cabinet documents 

OVIC has power to conduct reviews of decisions refusing access to documents exempted under the Cabinet documents exemption (section 28(1)).
Conclusive certificates signed by the Secretary to the Department of Premier and Cabinet and produced to establish that a document is subject to the Cabinet document exemption no longer apply.  In any case, such certificates were not commonly in use.
Action: Ensure decision letters address the relevant factors required in order to claim the Cabinet exemption, namely that the purpose or a substantial purpose for creating the document was for it to be submitted to Cabinet (or a sub-committee of Cabinet) for its consideration.  Care taken to establish the basis of a Cabinet exemption from the outset (including evidence of the purpose for which a document was created) will assist in any review of a decision to apply this exemption.

5. Increased powers in relation to searches for documents

Upon review of a decision, OVIC has power to require an agency or a Minister to conduct further searches for documents.  OVIC may specify methods for undertaking a further search for documents, for example, by directing an agency to use a specified key word search of its email system.
In cases where an agency or Minister refuses a request on the basis that the work involved in processing the request would substantially and unreasonably divert resources or interfere with the performance of the agency or the Minister’s functions, OVIC can require a further search or that a ‘reasonable sample’ of documents be produced.

Compliance with a request to conduct a further search or produce a reasonable sample must be undertaken within at least 10 business days, however, this period may be extended.  Within three days after the conclusion of this time frame, the agency or Minister must notify OVIC of the outcome of the further search or retrieval of sample documents.  OVIC has power to refer a complaint back to the agency or Minister to make a fresh decision.
Action: Consider making detailed notes of searches undertaken for documents, including locations searched and key word searches undertaken. This will assist you should a review application or complaint be made to OVIC.
If you receive a notice requiring a further search or a sample of documents, ensure you comply with the deadline provided in the notice.

6. New coercive and investigative powers

OVIC has power to conduct an own-motion investigation into an agency or principal officer's performance of functions or obligations under the FOI Act. As part of an investigation, the Information Commissioner can compel the production of documents and witnesses to attend before the Commissioner to be examined on oath or affirmation.
A person served with a notice to produce or attend will have the same protection and/or immunity as a witness in a Supreme Court proceeding and will have the right to legal representation if attending to answer questions.
Non-compliance with a notice to produce or attend to answer questions without a reasonable excuse may constitute an offence.
Action: If you receive a notice requiring you to produce documents or appear before the Commissioner to answer questions, ensure you comply with the requirements set out in the notice and, if required, seek clarification from OVIC.

7. Documents that may prejudice an IBAC investigation

Agencies and Ministers should be aware that documents in their possession, which would (or would be reasonably likely to) prejudice or adversely affect IBAC's investigations or informants, are exempt.
Action: If you identify such a document, notify IBAC that you have received a request for access to the document and seek IBAC's view as to whether the document should be disclosed.
Consider preparing a policy and provide training to decision makers to ensure compliance with this requirement.

8. Reduced time limit for agencies and Ministers to apply for review

While FOI applicants continue to have 60 days to lodge a VCAT review application for an OVIC decision, the time frame for an agency or Minister to lodge a VCAT review application is 14 days.

9. Professional standards for decision makers

OVIC will implement professional standards which will operate like a code of conduct to ensure FOI decision makers meet minimum standards for dealing with applicants, conducting document searches, processing requests and engaging in timely and good decision making. The standards are binding on agencies and principal officers.  Principal officers are also responsible for ensuring that all officers and employees are informed about the standards and for ensuring compliance by junior staff.
The standards do not automatically apply to staff in Ministerial offices, but the Premier has the power to adopt the standards (with modifications, if needed) and apply them to Ministers and their staff (Ministerial Standards).
Action:  You may receive an invitation from OVIC inviting your agency to participate in a consultation process for the development of the standards.
Provide training for your FOI decision makers and staff to ensure compliance with the new standards. 
Ensure your agency’s current practices comply with not only the legal requirements but also the 'spirit’ of the FOI Act.

This blog was prepared by Joanne Kummrow and Samudhya Jayasekara with the assistance of Milli Allan.

For further information on FOI matters contact:

Joanne Kummrow 
8684 0462

Andrew Field 
8684 0889

Michele Rowland
8684 0413

Kay Chan
8684 4020