Regulating government information

As the regulator of Information Management (IM) across the public sector, Archives New Zealand is responsible for looking into the alleged poor management, mishandling or improper disposal of public information.

The Public Records Act 2005 (PRA) does not give Archives New Zealand specific powers to investigate, so any evaluation of a perceived breach of a regulated party’s responsibilities under the PRA is termed an ‘assessment’.

If we find there has been a breach, we then make recommendations to the public office responsible on what remedying action to take – i.e how they can improve their systems. Prosecution for an offence under the PRA is possible, but we have not actively considered this option during 2018/19, other than the case explained in our 2017/18 report.

How we identify issues

Records are a vital accountability and transparency measure and form the basis for significant decision making. When problems with information management frustrate accountability, the Chief Archivist’s regulatory role allows intervention.

We find out about these problems through:

  • our monitoring and compliance work

  • our daily interactions with regulated parties

  • complaints from directly affected or concerned members of the public

  • information reported in the media or received as part of journalists’ investigations

  • complaints from concerned third-party organisations and referrals from the Office of the Ombudsman

  • Our new monitoring framework will help us systematically identify issues across the sector.

Working with the Ombudsman

Archives New Zealand and the Office of the Ombudsman Tari o Te Kaitiaki Mana Tangata continued a close working relationship in 2018/19. The Ombudsman is a small but growing source of referrals about potential breaches of the PRA.

The PRA intersects with several other Acts, notably the Official Information Act 1982 (OIA) and the Local Government Official Information and Meetings Act 1987 (LGOIMA). Some complaints made to the Ombudsman include instances where organisations cannot supply information because:

  • it cannot be located, despite extensive searching;
  • it would require significant collation and research to be made available; and/or
  • it is determined not to be held when it could be reasonably expected that the information should exist.

Under section 28(6) of the OIA and section 27(6) of the LGOIMA, the Ombudsman may notify the Chief Archivist when an information request has been refused by an organisation for these reasons.

Requests for official information

In this year’s survey on public sector information management, we asked organisations whether they had difficulty responding to official information requests because the information did not exist, or it exists but could not be found. (Q.29).

This refers to sections 18(e) and 17(e) respectively of the OIA and LGOIMA which provide grounds for organisations to refuse a request for information.

As shown in Figure 1 below, almost three-quarters (74%) of our survey respondents strongly or mostly disagreed they could not respond to requests for official information because the information did not exist. A similar percentage (78%) mostly or strongly disagreed they could not respond to requests for official information because the information could not be found.

Figure 1: Whether organisations had difficulties responding to requests for official information

Figure 1 shows that almost three-quarters (74%) of our survey respondents strongly or mostly disagreed they could not respond to requests for official information because the information did not exist. A similar percentage (78%) mostly or strongly disagreed they could not respond to requests for official information because the information could not be found.

Figure 1 shows that almost three-quarters (74%) of our survey respondents strongly or mostly disagreed they could not respond to requests for official information because the information did not exist. A similar percentage (78%) mostly or strongly disagreed they could not respond to requests for official information because the information could not be found.

Figure 1: Whether organisations had difficulties responding to requests for official information

We compared this with information from the Ombudsman that stated the office received 189 notifiable complaints in the 2017/18 year. While the statistics cover slightly different timelines, 82 of these complaints referred to information that did not exist or could not be found.

Of those:

  • 63 complaints were made under section 18(e) of the OIA; and
  • 19 complaints were made under section 17(e) of the LGOIMA.

This suggests the confidence with which the survey participants answered our questions may be overstated.

Archives New Zealand and the Office of the Ombudsman are looking to strengthen our relationship with the aim of improving organisations’ responses to OIA and LGOIMA requests by improving IM maturity and capacity.

Understanding PRA obligations – protecting information

While Archives New Zealand receives requests for assessment from the Office of the Ombudsman and from the public, we are also proactive when the media or other sources publicise information management (IM) concerns.

  • Case study

    Evidence in Pike River investigations

    Lost evidence in the Pike River investigation lead to a request for assessment into the IM systems of both the New Zealand Police and the former Department of Labour.

    Read more
  • Case study

    Mishandled and lost patient files

    When a Dunedin newspaper reported that patient files had been found in a public place in Christchurch, Archives New Zealand began an assessment focusing on the IM systems across two DHBs.

    Read more
  • Case study

    Lost government loan records

    Public offices can request their transferred files back from Archives New Zealand, through our Government Loans Service, if they need to refer to them. However, the records come with a duty of care – they must be protected and returned.

    Read more

Records demonstrate openness and transparency

The PRA requires every public offce and local authority to “create and maintain full and accurate records of its affairs, in accordance with normal, prudent business practice”, (section 17) to enable the government to be held accountable.

This includes minutes of any meetings with elected representatives, such as council or committee meetings. If information is inaccurate or incomplete they do not meet this requirement.

Here are some examples where we assessed potential failures to meet this requirement.

  • Case study

    Poor IM contributes to regulatory failure

    The New Zealand Transport Agency (NZTA) approached Archives New Zealand for support improving its compliance with the PRA.

    Read more

Recordkeeping advice – supporting the sector

Archives New Zealand provides a phone and email advisory service to all government and local authority staff with a role in information and records management. This is known as rkadvice.

We support organisations to clarify matters or resolve dilemmas by highlighting the most relevant factors to consider and include in our advice any wider management or risk issues of which we are aware.

We respond to most enquiries directly and draw on the information from our online channels. Rkadvice also co-ordinates with, or refers queries to, subject matter experts within Archives New Zealand.

Who uses rkadvice?

More than 490 people used the service in 2018/19, an average of 41 queries a month. Those contacting us range from very experienced information managers, through to those new to the PRA. We often direct this last group to the introductory guidance on our Managing Information web page.

What are the trends?

Most enquiries are essentially asking how to apply or implement digital ways of working in business, operational and legislative environments. There are many inquiries about our Destruction of source information after digitisation guidance, with a wide range of specific questions asked. These have included questions about checksums, metadata, technical standards, scanning, signatures, formats, and whether source records could or should be destroyed.

Queries about whole-of-government IM areas are increasing, including questions about cloud storage, data security and privacy. We generally respond with referrals to our online guidance and links to the whole-of-government guidance on digital.govt.nz.

How queries help improve guidance

When we see a number of similar questions flowing through, we know it’s a common area of interest. This helps us to know what areas we should develop more in-depth guidance on.

For example, when people asked about file formats, we forwarded the queries to our digital preservation experts, and their advice was later shared on our Managing Information web page.

Here are some examples of our rkadvice team in action during 2018/19.

Scanning high-value files

A consultant working for a local authority contacted us regarding the technical specifications for digitisation. During our discussion they described a context indicating a higher-than-usual risk around the future usability and access to core business property records.

When digitising, it’s not just the scanning process that must be planned; the ongoing management of the digitised record also requires careful planning and monitoring. Due to previous issues with quality, and difficulty recruiting suitably skilled staff, the local authority had additional risk factors.

We suggested a risk review strategy, including the advice that quality assurance, useability and accessibility mitigation factors be implemented consistently over a number of years before the original source records were destroyed.

Paper only for evidence?

An information and records management practitioner asked whether very high-value contracts could be scanned and the paper records subsequently destroyed. They were concerned about destroying the original paper contracts because, if a dispute ended in court, past cases had required paper contracts.

A contract could consist of many parts that may have been created over decades by multiple people, teams and information systems, meaning they were ‘high-value and high-risk’. In this case, creating and maintaining digital contract records with sufficient evidential quality is complex with many risks needing mitigation.

It was important to consider the wider environment and the needs of multiple stakeholders – including the courts’ requirements.

We advised:

  • conducting an in-depth analysis of the local authority’s business processes and information systems;
  • involving the local authority’s risk and legal staff; and
  • considering other relevant legislation.

By then implementing the principles of the mandatory Information and records management standard the local authority would be able to create and maintain full, accurate and accessible record.