A presentation given by Director-General David Fricker in Canberra on 3 February 2014.
What I am going to cover today is what is happening in the information policy landscape across government, to talk about some of the imperatives and the motivations behind what we are all doing across the Commonwealth in terms of information management. And then zero in on some of the issues that have been driven, in particular by the National Archives, that will have a bearing on the Therapeutic Goods Administration (TGA). There are some specific consequences obviously for the TGA and across the Commonwealth sector more generally.
There is sometimes a musty, dusty image of what the Archives is – that we're repositories full of old paper files and all the rest of it. People do come in and make wonderful discoveries of records we have and make wonderful TV shows out of it and all sorts of things. But most importantly for today's discussion, the National Archives has a central responsibility under the Archives Act to impose recordkeeping obligations on the Commonwealth. Recordkeeping obligations means all of the traces of evidence of activity that we create in the course of our business. We take a broad view of what a record means. It is not restricted to what you put in TRIM, it's not restricted to what you print on paper and put into a sleeve – it's emails, it's websites, it's tweets, it's what we have in our personal devices and all the rest of it. It's about those objects which make a record, which provide evidence for the essential activities of what you're doing as an official and of what the organisation is doing, so that's why I am here.
The game-changer here, of course, is digital. It's how we all do business in the 21st century and the latter part of the 20th century. We need to stay ahead of the game and stay on top of what we are doing across the Commonwealth to be working effectively in the digital environment.
I normally start these presentations by talking about the importance of Australia getting on top of the information age. It is clear that the success of any enterprise and the success of any nation is the ability it has to gather information, to hold information and to use information. Information now is really considered the raw material of the 21st century. It's as important as any other resource that we have, be it money, natural resources and human resources. That has to shape our whole psyche in terms of how we come at the issue of what is information management. The public sector is no different from that. We, as individual agencies within the Public Service as a whole and right across the Commonwealth, have to be considering responsibly and in a forward-looking way, what we are doing about information management.
There's also the government's agenda, now that the new government has settled in. We have to look at what the government's agenda is, and so there's a policy framework in government that's upon all of us to implement.
There are several developments coming up in the next six to 12 months. There are going to be reforms to Freedom of Information (FOI) legislation. That will obviously mean that we'll have to be more agile, we'll have to be more responsive, and we'll have to be more comprehensive and cost-effective in the way that we deal with, and respond to, FOI requirements.
Allan Hawke did a review of the FOI legislative regime last year that was tabled in Parliament just before the election. It is now in front of the current Attorney-General.
Intellectual property is an area in which the Attorney-General has said he's interested in coming back to and having a look at the legal framework and treatment of intellectual property, which clearly cuts across the business of the TGA.
Copyright is another one which is with the ALRC at the moment for review of the copyright legislation.
Everyone is well aware that the new privacy laws come into effect next month with the privacy principles. A lot of that is about what the corporate sector does with information, but it has definite consequences for the government sector as well.
The Labor government and the present government have a digital economy as a centrepiece of their policy framework. Part of that is what was the old 'digital first' or 'digital by default' philosophy. The Abbott government has stated that transactions, routine transactions – certainly transactions above 50,000 a year or more – must be conducted in a digital format. They are not saying exclusively as digital, but every one of those has to be available over a digital channel. It is upon all of us to look at the way that we are dealing with industry, dealing with individuals and making sure that we have digital as an opportunity for those entities to do business with government. That is vitally necessary for the overall productivity of industry across Australia and the productivity of the Public Service as well – so that's government policy.
There are other things in there as well. There's public interest disclosure legislation which has just come into force, which will also draw upon our ability to be accountable for what has been done, who made the decisions, what were those decisions, how did we react when issues or allegations were reported to us. That also forms part of what we need to do.
And there is developing commitment to open government. There has been an in-principle agreement, I think, a solid commitment, by the previous government, that has been carried forward into this current government to commit to open government. There is an international framework to make sure that we are engaging with the public within a consultative framework to develop policy across government, to deliver public services and to open up the information holdings of government for economic benefit, and for social and for policy and program outcomes.
So there are the policy directions which we are all obliged to take on board and implement, and there are some clear points of relevance obviously for the TGA, which we will get onto in a moment.
In the mix here are the threats of the environment that we are dealing with, which could be particularly relevant to the TGA given the sensitivity and the value of the information that you have in this organisation, which you are entrusted with.
The threat of cybercrime is growing – it's becoming more sophisticated, it's becoming more globalised, internationalised. The threat of espionage, both state-based espionage and industrial criminal espionage, is growing. Those attacks are becoming a lot more sophisticated, more effective and it's a moving feast. We have to be constantly on guard against those. I think the TGA is a very big juicy, ripe plum sitting up there as a target for espionage, given the sensitivity of the information and intellectual property that is held here and the potential commercial value of that information.
There's also the Ed Snowden effect. WikiLeaks, Bradley Manning, Ed Snowden – it's only a few issues, a bit early to call it a movement per se – but there's definitely a trend where it is becoming, in the public opinion, almost legitimate to have a major breach of confidence. This has this fig leaf of public interest over it and the media will pick it up and they'll start running with it as a public interest. It is a major threat for Commonwealth government agencies, so that we are managing information culture within our organisations to ensure that it never gets to that point, we are dealing effectively and ethically with our information, we know what we are doing, and we have controlled frameworks in place to make sure that it never gets to that point. So that is another part of it.
The final thing I will mention is budgetary pressures. All of these wonderful things that I am talking about today, and all of these futures that we are working towards, have to be achieved within a very tight fiscal environment. We are all doing less with less, and we are all making choices about what we are going to do, and importantly, making choices about what we are not going to do. Information management and information governance has to be a key part of that as well.
So that is the landscape that we are working in. These are the policy objectives and imperatives that we all need to be working towards. These are the policy objectives that the Archives is pushing ahead on, with the powers invested in the Archives and within the responsibilities of the Archives as well. So how do we respond to all of that?
The main theme that I want to talk about today is information governance. An enterprise like the TGA, is an information management agency, an intellectual property agency and a regulatory agency. The currency here is the information and the information governance that is exercised around that information. It means that there must be formal, visible, predictable and repeatable governance frameworks, controlled frameworks, responsibilities and authorities that ensure that the information holdings you have are known, that you know who has responsibility for the stewardship of those information holdings, the particular classes of information, be they submissions, be they test results, be they whatever. That it is known and formally under some sort of controlled framework, some sort of governance framework – so information governance is essential.
The other thing is that it can't be bolted on, you can't do that later, you can't do all of the work you do, and then at the end of it say, 'the other day that Fricker guy was in here and mentioned governance and we'll pop that on'. It has to be built in. It has to be an essential and obvious part of corporate governance. So within your corporate governance frameworks, information governance must play a role. The same way we manage money, the same way we manage IT assets, the same way we manage HR assets, we have to manage information assets. That has to be on this equal level as part of corporate governance – I'm very happy to discuss a bit more of that as well.
The other thing I repeat here is that it is more than just an electronic document and records management system (EDRMS). It's your emails, inbox, sent items and stuff which provides evidence of essential activity that is being undertaken - it is all a record. It's no good pretending that it is not. A record is made as a by-product of what you do. All of that has to be embraced as part of this information governance. So when I talk about recordkeeping obligations, I mean everything. It's the stuff that I am creating here and now, on the iPad in front of me, it's the stuff that's in your emails, the stuff on your personal devices, et cetera. Email, of course, is a major accumulator of information at the moment, so that has to be included in your corporate governance and information governance frameworks – again, happy to come back to that.
Part of what we are doing is the Digital Transition Policy. Now it is government policy, and this government's policy, that by the end of 2015, information which is created as digital information, that is born digital, has to be maintained as digital, and if it is to be retained as national archival material, it will come to the Archives as digital. That then spills out to the other records that you manage as digital. So beyond 2015, come 1 January 2016 it is upon all of us to have digital information management in place. And you're not allowed to get something digitally, print it off, scribble all over it, and then scan it again and give it to me as digital, that's cheating and you'll be caught. So don't do that. It's got to be go-to-whoa, cradle-to-grave digital management.
There's a reason for that. It's because if we don't, if we keep printing stuff to paper, it will just be lost. Twenty years from now, no-one will know it's there, no-one will be able to find it and quite frankly, our children and our grandchildren just couldn't be bothered – they won't get up to look for it. If it's not online, it won't exist. And so it is vitally important for us to see our future obligations, as this information must be preserved but it must be useable, it must be authentic, it must be accessible, and that will only happen if we preserve this stuff as digital. If we keep putting stuff to paper, it will be musty and dusty, it will be lost in a warehouse somewhere, and we'll be abrogating our responsibility to the future. So it's vitally important – that's the final bit of the plank.
There are no legal impediments to this. There are some processes we have to go through. There will be instruments that we'll need to bring up to date and there may be some regulations that might need to be improved. I can tell you that there are no legal impediments to having authentic digital material which provides the basis for an authorisation of an important decision, or provides evidence of an activity or a decision, or provides a record that will stand up in any court or as a Commonwealth record. There's a bit of myth and folklore around this, but we cannot let that myth and folklore keep us back in the 1950s. We have to be clear about what the future is. The future is digital. We live and breathe it anyway. None of us come to work anymore without some sort of engagement with digital media. That's the way the world operates. That's certainly the way the Australian Public Service (APS) operates.
So that's, if you like, the policy framework, that's what the APS policy agenda is, and that's what the Archives is pushing. So these are the expectations and obligations upon all of us, but certainly ourselves included.
Every agency is unique, and this one is as unique as any other agency. There will be volume issues, sensitivity, IT security, industry engagement and there will be legal and procedural issues that you have to confront. But we can't be in denial about this. This is just as important as anything else that we are doing. We cannot be a viable, operational entity in the 21st century unless we grab a hold of this, and do it professionally and maintain our determination to do it.
So far it has just been you, you, you, you and you're sitting there thinking, 'that's very nice to say that, but you haven't got my budget and you haven't got my operational programs. What have you done for me lately, and what are you going to do for me?'
What the Archives is doing, is that we are engaging through regular programs of doing records authorities. Developing a records authority is a partnership, it's a consultative, participative process, but it's also a business analysis process. It's an opportunity to do a top-down analysis of what the business of the TGA is, what's important, what's the information that must be preserved, and therefore, what doesn't need to be preserved. So 95 per cent of the stuff we create can be thrown away, frankly, as long as you have a records authority or it is allowed under legislation. My job is to help us all keep the 5 per cent that means something.
It doesn't mean that you keep everything. When I say that email is important I don't mean every last one, you know, 'Gary have you had a cup of coffee this afternoon or whatever', that's not historical, and – no offence Gary – nobody cares. But 5 per cent, my worry is that we might throw the 5 per cent away, or the 5 per cent is kept in this big pile of rubbish and it will never be seen again because it will be lost in all of this dross. So it's very important that we're doing that, and that's what our records authorities process is.
We do have a lot of information available as resources through our website which I might point to in a moment. We run agency forums, events, Information Awareness Month, conferences and a great deal of seminars et cetera to enable agencies to get together and tell us what their problems are and what their issues are.
Through naa.gov.au under records management, there are things like 'what is a record?'. What do we mean when we say 'record'? How do we embrace digital material? What do we mean by digital continuity? How are we going to preserve our digital history? How do you get help? Training programs are up there. As much advice and assistance as we can think up, is there as resources.
I know everyone is time-poor, so it's not upon each of you to dive in there every day. At a conceptual level that I am very clear on communicating consistent advice across the Public Service and across the Commonwealth is to make sure that we do understand that we are all commonly bound and obliged to be responsible with the information we have.
The reason we keep records, and it might be worth repeating this, is that if we don't know what information we have, we're not going to make good decisions. You know, it's simple, we can't support any sort of reforms that we need to drive. We won't be able to reform any processes, we won't be able to do structural reform if we don't have ready access to the information that we have.
We need it to be accountable. The TGA knows more than, probably, any other organisation that occasionally when the light is shone upon you for what you have done and why you've done it. You need to know what happened, you need to understand what went on, what decisions were made, who made them, what happened next. It's all about accountability.
The other thing is that we need information to protect the rights and entitlements of industry out there. Pharmaceutical companies for example, need to know exactly what their status is, what's the condition of their licences or have they paid their invoice or whatever it might be. Also we need records to preserve the rights and entitlements of individuals. They may be you, personally, as an employee of this place, they may be the staff that work for you – you need that.
There are vitally important reasons, operationally, to maintain this information as records of the Commonwealth. Historically as well, in the future there is a responsibility for us to preserve a history of Australia – and you make history. The work that goes on here is shaping the history of Australia, and it is important. We won't make better policy in the future unless we understand what we have done in the past.
And then the final thing, this is a recent thing, is economic benefit. What's happening now is that, not only is there historical value in the information of government, but there is economic benefit. This will help the digital economy develop and it will help the broader Australian economy develop into the future. It's an economic resource as well.
The other things I might add – we are also working with industry, so we do work with software vendors to try and 'front-end load' products. This means that you don't have to start an IT project to get a solution. As far as possible you can just buy a solution off the shelf. We want to make it very clear that vendors understand the value of that and if they want to sell to the Commonwealth, they should be dealing with us.
And the last thing for the Archives, we are, of course, in the same situation as you, I have to do this as well within the Archives. So I know exactly how difficult it is, and we are building ourselves up organisationally to be a digital Archives and provide the range of services that are fully digital.
I know I have gone over time there, and so I should stop and see if there is any discussion on any of the points I have raised. If you need me to come back to any and re-emphasise, or just challenge me, I would be delighted to do that as well.
Thank you, any questions?
I'm interested in working with industry. Are we at a point yet where we have whole-of-government supplier panels that work in this modern space so that the new products that are coming out? Is there a common procurement framework yet where you guys might evaluate the suitability of products and then we can choose them without needing to reinvent the wheel?
No, not a formal mechanism, and that is something that we haven't quite got to the stage where we can certify, because we don't have the mechanisms in place to actually run a certification. But I am very attracted to the idea that we can provide some sort of certification process so that if you are buying, you know, SharePoint this or you're buying an EDRMS product, TRIM or whatever it is, or an email solution, that it has some sort of certification and you can therefore bring it on board with confidence that it fulfils all of the requirements. So I'm not there yet, but I'm really interested in that as a concept.
The government's going with email as a service. Hopefully that's going to happen in the next two years where everyone will just purchase off the cloud with email. So you'll be right into that?
Yes, and reload it with all the metadata you need for the data to decipher itself – what's got to go off to be preserved, what can be dropped five years from now. When we develop records authorities, we identify classes of information that should be kept for seven years, 20 years or forever, or whatever. It would be nice that once you have done that, that's all automated, so there are business rules embedded in the software we have which just knows what's going to be preserved and what can be destroyed.
I thought you were going to mention the Magna Carta at some stage?
(Laughs) I might.
Which version? There was a presentation last year David and the crew headed up, the Editor-in-Chief of TheCanberra Times, was it?
He talked about the Magna Carta which is the first authentic record, it's withstood its day, and which is still readable.]
Yes, that's right, and he had a version of the Domesday Book with him which is still readable and accessible. That the other issue with digital information, I don't know how many of you still have cupboards of floppy disks and things at home, or Wordstar or VisiCalc spreadsheets or something. You can read the Domesday Book today, slight knowledge of Latin or French maybe would be useful, but you can read it. I would be very hard pressed to get a floppy disk from 1986 and be able to read it today, let alone a Word Perfect document or whatever it was we were using even 10 years ago. So yes, it is something I am interested in Gary, and I do take that on board, that the more we can do as a whole of government, in partnership with AGIMO and others.
And in partnership with agencies – we are about to re-engineer our business process. There might be something tiny in there that's useful to other agencies. It would be good for us to be able to throw it up and people can have a look and if it's useful, borrow it, and if it's not, tell us how to do it better.
The biggest thing will be weaning ourselves off is paper processes – and even when we get stuff in, either telling our industry or the public that we engage with that we need the stuff digitally. It's in their interest to do it digitally and if we do that, we improve the quality of the transactions. We can achieve efficiencies.
Where we do get stuff digitally we don't then print it to paper, just because we're comfortable with it and we like having a two-ring binder and signing this and that – we just have to get off that because that doesn't work anymore. It works for the 10 minutes that you're working on the document and it might even work for six months afterwards, but it's not going to work six years from now, and certainly won't work 60 years from now. So that's the cultural process change, the shift that we have to achieve. The only impediments that we have, is our ability to change – there are no legal or technical impediments to doing that, but we must do it.
There are no legal impediments to doing it – the train that we're moving towards is the documents that are born digitally will be retained digitally.
A signature is just one legal instrument, but there are other legal instruments. If you're in a court of law, all sorts of digital matter is used in evidence. You don't need a signed bit of paper to prove that I sent you that text message or I sent you that email and the email was accepted. Within EDRMS products like TRIM, like others, there are workflow capabilities in there. Within email there are workflow capabilities in there. Those things stand up, and provided that it is part of your corporate governance to say we actually apply responsible stewardship to our email holdings, to our EDRMS et cetera, and that's how we do maintain the authenticity of our workflow, then that's fine. The technology is perfectly acceptable and it will be as legally binding and as strong evidence as a signature on a bit of paper.
Well, I would suggest that it's more secure than a signature on a piece of paper because as soon as you put it on a piece of paper and send it out in the world it's public property. I guarantee you can get on the internet and you'll find signatures of most of the people in this room which you could extract and put onto documents if you wanted to.
Yes, that's right, which is why it's crazy when we sign something and then PDF it and email that as the official document, it's just nuts when you think about it. It's beautiful and presents very well, I do it sometimes just because I think it's polite. But that's got less security actually than a digital signature that could be applied. That's a really good point.
I'm here and the Archives is ready to assist and we're all in this together.
There are some big challenges and we're kicking off some big projects so it's good to get your thoughts and help us really engage with it. Thank you.
Thank you very much.