It may soon become mandatory for digital government service delivery projects to include information governance requirements in their business cases, if the National Archives of Australia’s (NAA) proposal to the Federal Government’s digital services inquiry is accepted and acted on.
According to the NAA submission to the Senate inquiry, 87 per cent of federal agencies are now managing their information digitally as of 2017, compared to just 30 per cent in 2010. The cost of physical storage has also decreased by $94 million per annum across government from 2010 to 2015.
However, despite the government’s transition to digital information management, the NAA submission noted that agencies “often focus on the technological solution over the value of the information” and neglect to think about their long-term business needs, resulting in the need for expensive retrospective work.
“Information needs to be managed as a strategic government asset in the same way as any other assets are managed,” said Teressa Ward, Assistant Director-General of NAA in the Senate Committee hearing on 14 March.
“If it's not managed that way, it's more likely to be fragmented and out of date, unreadable and unusable now and into the future.”
NAA’s submission recommends building on its existing strategies outlined in its Digital Continuity 2020 Policy. Launched in November 2015, the policy establishes a Whole-of-Government (WofG) approach to information governance. The policy calls for federal agencies to replace analogue or immature digital processes with end-to-end digital work processes by 31 December 2020, with information to be stored in an accessible digital form.
It states that information governance principles will be vital for ensuring the “future value of information”, which “is dependent on its ability to be used, reused and shared” as a strategic asset.
To ensure the proper handling of government information assets, NAA’s key recommendation is to make “information governance and appropriate information management planning … a mandatory inclusion in new business cases.”
“This should include costings for the management of information created, collected or generated by the project or platform across its lifetime, inclusive of future migration requirements,” states the submission.
The submission also proposes shifting towards “information management by design” via two avenues: procurement and design.
“This approach recognises that greater opportunity exists at the point of procurement or development to consider and build-in appropriate levels of description as part of a system’s overall design and functionality”.
Information management functionality also “needs to be considered at the outset of technical development, rather than being retrofitted, to enable information to be properly managed,” according to Ward.
Early implementation of risk mitigation techniques as part of the digital transformation journey can also help government entities become more resilient to cyber threats. Intermedium’s recent research suggests that governments can prevent the snow-balling risk caused by rapid agency-level digital transformation if appropriate information management and risk mitigation controls are in place and enforced from the beginning.
Information management in Australia
Other governments in Australia have also been transitioning their information to digital formats. NSW State Archives and Records is already piloting machine learning to replace manual and semi-automated sentencing processes used to classify the vast quantities of unstructured public record data. The Public Record Office of Victoria (PROV) has also expressed intention to explore “emerging technologies such as character recognition of nineteenth-century handwriting … [and the] use of machine learning technologies for records management.”
This emphasis on better information management is putting traditional electronic document and records management systems (EDRMS) and agency practices under scrutiny.
In March 2017, the Victorian Office of the Auditor-General reported on the Department of Education and Training (DET) and the Department of Health and Human Services’ (DHHS) record-keeping practices. The audit report found that an estimated 16,800 files are recorded as ‘missing’ in DHHS’s system, including 622 child protection files. Further, 5,504 files were classified as ‘in-transit’, with 4,606 files taking over a year to transition from one system to another.
“[P]resently, neither DET nor DHHS has implemented a successful records management program, nor are they managing all of their records in accordance with all legal requirements,” concluded the report.
NAA’s recommendation aims to prevent these kinds of situations.
“If data is kept in places which aren't secure—you don't have version control or you don't [have] approval mechanisms controlling that digital data—it's easy for it to be deleted or lost,” Ward stated.
“What we're saying is: treat it like any other asset. Document what your policies and strategies are. Have time frames documented about how you're going to care for that information and make sure it continues to be available. Do that at the very beginning and know what your requirements are before you go in for an ICT build.”