Information Acquisition Policy

INFORMATION ACQUISITION POLICY

Purpose

The department’s Information Strategy establishesthe principlesof promoting targeted information acquisition activitiesand valuing information assets.

Information meets our business requirements and is treated as a valuable asset.[1]

Open access to information is the default position of the department, with exception only if required for privacy, security or confidentiality reasons.[2]

The Information Acquisition Policy has been established to implement these principles. The objectives of the policy are to:

Support the department’s business requirements through information acquisition;
Recognise information as being owned by the department and managed on behalf of the department;
Identify liabilities associated with an information acquisition;
Reduce the risk of duplicated acquisition;
Implementa consistent approach to information acquisition;
Increase the department’s capacity for information re-use and sharing; and
Make informationassets as useful to the department as possible.

Scope

Information acquisition is the obtaining of an information asset. It may or may not include the transfer of ownership. The Information Acquisition Policy applies to all informationacquisitions made by the departmentregardless of the funding source. This policy also applies to acquisition by all other means including, but not limited to, free downloads, gifts, mutual information exchange, creation of new information assets by the department, and the incidental acquisition of information as a by-product of other processes.Some processes by which information could be obtained include procurement exercises, grants, program monitoring, research investment and data exchange with other agencies.

Relationship to other DSEWPaC Policies

To obtain a full understanding of your responsibilities and rights under the department’s information management framework, this policy document should be read in conjunction with related Chief Executive’s Instructions (CEI’s) and the relevant departmental policies available on the Policies and Guidelines intranet page including:

Information Strategy;
Information Licensing Policy;
Chief Executive’s Instruction 2.2 – Guarantees, Indemnities, Warranties and Other Contingent Liabilities;
Departmental Instruction – Privacy;
The department’s Agency Security Plan;
The department’s Information Security Policy;
The department’s Subject Matter Security Classification Decision Chart; and
The department’s Document Classification Decision Chart.

This policy forms part of the department’s efforts to reform the management of our information assets. The reform process will increase our information management maturity by improving the effectiveness of information acquisition and its subsequent management. As the information management framework matures, responsibilities and obligations outlined in its policies will be become more detailed.

This policy is supported by an Information Acquisition Procedure to guide users in its application. The procedure provides a broad overview of each policy requirement and a detailed step by step guide to assist users to implement the requirement.

Responsibilities & Obligations

The Information Acquisition Policy appliesto all departmental ongoing and non-ongoing employees. This includes all part time, casual, irregular and intermittent employees who are employed with the department under section 22 of the Public Service Act 1999.

All staff must apply this policy’s requirements to the acquisition of any information asset. These requirements applyto information obtained through procurement exercises, and to informationobtained where no cost is incurred, such as information provided by State and Territory Governments under existing arrangements and incidental acquisition as a by-product of other processes.

Directors must ensure that their staff apply this policy and where appropriate associated procurement processes are followed.

Privacy Requirements

When managing, collecting, using and disclosing information assets staff may also be bound by the legislative requirements of the Privacy Act 1988. If managing, collecting, using and disclosing information that is ‘personal information’, staff must ensure that the personal information is:

Collected in accordance with the Information Privacy Principles 1 – 3;
Stored in accordance with Information Privacy Principle 4;
Used in accordance with Information Privacy Principles 8 - 10; and
Disclosed in accordance with Information Privacy Principle 11.

The remainder of this policy should be read subject to these privacy requirements.

Detailed guidance is provided in the department’s Privacy Departmental Instruction, the Legal Section’s Frequently Asked Questions: Privacy, and on the Office of the Australian Information Commissioner Information Privacy Principles page.

Strategy

The department has identified seven strategic outcomesin our Strategic Plan 2013-17. To deliver these the department depends on comprehensive, trusted and timely information. Information is essential to make sound decisions; to ensure that the department's actions are evidence-based and effective; to engage with the community, industry and other stakeholders and to build the knowledge of staff.

The Information Strategy 2013-17 outlines the department’s vision for information:

We value and treat information as a strategic asset that enables all department business functions and outcomes.

By implementing all aspects of the Information Strategy staff will assist the department to achieve all of its strategic goals by the most efficient and effective means possible. Implementing the Information Strategy will also enable staff to receive the benefits of access to information that has been purchased or developed by other areas of the department.

Policy requirements

Policy requirement 1: Information repository and accessibilityscan

Before initiating a new information acquisition activity staff must complete a thorough search of the available department information databases and repositories. This is to verify that the information required (or something similar that is fit-for-purpose) is not already available within existing resources.

There is currently no complete list of departmental databases and repositories. The Databases and Tools intranet page provides linksto many of them, although this list is not comprehensive. Other repositories that could be reviewed include SPIRE team sites, shared drives and intranet pages.

This action is consistent with the requirements of section 44 of the Financial Management and Accountability Act 1997 which states that a Chief Executive must manage the affairs of his or her agency in a way that promotes the ‘proper use’ of the Commonwealth resources. This obligation also applies to section 44 delegates. Proper use means the ‘efficient, effective, economical and ethical use that is not inconsistent with the policies of the Commonwealth’.

For further information refer to the Information Acquisition Procedure.

Policy requirement 2: Alternative sourcing

Where a cost is to be incurred in the acquisitionstaff should check whether this information could be obtained by a more cost effective means (e.g. as a free download or from another agency under a whole of government licence).This action is consistent with the requirements of section44 of the Financial Management and Accountability Act 1997 in relation to ‘proper use’ of the Commonwealth resources.

For further information refer to the Information Acquisition Procedure.

Policy requirement 3: Contingent liability assessment

Before committing to acquiring information, staff must consider the existence of, and follow any required procedures in relation to, any contingent liability in accordance with Chief Executive’s Instruction 2.2 and regulation 10 and 10A of the Financial Management and Accountability Regulations 1997.

Acquired information that has a contingent liability should have that liability clearly documented. Any exemption given in relation to FMA Regulation 10A, and its related investigation of the likelihood and material impact upon the department, is to be attached to or included within the information asset.

For further information refer to the Information Acquisition Procedure.

Policy requirement 4: Information licensing

When acquiring information, staff must negotiate the most open licensing conditions possible if ownership by the Australian Government is not a viable option. Staffmust apply the open access principle (i.e. open licensing) to all information acquired or developed by the department, except where a security classification or dissemination limiting marker is required.

Approval from the relevant FAS is required for all circumstances where a Creative Commons licence is not able to be agreed. Before approving such an acquisition, the relevant FAS must be satisfied that the licence being proposed is as open as possible and there is no reasonable alternative source for the information.

For further information refer to the Information Acquisition Procedure. For further information on licensing in all contexts refer to the Information Licensing Policy.

Policy requirement 5: Information registration

Where an information asset has been deemed unclassified or not sensitiveit must be deposited into a repository accessible by all staff. As a default the information should also be depositedin a publicly available repository; noting that all information without (and some with) a security classification or dissemination limiting marker is potentially available to the public under the Freedom of Information Act 1982.

Some information is acquired incidentally – as a by-product of other acquisitions or other processes such as datasets which accompany consultant reports or data from an EIS. The staff member managing thatacquisition or process must decide whether this incidental information should itself be considered an information assetby the department. If so, it should be deposited into an appropriaterepository accessible by all staff.

The director of the section responsible for the acquisition must ensure that a copy is deposited within two months of its acquisition. Additionally, the director mustensure that appropriate and sufficient metadata is recorded to enable the information asset’s discovery and wider use. This metadata may be recorded wherethe informationis stored, or external to the information’s repository if that repository is inaccessible to most of the rest of the department.

For further information refer to the Information Acquisition Procedure.

Policy requirement 6: Inform the department of new information

Once deposited into a repository,the director of the section responsible for the acquisition is to ensure that appropriate efforts are made to inform their colleagues of its existence, location and methodsof access.

Repositories with their own broadcasting tools, such as newsletters and intranet page announcements, meet this requirement.Where this service is not available, staff must advertise its existence and location through existing communication tools and networks. The effort to advertise should be proportional to the importance and sensitivity of that asset.

For further information refer to the Information Acquisition Procedure.

Definitions
Information / Data, recorded ideas, knowledge and understanding.It is often described as related concepts in a hierarchy, with each concept being based on analysis and integration of the former with increasing relevance to a particular context. In this policy 'Information' is used as the collective term for the whole hierarchy.
Information Asset / Datasets or information products that enable departmental business functions and outcomes.
Information Acquisition / The obtaining of an Information Asset, which may or may not include the transfer of ownership. For example, obtaining a licence to the Information Asset does not include transfer of ownership.
Note:Acquisition does not includethe incidental accessing of information from the Internet.
Information Management / The means by which the department plans, identifies, creates, receives, collects, organises, governs, secures, uses, controls, disseminates, exchanges, maintains, preserves and disposes of its information. The primary aim of information management is to ensure that the right information is available to the right people, in the right format, at the right time.
Information Repository / An IT system, library or paper filing system location where information assets are deposited, stored and made accessible to potential users.
Department information / All reports, documents, data sets and other information that the departmentacquires or produces for statutory purposes or business needs. Information may occur in a number of formats, such as electronic (digital), print, audio, video, image, graphical, cartographic, physical sample, textual or numerical form.[3]
Contingent liabilities / Commitments that may give rise to a cost as a result of a future event.[4] Indemnities, guarantees, warranties, and letters of comfort between parties to an arrangement are forms of contingent liabilities.
Open licensing conditions / Those that facilitate ease of access to another entity or person’s information with minimal restrictions on its use. While complete freedom to use information in any way is the most open licensing condition, most information owners place some restrictions on use. These restrictions enable the owner to keep some control, but allow others to use and benefit from it. The Australian Governments Open Access and Licensing (AusGOAL) framework is considered best practice by the Australian Government for licensing information to other users.
Metadata / A description that serves to provide context or additional information about other information. Commonly applied metadata includes an overview of the information, a title, a description of the creator, and a date of creation. These requirements can be applied to all types of information. Different information types may have descriptive requirements in addition to the basics. These are described in metadata standards unique to information types.
Personal information / Information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.[5]
POLICY NAME / Information Acquisition Policy
VERSION / 1.0
PREPARED BY / Information Reform Section, Sustainability Policy and Analysis Division
ENDORSED BY / Executive Board Date: 18June 2013
APPROVED BY / Secretary
DATE APPROVED / 19 June 2013
LAST AMENDED / 27 June 2013
DATE OF NEXT REVIEW / June 2014

LICENCE

With the exception of the Commonwealth Coat of Arms and where otherwise noted,SEWPaC information policies are licensed under Creative CommonsAttribution 3.0 Australia licence. This policy should be attributed to “Australian Government Department of Sustainability, Environment, Water, Population and Communities, 2013, Information Acquisition Policy”.
Use of the Coat of Arms
The terms under which the Coat of Arms can be used are detailed on the It’s an Honour website.

Page 1 of 7

[1]Department of Sustainability, Environment, Water, Population and Communities Information Strategy 2013-2017, information principle no. 2 ‘Targeted and valuable’.

[2]Department of Sustainability, Environment, Water, Population and Communities Information Strategy 2013-2017, information principle no. 5 ‘Accessible’.

[3]Queensland Government Enterprise Architecture Glossary

[4]Chief Executive’s Instruction 2.2.

[5]Section 6(1) of the Privacy Act 1988.