Create and manage business information so that it can be effectively accessed over time by staff and other users with a right of access.

Recommended actions

8.1 Make business information readily available unless:

there is a reason to restrict or partially restrict access, such as security or privacy considerations.

8.2 Remove restrictions on business information as soon as they no longer apply.

Business information is more valuable when it can be accessed readily by those with a need to use it. Encourage a culture of openness unless there is a need to restrict access to, or the use of, business information. Ensure that both staff, including contracted staff, and the public know their rights to access business information through training and promotion.

It is important to protect certain information and limit access to those with a right to view it due to considerations such as confidentiality, security or privacy. If possible, have an identified date when access restrictions can be lifted, for example information may be embargoed until a certain date or event, such as the budget release. If a date cannot be identified set a review period to ensure that access to business information is not restricted where there is no ongoing need to do so.

These practices align with the Protective Security Policy Framework's (PSPF) advice that appropriately limiting classification of information promotes an open and transparent democratic government, enables accountability in government policies and practices and promotes efficiency in managing information across government. The PSPF also provides guidance on the declassification process.

Key resources

• Protecting information
• Protective Security Policy Framework: INFOSEC 8 Sensitive and classified information and INFOSEC 9 Access to information

8.3 Facilitate the use of business information based on the understood needs of known and potential user groups, for example web content accessibility needs.

An information review can be used to gather insights about who uses business information now and who might use it in the future. The review would include gathering requirements based on the needs of user groups and should reveal any cultural or technological barriers to easy access.

The Digital Transformation Agency (DTA) has published guidance on designing content so that it is accessible and inclusive. The Australian population is culturally diverse and varies in ability to access information. Suggestions to overcome barriers include translation into other languages, accessible formats, and appropriate captioning. DTA has also produced guidance on designing services that best meets the needs of users. This is applicable to the service of providing access to business information.

Key resources

• Content Guide – Accessibility and inclusivity
• Digital Service Standard – Digital Guides - 1. Understand user needs

8.4 Evaluate the technological environment within which business information will be shared. This could include staff in remote areas or members of the public without access to the most recent technologies.

Your information review will reveal the variety of user needs that you need to consider. This should include the location of users both on-site and off-site and what devices or platforms they will be using to access information.

The Digital Transformation Agency's Digital Service Standard provides useful advice on factors to take into account to make a service accessible to users. These include both technological and human considerations.

Key resources

• Information review
• Digital Service Standard - Digital Guides – 9. Make it accessible

8.5 Plan to progressively improve business systems governance and architecture to facilitate sharing information and reduce silos internally and externally.

Most agencies work from a mix of legacy, modified and new systems which may be onsite or cloud-based. Information may be siloed in stand-alone systems, personal drives or in environments such as mobile devices or social media platforms. This can impede business efficiency and the capacity to access all needed information; compromising decision making, rights and entitlements or agency reputation, for example if information requested in a discovery order was unable to be located.

If business information has become siloed you can use your information management strategy to identify weaknesses and plan for remedial action. Information from your system information management plan which documents technical details about each system and any data sharing arrangements will be useful.

The National Archives has developed a resource which details key themes and development phases when building interoperability. This resource is complemented by scenarios that take you through the development phases to resolve common interoperability hurdles.

Improvements in your system architecture should be based on business needs. Staff may not need to access information held in all systems. Not all systems need to integrate with another system.

Solutions may be technical or non- technical. You may plan to improve interoperability between systems or implement enterprise search tools which can search across multiple systems or stores of information. Other solutions include writing policies that require the capture business information in endorsed systems where the information is accessible to all authorised users. Endorsed systems might vary from internal business systems, including EDRMS, to approved and known social media platforms.

Key resources

• Compliance with summons, subpoenas and orders of discovery
• Information management strategy
• Information management plan (PDF, 162KB)
• Building interoperability
• Information management policy

The Building trust in the public record policy recommends that agencies assess interoperability maturity based on business and stakeholder needs. Identify interoperability maturity gaps and plan to address them (action 11).

8.6 Release and publish business information, including datasets, for public discovery and reuse.

This should be done according to Australian Government law and policy, including to:

• Meet open government objectives
• Comply with the public's right of access
• Maximise government, industry and public benefit from Australian Government information and data.

Business information is a valuable asset to Government, industry and the public. Business information should be created and managed to enable trusted access and reuse by the public.

The Australian Government has made a public data policy statement where it commits to optimise the use and reuse of public data, to release non-sensitive data as open by default, and extend the value of public data for the benefit of the Australian public. This includes the publication of anonymised government data on or linked through data.gov.au. The Digital Transformation Agency has advice on open data and how to responsibly provide data that is freely available, accessible and machine readable.

When the Australian Government adopted the Open Data Charter it committed to making data and datasets available to maximise its value to drive social and economic outcomes. The Office of the National Data Commissioner is responsible for implementing a simpler data sharing and release framework.

The first principle of the Office of the Information Commissioners' Principles of open public sector information states that if there is no legal need to protect information it should be open to public access. In order to make it discoverable online, principle five recommends that it is open, standards-based and machine readable.

Intellectual property principles produced by the Department of Communications and the Arts recommend that public sector information should be licenced under the Creative Commons By standard as the default, to facilitate free and open re-use and adaptation of public sector information (Principle 11(b)).

The Australian Government works with civil society though the Open Government Partnership to provide better access to government-held information and data. This supports the public's understanding, and ability to participate in, the workings of an accountable government.

Business information should be managed to enable individual and collective public rights to access government information. The public may request access to business information from an agency and they also have rights of access under legislation such as:

• the Archives Act 1983
• the Freedom of Information Act 1982
• the Privacy Act 1988

The public has a right to apply for access for business information over a certain age under the Archives Act 1983. This right exists whether the records are in the custody of the National Archives, or an agency.

The Office of the Australian Information Commissioner provides guidance on providing public access under the Freedom of Information Act 1982 and the Privacy Act 1988.

Agencies subject to the Freedom of Information Act 1982 must publish certain information online under the information publication scheme.

Key resources

• Australian Government Public Data Policy Statement
• Open data (PDF, 1.25MB) 
• Open Data Charter
• Office of the National Data Commissioner
• Principles on open public sector information
• Intellectual property principles for Commonwealth entities
• Access to records under the Archives Act – Fact Sheet 10
• Office of the Australian Information Commissioner

8.7 Govern, create, describe, store, preserve, retain and manage business information with the end purpose of making it easy to find, easy to use and easy to share for reuse, for as long as needed.

Well-designed policies, processes, systems and practices enable business information to be reliably accessed when and where needed. Use and re-use of Australian Government business information supports the performance of Government responsibilities, rights and entitlements, and community and industry benefit.