The New South Wales government’s information and privacy experts have issued regulatory advice for state government agencies regarding the risks of a fund for digital transformation projects.
Last year the NSW government announced it would allocate $1.6 billion over three years to invest in digital transformation projects through the Digital Restart Fund (DRF).
In advice issued on Friday, information commissioner Elizabeth Tydd and privacy commissioner Samantha Gavel have set out some of the common risks to information access and privacy rights across projects seeking funding from the DRF.
They have also suggested mitigation strategies to preserve citizens’ rights, according to Tydd, who is also the NSW open data advocate.
“Sharing this knowledge with agencies in an accessible manner will help to build the capacity of NSW public sector agencies and ensure that information access and privacy rights are preserved,” she said.
Under the DRF Act, the minister is required to get advice from the information and privacy commissioners before approving DRF funding for a project.
The Information and Privacy Commission (IPC) has reviewed diverse digital projects from a number of agencies, and has grouped the projects into five categories:
- Centralised information and transaction platforms (portals),
- Drones and smart technology,
- Single notification services,
- Data analytics projects,
- Cyber security projects.
The commissioners said that while these kinds of projects could contribute to better outcomes, they could also impact the information access and privacy rights of the public.
“Every digital project will, in some way, involve the creation or use of government information,” Gavel noted.
“A significant proportion of DRF projects will also involve the collection and use of personal information. The IPC’s approach to provision of advice provides practical guidance to ensure that legal rights are preserved.”
The commissioners aim to empower agencies to understand and implement rights-preserving features from the outset, according to Tydd.
“More broadly the advice contributes to just and legal outcomes by promoting accessibility and digital inclusion,” she said.
“When engaging non-government providers, contractual requirements should promote the preservation of rights and recognise that government remains accountable to citizens.”
The IPC has consulted with Cyber Security NSW to develop the advice.
The DRF was established in the 2019 budget to ‘fund a whole-of-government digital transformation that will enhance customer experiences’, and promote the use of common platforms across government to ‘remove duplication and increase efficiency’.