- Introduction
- Confidentiality
- Information provided under an expectation of confidentiality, or to which a legal obligation of confidentiality still applies
- Records containing information which was given in confidence
- Records containing information which could have an adverse effect on the business affairs of an individual or organisation (commercial confidentiality)
- Records containing information given under legal professional privilege
- Secrecy provisions of other legislation
- Culturally sensitive Indigenous information
- Personal information
- Jeopardise the future provision of information
- Security and safety
Introduction
This section discusses the categories of information that favour a CPA direction and their application, and suggests considerations which may be relevant when assessing typical series, classes or groups of records. This discussion is intended to provide guidance, not to prescribe ready-made answers.
Examples of access directions that have already been made are included to illustrate how the categories have been applied to real records and to promote a degree of consistency in the regulation of public access to open period records across the sector. Any decision, however, on how to apply the categories and determine closure periods should be based on an understanding of the nature and content of records as they relate to the functions of the public office.
Confidentiality
Information provided under an expectation of confidentiality, or to which a legal obligation of confidentiality still applies
Confidentiality is the legal or ethical obligation arising from the circumstances in which a person or organisation discloses information to another person or organisation under an express or implied expectation that the information will not be used to affect adversely the discloser's interests. The obligation is primarily owed to the person who provided the information in the first place.
This category may include:
- information which the confider has a legitimate interest in keeping confidential, is not in the public domain or is not able to be found out by anyone without substantial effort;
- personal or non-personal information; and
- a contractual agreement or circumstances surrounding the provision of information which give rise to reliance or trust.
Records containing information which was given in confidence
Records should not be closed simply because they are labelled as 'confidential' or 'in confidence'. For the disclosure to be a breach of confidence the information should meet all of the following criteria:
- the information was originally communicated in confidence; and
- it is still confidential (not generally known or publicly available); and
- a disclosure would still breach the confidentiality of the original confider when the records are more than 30 years old.
A specific form of confidential information is that which discloses the existence or identity of people providing information to public offices responsible for investigating criminal offences or collecting intelligence relevant to security, and where public access would impair the recruitment or maintenance of confidential sources. Such information would normally be the subject of a CPA direction for an extended period of time. This category does not extend, however, to people who routinely report or complain about routine infringements of the law, for example to a local council.
| Example from the register of access directions | Closed period |
|---|---|
| Formal investigation records, including matters dealing with witnesses, statements, evidence and property seizures, covert operations and intelligence, legal briefs, litigation and appeals | 90 years |
Records containing information which could have an adverse effect on the business affairs of an individual or organisation (commercial confidentiality)
A claim of commercial confidentiality arises where there is a need to protect commercial negotiations conducted by public offices, or details of internal business operations of State owned corporations or of firms contracting with public offices.
After 30 years there will usually no longer be any competitive disadvantage from disclosure of such information and the public interest in permitting public access to information about Government business operations will outweigh any adverse effects of disclosure. The information or similar information about the business may well be available through other disclosure regimes.
Public offices also collect information on the financial position of individual clients. Most records containing individuals' financial or taxation information are destroyed before the age of 30 years. Consequently it would be unusual to have to consider an adverse business effect resulting from the disclosure of such information. The category of personal information should be considered if the records contain detailed information about an individual.
| Examples from the register of access directions | Closed period |
|---|---|
| Commercial records containing commercial in confidence material: these records relate to delivery, construction, commercial developments and activities. | 30 years from date of last action or expiry of agreement |
| Agreements and deeds: Includes agreements for sale, mortgage agreements, joint ventures and financial agreements | 50 years |
| Records relating to client loans | 50 years |
| Bad debts ledgers and registers | 50 years |
Records containing information given under legal professional privilege
Legal professional privilege or client/solicitor privilege is intended to protect information or advice which has been prepared for the purpose of litigation. The privilege is exercised by a legal practitioner on behalf of their client and is intended to protect the client.
Generally legal practitioners employed by public offices provide advice within their public office or to other public offices, rather than to private individuals or corporations. Given that the records being assessed are at least 30 years of age and that there is a presumption in favour of open access, legal professional privilege alone is usually not an appropriate ground for closing State records to public access. Such intra-government legal advice may, however, contain information falling into one of the categories favouring a CPA direction, which should be assessed on a risk management basis.
When assessing records that may contain information provided by members of the public that has been incorporated into legal advice the category relating to personal information should be considered.
Secrecy provisions of other legislation
Information which is protected under secrecy or confidentiality provisions in other legislation
Under section 53 of the State Records Act, a provision of any Act that prohibits the disclosure or divulging of information does not apply to disclosures under Part 6, provided that the information is in a State record in the open access period and the subject to an OPA direction. The existence of standard secrecy or confidentiality provisions in legislation therefore should not be relied on when making a closed access direction unless the provision expressly overrides the State Records Act.
Consideration should, however, still be made as to whether the sensitivity which the secrecy or confidentiality provisions were intended to protect remains relevant when the records are more than 30 years old. Examples might include the protection for spent convictions under the Criminal Records Act 1991, protection of HIV information under Part 3, Division 4 of the Public Health Act 1991 or protection of the identity of complainants under the Protected Disclosures Act 1994.
| Example from the register of access directions | Closed period |
|---|---|
| Records identifying persons protected under the Protected Disclosure legislation | 90 years |
Culturally sensitive Indigenous information
Culturally sensitive Indigenous information or information that would disclose secret/sacred Indigenous tradition
There are two categories of records relating to Aboriginal and Torres Strait Islander people which may call for special consideration:
- Records containing information about the beliefs or ritual practices of particular traditional communities or groups (sacred/secret matters), and
- Records documenting the activities or social conditions of Indigenous people which contain derogatory or distressing judgements or otherwise single out Aboriginal people for adverse comment either as individuals or groups.
Records containing information which is regarded as secret or sacred under Indigenous tradition or is restricted to particular groups of people should normally be subject to a CPA direction unless accredited representatives give specific consent to it being placed in open access. The precise balance between closure and openness in relation to these records is best developed in consultation with representatives of relevant communities and in accordance with established protocols.
Records that document the activities or social conditions of Indigenous people should be assessed against the category relating to personal information. For general guidance on the treatment of records relating to Indigenous people see the Aboriginal and Torres Strait Islander Protocols for Libraries, Archives and Information Services (2010), published by the Aboriginal and Torres Strait Islander Library and Information Resource Network, .
|
Example from the register of access directions |
Closed period |
|---|---|
|
Cultural heritage information pertaining to Aboriginal relics, sites and places of significance |
Permanently |
Personal information
Records likely to contain personal information which should be protected from dislosure or information which unreasonably discloses personal affairs
Personal informationwhich should be protected from disclosure
Personal information is information about an individual whose identity is apparent or can reasonably be ascertained from the information. Many records will contain personal information such as names, addresses, dates and places of birth. Some records will contain personal information such as an individual's medical, employment or financial details.
If consideration is being given to providing early access to records not yet in the open access period, public offices must comply with their legal obligations under NSW privacy laws. That is, early public access to records less than 30 years old and containing personal information must not be authorised if it would breach the disclosure principles of the Privacy and Personal Information Protection Act 1998 or the Health Records and Information Privacy Act 2002 (discussed in the next chapter). Those Acts protect personal information from inappropriate disclosure.
For records at least 30 years old and in the open access period, however, the privacy concerns are less acute. These records will generally no longer affect significant interests or be considered sensitive. Personal information contained in such records generally no longer requires protection from disclosure. This is because the personal information is generally no longer capable of being used to make decisions about the person. Nor will its disclosure generally have an adverse impact on the person.
Public offices should consider making a CPA direction for records in the open access period in circumstances where the records contain personal information still requiring protection. That is, where the record contains personal information which, if disclosed, would likely have an adverse impact on the person. Records typically containing personal information which should be protected by way of a CPA direction include personnel records, client files of welfare agencies and medical and health records.
As access directions are made for whole series, classes or groups, it is not generally appropriate to seek the views of the individuals concerned before making a direction, except in relation to culturally sensitive Indigenous information or health information.
Unreasonable disclosure of personal affairs
A disclosure of personal affairs is unreasonable when the disclosure would adversely affect the person concerned by causing them either material loss, loss of reputation, shame, humiliation, serious embarrassment or other significant inconvenience. Just because a record refers to a person by name does not mean that the document relates to that person's personal affairs.
Some personal information relating to deceased people
As stated above, sometimes personal information in records more than 30 years old requires protection where disclosure of the information would have an adverse impact on the person to whom it relates. This is generally extinguished once the person to whom it relates has died. A CPA direction covering records about deceased persons may, however, be considered in exceptional circumstances where one or more of the following considerations apply:
- the records deal with sensitive matters which may cause embarrassment or distress to close relatives, for example, health information;
- the deceased person might reasonably have expected restrictions on future access at the time information was originally compiled, (see 3.1 above); and
- the information relates so closely to a survivor that it could equally be seen as information about the survivor.
Length of closure for personal information requiring protection
If a CPA direction is made on the grounds that the records contain personal information requiring protection from disclosure, it is necessary to decide when the records can be made open to public access.
The age of relevant people at the time records were created should be considered. Records containing information relating to children require longer periods of closure.
| Examples from the register of access directions | Closed period |
|---|---|
| Staff summary records, including registers and history cards | 50 years |
| Tenancy agreements | 70 years |
| Criminal matters - case files | 75 years |
| Staff personnel records, excluding summary records such as history cards | 100 years from date of birth |
| Patient identifying medical records | 110 years |
Jeopardise the future provision of information
Information whose disclosure could jeopardise the future provision of information to a public office, particularly a public office performing an investigatory function
Records which disclose methods or procedures for preventing, detecting, investigating, or dealing with matters arising out of breaches or evasions of the law which, if publicly available, would be likely to prejudice the effectiveness of those methods or procedures may require a CPA direction.
A public office should ensure that there is still a real concern at the time a CPA direction is made or reviewed and should not rely on broad presumptions which applied when the information was originally recorded.
Security and safety Information whose disclosure could compromise the security of the public office, an organisation or place regulated by the public office or any other public office, or threatens the safety of any person
Information that could endanger life and physical safety could include information which is inherently dangerous or information which could render an employee, client or informant vulnerable to violent retaliation or retribution.
A decision should take into account information whose disclosure could compromise the security of a public office or place, its clients or the public, such as details about technologies, or the location of hazardous materials or devices, or detailed design or building plans that may indicate vulnerable points or security measures.
| Example from the register of access directions | Closed period |
|---|---|
| Records documenting the design, construction, operation and maintenance of utility assets and related security issues | 30 years from date of the closure of the facility |
Security and safety
Information whose disclosure could compromise the security of the public office, an organisation or place regulated by the public office or any other public office, or threatens the safety of any person
Information that could endanger life and physical safety could include information which is inherently dangerous or information which could render an employee, client or informant vulnerable to violent retaliation or retribution.
A decision should take into account information whose disclosure could compromise the security of a public office or place, its clients or the public, such as details about technologies, or the location of hazardous materials or devices, or detailed design or building plans that may indicate vulnerable points or security measures.
| Example from the register of access directions | Closed period |
|---|---|
| Records documenting the design, construction, operation and maintenance of utility assets and related security issues | While facility/asset is current |
Published 2014