Report finalised: 11 December 2020
Department’s response: 6 January 2021
Report published: 29 January 2021

Download the print (complete) version and read our media release

Below is Part 1: Executive summary

Commissioner initiated investigations and reasons for undertaking this investigation

1.1 The objects of the Freedom of Information Act 1982 (FOI Act) are to give the Australian community access to information held by the Government.  It requires agencies to publish information and provides a right of access to documents.  The Parliament intends by these objects to promote Australia’s representative democracy by contributing towards increasing public participation in Government processes, with a view to promoting better-informed decision-making and increasing scrutiny, discussion, comment and review of the Government’s activities.

1.2 The FOI Act also expressly states that Parliament intends that functions and powers given by the FOI Act are to be performed and exercised, as far as possible, to facilitate and promote public access to information, promptly and at the lowest reasonable cost.  Timely provision of public access to government information is a central enabler to fulfil the objects of the FOI Act.

1.3 As set out in section 10 of the Australian Information Commissioner Act 2010 (Cth), the Information Commissioner has the FOI functions, which under section 8 includes monitoring, investigating and reporting on compliance by agencies with the FOI Act.  Under section 69(2) of the FOI Act I may investigate an agency’s actions in performing its functions, or exercising its powers, under the FOI Act on my own initiative.  I must also generally investigate a complaint made by a person under section 70 about an action taken by an agency in the performance of functions or the exercise of powers under the FOI Act.

1.4 In determining whether to commence this investigation in relation to the Department of Home Affairs (Department)[1] under section 69(2) of the FOI Act, I considered the compliance by the Department with the statutory processing requirements of the FOI Act for requests (FOI requests) for non-personal information.  This was prompted by receiving 13 complaints (Initial Complaints) which I was required to investigate, raising concerns about delay in the processing of requests for non-personal information.  In the case of each of the FOI requests that were the subject of the Initial Complaints (Initial FOI Requests), the Department exceeded the statutory processing time by between 5 and 256 days.  I also took into consideration other material which was before the Office of the Australian Information Commissioner (OAIC) at the time, including:

  1. FOI statistics for the financial years 2016-17, 2017-18 and 2018-19 and the period 1 July 2019 to 30 September 2019, as reported by the Department, including the number of requests received and the number of requests finalised within the statutory timeframes, and
  2. the number of Information Commissioner review (IC review) applications then current in relation to the Department, particularly in relation to the number of IC review applications where the Department was deemed to have made an access refusal decision where it did not meet the processing timeframes.

1.5I have taken into consideration investigations conducted by former Information Commissioners on similar issues.[2] Amongst other matters, I may take into account the objects of the FOI Act and the risks and impacts of non-compliance by an agency with the FOI Act.

1.6The Initial Complaints which I was required to investigate related to the Initial FOI Requests.  Two of the applicants were journalists and one was an individual.  The applicants made FOI requests for information that related to matters of public interest relevant to the core functions of the Department and, in some cases, related to matters in which there had been significant media interest.  The Initial FOI Requests included, for example, information regarding medical treatment provided to asylum seekers and refugees, disclosures of interests under section 19 of the Australian Border Force Act 2015 (Cth) and the treatment of detainees in detention facilities.  Many of the requests were complex and involved large numbers of documents.

1.7 By way of further background, data submitted to the OAIC by the Department over the past four financial years shows:[3]

  1. for each of the financial years, in excess of 50% of the FOI requests for non-personal information were processed outside of the statutory processing period and in the final year, 63% of those FOI requests were processed outside of that period,
  2. assessed on a quarterly basis, there has been a significant increase in the percentage of non-personal FOI requests not processed within the statutory processing period over the financial years 2018-19 and 2019-20[4], and
  3. over the four financial years, the number of IC review applications received by the OAIC in relation to the Department’s processing of FOI requests for non-personal information has increased, including an increasing trend in the number of IC review applications for deemed access refusal decisions.

1.8Given the factors outlined in paragraphs 1.4 to 1.6, and in light of the underlying principles and objects of the FOI Act, I determined to undertake this investigation under section 69(2) of the FOI Act to consider the Department’s compliance with the statutory processing timeframes set out in the FOI Act.  My investigation has been limited to FOI requests for non-personal information.  However, there would be benefit in the Department considering the broader application of my findings and recommendations, as summarised in Table 1, in relation to all FOI requests that are received by the Department, that is, for both personal and non-personal information.[5]

1.9 As required by the FOI Act, this report sets out the results of my investigation, as well as my formal recommendations.  I have also set out the reasons for why I have made my findings and recommendations.  The Department’s response to this report is attached as Attachment C.

Previous investigations

1.10 It is apparent that issues of delay have persisted in the Department over a number of years and have been the subject of numerous previous reviews.[6] The OAIC also notes that many of the findings and recommendations in this investigation have been the subject of previous reports, indicating a serious need for issues of delay to be rectified and sustained. For example, the 2012 own motion investigation of the then Department of Immigration recommended that the Department should consider and address inadequate internal governance arrangements for controlling delays in processing non-routine FOI requests and for ensuring senior executive supervision of those requests as well as failures to consider applying to the OAIC for extensions of time to process requests under section 15AB or 15AC of the FOI Act.  My findings from this CII indicate that these issues remain.

Findings of investigation

1.11The information considered in this investigation indicates that the Department does not have adequate governance and systems of accountability in place to ensure compliance with statutory time frames for processing FOI requests for non-personal information.[7]

1.12The other key findings from my investigation may be summarised as follows:

  1. In a general sense, a greater degree of senior level support and leadership for embedding policies, procedures and systems of accountability for compliance with the statutory processing periods in the FOI Act, would assist the Department in meeting the statutory processing period requirements of the FOI Act.[8]
  2. With regard to the Department’s FOI Section:
    1. There is evidence that not all of the staff within the FOI Section are available to assist in the processing of FOI requests for non-personal information which has contributed to delays in processing these FOI requests.[9]
    2. The policies and processes that the Department has in place for the FOI Section do not address the steps required, both in relation to escalation and finalisation of decisions, where delays are contributed to by business areas of the Department or third parties.[10]
    3. The policies and processes that the Department has in place for FOI requests for non-personal information do not adequately address use of the provisions of the FOI Act which enable an agency to seek an extension of time in processing FOI requests.[11]
  3. With regard to the business areas of the Department:
    1. The Department has implemented an approach for processing FOI requests for non-personal information that requires significant engagement by the staff in the business areas to which a relevant FOI request relates.  The training and resources made available to those staff does not facilitate processing FOI requests within the FOI Act statutory processing periods.[12]
    2. The Department’s processes for consulting with senior staff, the Department’s Media Operations and Minister’s Office in relation to FOI requests limits the ability of the Department to meet FOI Act statutory processing periods.[13]
  1. There are inadequate policies and procedures in place to support compliance with the requirements of section 6C of the FOI Act.[14]

Recommendations

1.13The formal recommendations that I have made under section 86(2)(b) of the FOI Act in this report address improving the policies, systems of governance and accountability, procedures and training of the Department that are appropriate to ensure that the Department is able to meet the statutory processing periods specified under the FOI Act. I have also recommended that implementation of the recommendations is audited and a report provided to the OAIC.  A summary of my recommendations from this CII is set out in Table 1.  The detailed recommendations are set out in Part 5 of this report.

Table 1:  Summary of recommendations

No.

Summary of recommendation

Timing for implementation

1.

Appoint an Information Champion[15]

I recommend that the Department appoint an Information Champion. The Information Champion may be supported by an information governance board to provide leadership, oversight and accountability necessary to promote and operationalise compliance by the Department with the FOI Act.

1 month from the date that comments on this report are due

2.

Operational Processes and Procedures[16]

I recommend that the Department prepare and implement an operational manual for processing FOI requests for non-personal information to be approved by the Information Champion referred to in Recommendation 1 and at a minimum:

(a)    specify the steps that will be taken to ensure compliance with statutory processing requirements (as set out in more detail in Part 5),

(b)    specify the steps that will be taken to ensure compliance with section 6C of the FOI Act and the processes to be adopted to request documents from contracted service providers, and

(c)    include a short form guidance note to assist business areas in processing FOI requests for non-personal information.

Consistent with the requirements of the Information Publication Scheme, I recommend that the operational manual should be made publicly available by the Department on its website.

I recommend that the steps that will be taken to ensure compliance with section 6C of the FOI Act, as referred to in subparagraph (c), should be replicated in all other policies of the Department which relate to contractual requirements for procurement by the Department.

3 months from the date that comments on this report are due

3.

Training[17]

I recommend that the Department:

(a)    undertake and complete training for FOI Section staff and other staff (both decision makers and other staff who assist decision makers), and

(b)    ensure that online training in processing FOI requests for non-personal information is available to all staff of the Department.

I recommend that new staff joining the FOI Section should be trained within 2 weeks of commencing in the FOI Section.

(a)    Not later than 3 months after the completion of the Operational Manual referred to in Recommendation 2.

(b)    Not later than 6 months after the completion of the Operational Manual referred to in Recommendation 2.

4.

Audit of Compliance[18]

I recommend that the Department undertakes an audit of the processing of FOI requests for non-personal information to assess whether Recommendations 2 and 3 have been implemented and operationalised and whether those actions have been sufficient to address the issues identified in this CII.  The audit should be undertaken either by the Department’s internal audit committee or by an external auditor, as determined by the Department.  A copy of the audit report is to be provided to the OAIC.

Within 3 months of completion of Recommendation 3.

1.14As this CII has focussed on a consideration of the Department’s compliance with the statutory timeframes set out in the FOI Act in relation to processing FOI requests for non-personal information, Recommendations 2 to 4, as set out in Table 1 and described in more detail in Part 4 of this report, are also limited in their scope to FOI requests for non-personal information.  Taking a pragmatic approach to compliance, there would be benefit in the Department considering the broader application of each of the Recommendations in relation to all FOI requests that are received by the Department, that is, for both personal and non-personal information.[19] For example, although Recommendation 3 relates to training for the processing of FOI requests for non-personal information, in implementing Recommendation 3, the Department should give consideration to whether the training of staff across the Department who are involved, in whatever capacity, in the processing of FOI requests for personal information is also up-to-date and whether additional training may be required for that type of FOI request.

Ongoing assessment of the Department’s compliance

1.15The OAIC will continue to work with the Department to ensure not only that the Recommendations are implemented and operationalised but also to ensure that its policies and procedures evolve over time to continue to enable the Department to meet its obligations under the FOI Act, including to meet statutory timeframes.  The OAIC will monitor compliance through quarterly agency statistics submitted by the Department, complaints and IC reviews, including deemed access refusals.

The full report is available for download. If you require an accessible version of the report, please contact us.

Footnotes

[1] Including its predecessor agency, the Department of Immigration and Border Protection.

[2] 0n 26 September 2012, the former Information Commissioner Prof. John McMillan completed an Own Motion Investigation into processing of non-routine FOI requests by the then Department of Immigration and Citizenship: https://www.oaic.gov.au/freedom-of-information/foi-reports/processing-of-non-routine-foi-requests-by-the-department-of-immigration-and-citizenship/  On 22 September 2012, the Department advised the OAIC that in response to the announcement of Prof. McMillan's Own Motion Investigation, the Department had commissioned a review by Mr Robert Cornall of the Department's FOI procedures. That review made a number of recommendations: https://www.oaic.gov.au/freedom-of-information/foi-reports/diac-response-to-omi-report-on-processing-of-non-routine-foi-requests/ On 8 December 2017, the former Information Commissioner Mr Timothy Pilgrim investigated a complaint relating to the processing of non-personal FOI requests.

[3] Part 2 of this report sets out these statistics in detail.

[4] When assessing these statistics on a quarter by quarter basis across the two years, in only one quarter was there an increase in the percentage of non-personal FOI requests processed within time over that two year period.

[5] For example, in 2019–20, the Department processed 69% of requests for personal information within the statutory timeframes.  Further detail on the processing of FOI requests for personal information is set out in Table 3.

[6] As referred to in paragraph 1.5.

[7] As described in paragraphs 4.12 to 4.16.

[8] As described in paragraphs 4.12 to 4.16.

[9] As described in paragraphs 4.20 to 4.23.

[10] As described in paragraphs 4.24 to 4.26.

[11] As described in paragraphs 4.27 to 4.31.

[12] As described in paragraphs 4.34 to 4.40.

[13] As described in paragraph 4.41.

[14] As described in paragraphs 4.46 to 4.51.

[15] Required in light of the findings in paragraphs 4.12 to 4.16.

[16] Required in light of the findings in paragraphs 4.16 to 4.19; 4.24 to 4.31; 4.40 to 4.51.

[17] Required in light of the findings in paragraphs 4.20 to 4.23 and 4.34 to 4.39.

[18] Required in light of the comments in paragraphs 5.1 to 5.5.

[19] In 2019–20, the Department processed 69% of requests for personal information within the statutory timeframes.