Risk assessment remains a core governance requirement!

Risk assessment remains a core governance requirement!

LG Leader April 2020

It is to be noted that whilst the Privacy Act 1988 (of the Commonwealth) does not apply to SA councils (and will only do so if the State introduces ‘mirror legislation’ as has occurred in other States), many councils have adopted ‘privacy policies’ or ‘privacy statements’ or similar, as part of a commitment to good corporate governance and community accountability. As a public authority, a council that has an agreed position about privacy issues will be held to account, at least by the Ombudsman, according to the standards that it has adopted. It is also to be considered in this context that the Code of Conduct for Council Members obliges elected members to comply with all council policies, codes and resolutions.

Consistent with the message that has recently been shared by the Governance Institute of Australia, whilst councils are busy dealing with the wide range of community issues and concerns in terms of both ‘normal business’ and as arising from the impact of COVID-19, care must be taken to ensure that privacy (in accordance with adopted standards) and data safeguards, do not slip. This is particularly relevant given that significant numbers of officers are working from home offices (or elsewhere in their home). This new ‘dynamic’ (and, possibly, permanent dynamic for some officers as working arrangements change as a result of the current experience), gives rise to a host of concerns, not only around confidentiality but also in respect of data collection and privacy, as a result of the remote working.

It is necessary for councils to review not only WHS compliance for home working, but also systems generally, including physical and cyber security. The speed of the transition to where we currently are (it was an ‘overnight’ requirement) means a period of adjustment which, because of the circumstances, has not been able to be led by governance and systems planning. This would be the case if the luxury of time had permitted. Councils cannot afford to relegate risk assessment, including internal controls, in these unprecedented times. These governance requirements must be ‘front of mind’ whilst councils struggle to continue to undertake ‘normal’ work activities, from off-site locations.

For more information please contact Michael Kelledy on mkelledy@kelledyjones.com.au or 08 8113 7103.

Insight - Explore our Local Government knowledge base