"Bundaberg Regional Council (BRC) is committed to right to information and information

privacy," the report found.

"Although it still needs to develop and implement some policies, and put systems and processes in place, the council has worked hard since our electronic audit in December 2018 to comply with its legislative obligations.

"For example, it has established a good process for training new staff about their right to information and information privacy responsibilities."

The audit made 12 recommendations for Council:

Recommendation 1

Within 12 months, develops and implements an information governance framework and supporting documented plans, policies and procedures to drive right to information and information privacy aims.

Recommendation 2

Within 12 months, develops and implements performance measures for access to

information and information privacy outcomes, aligned with its operational plan.

Recommendation 3

Within 12 months, implements mandatory periodic refresher training on right to

information and information privacy for all staff.

Recommendation 4

Within 12 months:

• better promotes its administrative access schemes on its website

• develops an administrative access policy that outlines the type of information staff can release, and the process for doing so.

Recommendation 5

Within 12 months:

• implements an information asset register, assigns responsibility for each asset and

classifies them to determine their suitability for public release

• develops and publishes a version of the information asset register to better inform

the community about the information it holds, and who to contact to request access

to an information holding

• implements a process to review the information asset register regularly so it

remains current and relevant.

Recommendation 6

Within 12 months, implements a process to update the publication scheme regularly

so the community has access to relevant and up-to-date information.

Recommendation 7

Within 12 months, reviews collection notices for all forms and online emails and

amends them to ensure compliance with the Information Privacy Act 2009.

Recommendation 8

Within 12 months, establishes a rolling program of regular review of collection

notices for all forms and online emails, to maintain compliance with the Information

Privacy Act 2009.

Recommendation 9

Within 12 months:

• develops and implements a policy and procedures about privacy impact assessments

• integrates privacy impact assessments in its risk management and project management methodologies and tools.

Recommendation 10

Within 12 months, develops and implements a policy and procedures for managing

its camera surveillance which:

• is consistent with the council's legislative obligations, under the Right to Information

Act 2009 and Information Privacy Act 2009

• covers all its audio and video technologies, and all devices

• provides sufficient detail to guide staff operating the system.

Recommendation 11

Within six months, strengthens its safeguards to better protect camera surveillance

footage from unauthorised access, use, modification or disclosure, and other misuse

and loss

Recommendation 12

Within12 months, reviews its arrangement with the Queensland Police Service for

the operation of camera surveillance, and takes all steps necessary to ensure the

council complies with the Information Privacy Act 2009.

Bundaberg Council accepted the recommendations and proposed a management action in response to each of them.

More to come later today.