Chuck
I suggest you have a look at the NSW Government's "Guide to labeling
sensitive information"
http://www.oit.nsw.gov.au/pages.asp?CAT=764&ID=779
It focuses not on types of documents but on the potential impact of
disclosure on the organisation. Not quite what you are after, I know, but
it helps put things in a perspective. And in spite of the title, the Guide
contains lots of useful suggestions on access, storage etc. Most
importantly, it says that there are only three restricted levels (in
confidence, protected and Highly Protected) so you don't have to figure
out if 'top secret' is higher or lower than 'highly confidential' and so
on. It also points out that the classification varies over time. A very
logical document.
We are a state-owned corporation (energy distribution and retailing
utility), that is, we operate just like a publicly-listed company, except
that our shares are 100% owned by the state government (at least this
month). We are not a government department, but are subject to the NSW
State Records Act, FOI and Privacy laws.
Privacy legislation has had the biggest impact on us, and it is a bit of a
moving target. Our legislation focuses again not on type of document, but
on category of information, and the overall prescription is that we cannot
reveal information which may reveal someone's identity or address. This
gets tricky, eg for demographic surveys - if you are the only red headed
50-yr old with 7 kids in a street or suburb, we can't reveal hair colour
or family size information if other released details could lead to your
residence or financial or other details being deduced. But if there are
thousands of fecund red headed 50 yr olds, we probably can release the
information. Hovering over all of this is the requirement that we can only
use information for the purposes for which it was originally collected, so
we can't use for marketing purposes, or reveal, an address originally
acquired for the purposes of doing an electrical installation.
So our answer is, it depends on purpose and context, and it changes
according to circumstance and over time. But overall I think you have a
pretty comprehensive list to start from.
I did raise my right eyebrow at your last item - if in doubt, assume it's
confidential. NSW State Records have an official attitude that says 'if in
doubt let it out', as do the FOI people. They have a hard time pushing
this line against 300 yrs of "public service" tradition that assumes
everything is by default confidential except under the greatest and most
exceptional duress. But if you are not subject to FOI or State Records
Acts, you are responsible only to your shareholders, so do whatever is
appropriate.
Oh, and we do of course restrict access to anything (plans, photos etc)
which might be of interest to terrorists or anyone wishing to get details
of our physical infrastructure (buildings, substations, transmission
lines). I think the phrase we used is "likely to cause death or injury to
our staff or members of the public". NSW State Records has a rule that all
documents over 30 yrs old are by default freely available, even if still
in current use, and you can see a list of exceptions (Access Regulations)
at
http://www.records.nsw.gov.au/recordkeeping/access_regulation_5341.asp
And before anyone asks why we have currently active documents over 30
years old, construction projects, plans, contracts etc are retained for
life of asset plus 7. How long does a substation last?
Cheers
Glenn
Glenn Sanders MRMA
[log in to unmask]
[log in to unmask]
Australia
These views are mine alone. They may or may not be those of any
previous or present employers or clients. I don't know. If I'd asked
and they'd agreed, I would have signed it "Harry Peck and Co and
Glenn". Or whatever. But I haven't, so I didn't.
----------------------------------------------------------------------------------------
This e-mail may contain confidential or privileged information. If you have received it in error, please notify the sender immediately via return e-mail and then delete the original e-mail. EnergyAustralia has collected your business contact details for dealing with you in your business capacity. More information about how we handle your personal information, including your right of access is contained at http://www.energy.com.au.
----------------------------------------------------------------------------------------
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
|