Managing GIPA Act applications and preserving information access rights during COVID-19
By Hayley Tam• 07 April 2020 • 6 min read
Evolving business continuity arrangements due to COVID-19 will have an impact on how NSW local councils, NSW State government departments and other agencies manage their responsibilities under the Government Information (Public Access) Act 2009 (NSW) (GIPA Act) and the Government Information (Public Access) Regulations 2018 (NSW) (GIPA Regs). In particular, agencies may be concerned about how they will meet GIPA Act timeframes and avoid deemed refusals.
Can new applications be suspended?
No. There is no provision in the GIPA Act or the GIPA Regs to suspend or prevent access applications from being made. Indeed, an IPC COVID-19 Note indicates it is important that access to government information is preserved during these challenging times, despite increased pressure on agency staff.
Can the timeframe for acknowledging receipt of a valid application be extended?
No. There is no provision in the GIPA Act or the GIPA Regs to extend the timeframe for acknowledging receipt of a valid access application under section 51. Agencies must decide whether an access application is a valid one and notify the applicant of its decision within 5 working days of the application being received. However, acknowledging receipt of a valid access application does not prevent the agency from subsequently deciding that the application is not valid or seeking agreement to extend the timeframe for making the decision.
Can the timeframe for responding to access applications be extended?
Yes. Agencies are required to decide an access application and give notice of its decision within 20 working days (decision period). However, section 57 enables the decision period to be extended, and further extended, if this is agreed by the applicant. If the applicant does not agree to an extension, the agency should continue to work on the application where possible.
What if the application is unable to be resourced?
An agency can refuse to deal with an application if any of the reasons set out in section 60 are satisfied. This includes where dealing with the application would require an unreasonable and substantial diversion of the agency’s resources. In making this decision, the agency may take into account (without limitation) the factors set out in section 60(3A), including the agency’s size and resources. While this is not a factor addressed in the IPC COVID-19 note, in our view, one of the factors open to an agency to take into account is whether it is practically possible to source and collate documents when a large or substantial part of its workforce is working remotely.
What are the consequences of failing to meet the decision period?
If an agency fails to decide an access application within the time-frame, it is deemed to have refused the application, and any application fee is to be refunded under section 63. However, this does not prevent the agency from continuing to deal with the application and make a late decision.
A deemed refusal is a reviewable decision under Part 5, which means the aggrieved person may be able to apply for:
- internal review of the decision by the agency
- external review of the decision by the Information Commissioner
- administrative review of the decision by NCAT.
What about informal requests?
Agencies may wish to encourage requests for government information to be made informally in accordance with section 8. There are no timeframes for responding to these applications. Importantly, decisions made in informal applications are not reviewable. An agency cannot be required to disclose government information pursuant to an informal request nor can they be required to consider an informal request.
What steps should agencies take to manage GIPA applications?
The IPC has published COVID-19 Information for Agencies, which includes a number of steps which agencies are encouraged to take in respect of GIPA applications. In summary:
- Agencies should update their GIPA page to provide information on contact details, the arrangements in place for responding to access applications, and how timeframes may be impacted.
- Agencies should assess existing applications and identify where extensions of time may be required. See generally the IPC Fact Sheet on Extensions of Time.
- Where current correspondence requires an action on the part of the access applicant, the agency could send the applicant a notice of the estimated processing charges and, if required, at the same time seek an extension of the timeframe for the agency to make its decision.
- For other correspondence, such as acknowledgement letters or update emails, the agency could send correspondence to request an extension.
- Where an agency is due to decide on an access application within the coming weeks and is not able to issue the decision in time it can ask the applicant to agree to an extension of time.
In deciding the appropriate amount of additional time required for deciding an access application, the agency may consider:
- the length of time the agency is unable to operate due to the outbreak
- whether agency staff numbers are affected by decisions to have staff working remotely, staff leave or diversion of resources to essential services
- whether staff dealing with the access application are able to access the information from other parts of the agency that may be impacted by resource limitations.
What if agencies are unable to meet a time-frame set in an IPC external review?
The IPC requests that agencies contact their review officer prior to the due date to request an extension of time.
What if agencies are unable to meet a time-frame in relation to a complaint?
The IPC request that agencies contact their case officer prior to the due date to request an extension of time.
The IPC is, at this stage, continuing to progress complaints and applications for external review. There may of course be delays and circumstances which require the IPC to seek an extension for the review period under section 92A(2).
Privacy and COVID-19
The IPC has also issued a note on COVID-19 and preserving privacy rights. This includes guidance on managing obligations to staff and the public under the Privacy and Personal Information Protection Act 1998 and Health Records and Information Privacy Act 2002.
Maddocks has produced guides to a range of legal issues raised by the coronavirus (COVID-19). You can access these guides here.
Managing climate change-related risks in the financial system
By Patrick Ibbotson & Jessica Dorricott
Risks posed by climate change to the stability of the US financial system.
GDPR decision slaps down Privacy Shield and imposes strict conditions on Standard Contractual Clauses – implications for Australian organisations
Impacts for Australian entities who are either directly subject to the GDPR or receiving personal data from the EEA.
What is in a name? The disclosure of public servants’ names and contact details under FOI
The OAIC has issued a position paper on the disclosure of public servants’ names and contact details in documents.