Effectively engaging with Victorian public sector (VPS) agencies is a key priority for OVIC. Our goal is to embed a culture in the VPS that promotes fair access to information while ensuring its proper use and protection.
In 2019 OVIC developed a Stakeholder Engagement Strategy to guide our engagement activities and complement our Strategic Plan.
Stakeholder engagement survey
To measure and assess the effectiveness of our engagement activities a short online survey was developed and deployed to Victorian public sector agencies in October 2019.
The survey was designed to capture feedback from all agencies involved in the implementation of the Victorian Protective Data Security Framework (VPDSF) and information security, privacy and processing freedom of information requests.
The survey comprised three key branches:
- freedom of information;
- privacy; and
- information security.
Participants were asked to complete the relevant section where their agency has most frequent interaction.
A representative sample from all levels and roles including officers, managers and executives was surveyed across government to ensure we have a statistically valid representative data set.
We thank agencies for their participation in the survey. A total of 324 responses were reported by 212 surveyed stakeholders.
The survey was strictly confidential and results were gathered in aggregated form only to enhance communication, help us set our strategic priorities and inform the design of future engagement activities.
Research insights and opportunities for improvement
- Survey results confirmed that OVIC is performing very well as a trusted advisor and source of expertise on FOI/public access, privacy, and data protection related matters.
There is particularly high regard for presentations and reasonably high ratings of the quality of advice provided. Privacy complaints is an area where processes could be enhanced. As a result, our privacy complaints processes have been refined and additional new guidance materials explaining the process released.
- Findings indicated that OVIC is seen as a source of high-quality information and education activities on FOI/public access, privacy and data protection.
100% of surveyed stakeholders had visited OVIC’s website in the past 12 months and found its information helpful in the day to day operation of agencies.
A user research project is currently underway to enhance the user experience and accessibility of our website. Our new online webinar agency training program will also be launched next month.
- Stakeholders were found to have a reasonable understanding of the legislation and OVIC’s responsibilities including activities to improve the VPS culture to promote increasing acceptance of the legislation.
Operational staff support was the lowest overall and there is a lower understanding of information security legislation, reflective of its more recent addition to the legislative reform agenda of government.
- OVIC shifts agency attitudes towards public access to information.
While results were fairly positive, 8% of stakeholders reported that their agency was ‘poor to very poor’ at looking for opportunities to reduce the need for FOI requests (e.g. publishing information before it is requested under FOI) and only 22% report that their agency did this ‘ok’. This reinforces OVIC’s role as an agent of change to engage more actively with agencies to embed a culture of proactive release.
OVIC published a discussion paper on proactive and informal release in March 2020. Further engagement initiatives will be undertaken to encourage cultural change across the VPS to enhance the proactive release of information.
- Agencies will be proactive about protecting personal privacy – findings indicated strong progress in developing a privacy culture across the VPS.
There was a 50% overlap reported in the role of agency staff working in both privacy and freedom of information.
An eLearning module on data breaches was released earlier this year and in July 2020 OVIC will commence our information privacy webinar program for VPS agencies.
- Agencies will have a maturing security culture at all levels of the organisation.
Very positive relationships with OVIC’s Information Security team were reported.
Progress can still be made in creating and enhancing a maturing information security culture across the VPS, to create broader understanding of what ‘information security’ means to VPS staff.
Online round table sessions will commence in July 2020 providing an opportunity for agency staff and practitioners to ask questions in the lead up to the 2020 Protective Data Security Plan reporting deadline.
These sessions will provide an additional opportunity to engage in a more effective, time critical manner.
The next wave of the survey will be deployed in September 2020.
We encourage Victorian government organisations that interact with OVIC to complete this year’s annual survey. If you would like to participate please email email@example.com for more information.