Administrative access to information procedure

Audience

Department-wide

Purpose

This procedure outlines how the Department of Education (the department) processes requests for administrative access to information.

Overview

The department is committed to providing the community access to suitable departmental information quickly and easily as a matter of course. Administrative access to information (administrative access) allows access to certain information held by the department without having to apply through a formal application process. It puts information into the community faster, at lower cost, reduces processing resources, and demonstrates openness and transparency when compared to the alternative of applying for the release of information formally under the Right to Information Act 2009 (Qld) or the Information Privacy Act 2009 (Qld). Formal applications under these acts should only be considered as the last option.

This procedure outlines the considerations which inform the administrative release of information to individuals, organisations, the community and/or other government departments.

Examples of information that may be deemed as potentially suitable for release include, but are not limited to:

• requests where there are no significant adverse effects (for example physical, reputational or financial harm) to an individual or organisation as a result of disclosing the information
• documents a requestor previously submitted to the department
• former students requesting information from their school regarding their education history.

The approach of releasing information administratively wherever required or possible aligns with the Queensland Government's Information access and use policy (IS33). The department will not, unless authorised or required by law, release information that is prohibited from release under legislation (including section 47 of the Right to Information Act 2009 (Qld)), information classified as SENSITIVE or PROTECTED (DoE employees only), or which contains personal information relating to a third party.

This procedure only includes the administrative access to information process under the Right to Information Act 2009 (Qld) or the Information Privacy Act 2009 (Qld). Other departmental procedures and legislative requests for information processes are not in scope of this procedure such as requests under the Education (General Provisions) Act 2006 (Qld) and the Disclosing personal information to law enforcement agencies procedure.

Responsibilities

Employees

• direct administrative access requests to the relevant school, regional or central office
• report any suspected privacy breaches that occur as a result of an administrative access process
• support managers, principals, directors or above in undertaking the administrative access process as required.

Managers, principals, directors or above

• manage administrative access requests
• sight and confirm the identity of the requestor and the requestors' relationship to any personal information
• evaluate if the requested information can be released under this administrative access process
• ensure the request and all the associated decisions and actions are captured within an authorised recordkeeping system (see definition below).

Information access officers or local records management staff

• assist the managers, principals, directors or above to locate the requested information and ensure records management actions required in the process are actioned
• support the administrative access requests process such as providing advice or locating, retrieving, and collating information
• regional employees, as part of the Information Access Officers Network, provide support to principals in managing the administrative access requests process.

Process

To complement the following written process, several visual representations have been developed. These include an end-to-end process map and a decision-making process map (DoE employees only).

Image 1 – Process overview

Receiving a request for information

Direct the request to the relevant area

Any person can submit an administrative access to information request in writing (email or letter) to the relevant schools, regional and central office. The requestor may also use and lodge the Administrative access to information request form. If an employee receives a request for information their area does not hold, they must direct the request to the relevant school, regional office or business unit. The relevant area will then manage the request. Regional employees who are members of the Information Access Officers Network (DoE employees only) can provide assistance to principals in managing school information requests.

While there is no mandatory timeframe, as a guide a simple end-to-end information access request process should be completed within 5 to 10 business/school days of the request being received by the relevant school, regional office or business unit. More complex requests may take additional time.

Parent/carers requests

Parents/carers or other persons with parental responsibility for a current student may submit a request for information on behalf of the student. The parent/carer must be able to provide proof of their identity and evidence of their current relationship with the student. A request of this nature is managed either by the relevant school or coordinated by the regional office.

Former student requests

Former students who are over 18, or are independent students under 18, can submit a request for information themselves or nominate someone to act on their behalf. Where the former student is under 18 but not independent, their application must be made by their parent or carer. A former student over 18 must be able to provide proof of their identity. Any person with authority to act on behalf of a former student must provide evidence of their relationship. A request of this nature is managed either by the relevant school or coordinated by the regional office.

Current employee requests

Current employees may request access to their own personal records such as pay advices, timesheets and employment records. Requests of this nature must be forwarded directly to the Human Resources Branch via the Services Catalogue Online General enquiry form (DoE employees only) for processing. Current employee requests for their own personal information are excluded from the remainder of this procedure. All other information requests from current and former employees must follow the process in this procedure.

Media requests

Employees must forward all requests from media outlets such as newspapers, magazines, radio and television programs directly to Strategic Communication and Engagement Branch via media@qed.qld.gov.au for internal management and processing.

Other requests

Anyone may request administrative access to information such as researchers, independent students, solicitors. former employees and other government department employees. The request is managed by the relevant school, regional office or business unit.

Determine the availability of the requested information

Managers, principals, directors or above must evaluate the request and determine:

• where the information is located
• availability of the information
• the appropriate information security classification (DoE employees only)
• if it includes personal information.

An information access officer (DoE employees only) or local records management staff can provide support in locating the requested information. Managers, principals, directors or above may be required to forward the request or liaise with other areas of the department to gain access to the information. For example, the Records Support team within the IT Service Centre (DoE employees only) can assist with searching for information held by Queensland State Archives.

The information provided must be in its current state. However, if reasonably practicable, the information can be created as a helpful way to provide context to a request such as converting raw statistical data into an easily readable report format.

There are no application fees or charges associated with making an administrative access request, and there are no processing charges for requesting your own personal information. However, reasonable costs incurred in providing access for non-personal requests may be passed onto the requestor. For example, digital copies can be provided free, however, fees may be incurred where there is a large amount of physical printing involved or processing time in locating and retrieving digital or electronic information. Access fees are not to exceed the Right to Information and Information Privacy fees and charges. A quote must be provided to the requestor if there are any applicable charges.

If the information requested contains personal information about themselves, or someone they have authority to act on behalf of, the requestor will need to provide documents, that prove their own identity and evidence of their authority to act on behalf of that person.

Record the request

The manager, principal, director or above will register the information access request as a record:

• within an authorised recordkeeping system
• with a note confirming the requested information's Information security classification, if it includes personal, confidential or protected information, and any communication with the requestor to clarify the request
• in accordance with the Information asset and recordkeeping procedure.

The manager, principal, director or above will ensure the recording of actions, decisions and approvals into the authorised recordkeeping system as indicated throughout this process.

When the department does not hold the information requested or the information does not exist, the manager, principal, director or above must inform the requestor in writing and retain a record of this advice. The record is then closed.

The information access officer (DoE employees only) or local records management staff may be contacted to support processing requests.

Reviewing the request for administrative access release

The manager, principal, director or above must decide if the information requested is suitable for administrative access release, or if a formal application under the Right to Information Act 2009 (Qld) or the Information Privacy Act 2009 (Qld) is required noting that any formal applications are to be considered as a last option.

Schools can also use the Documents held in schools - access and requests guideline (DoE employees only) to assist in determining whether records are suitable for administrative access release or are required to be processed under a Right to Information or Information Privacy application.

The following information assists in determining what is suitable and unsuitable for administrative access release.

Information suitable for administrative access release

Information may be suitable for administrative access release if:

• there is no personal information
• it only contains personal information of the requestor or their representative
• it does not contain confidential information of a third party
• there is no risk to health and safety as a result of disclosing the information, either generally or to particular individuals
• it does not prejudice security, law enforcement or public safety
• it is already on a website or has already been previously published or distributed to the public.

Examples of information that may be suitable for release include:

• information is the requestor's personal information such as a past school report or certificate
• information that originated from the requestor such as copies of correspondence
• information that is routinely made available by the department such as strategies and frameworks
• policies and guidelines of the department that are not already available to the public online.

Information unsuitable for administrative access release

Information may be unsuitable for administrative access release if it is:

• personal information that the requestor does not have authority to access
• information from third parties such as parents and citizen’s associations, and contracts with vendors
• information subject to legal professional privilege where assistance has been provided by a lawyer, including advice from the department's Legal Services and external lawyers providing legal advice or other legal services
• law enforcement, complaint or investigation information, including police, intelligence agency and coronial matters
• information that is not in the public interest to disclose that it may impact the community, government, or the well-being of citizens
• child protection information
• documents created by the Queensland Integrity Commissioner, Cabinet and Executive Council information, and information for incoming Ministers
• confidential information or trade secrets
• where personal, confidential and/or protected information is intermingled with third-party information and cannot be easily removed or redacted
• information that may impact other law enforcement or public safety matters.

Examples of information unsuitable for release include:

• legal documents related to all legal processes
• information classified as SENSITIVE or PROTECTED (DoE employees only) such as tenders, quotes, contracts, and safety plans
• third-party personal information (i.e. personal information not of the requestor or the requestor's child where a valid relationship exists)
• information that may impact an individual’s right to privacy, or that is not in a child’s best interests
• information that may prejudice a person’s fair trial
• information that may result in a person being subjected to a serious act of harassment or intimidation
• information that could affect the security of a person, building, structure or vehicle
• documents under witness protection, disciplinary action and misconduct, crime and corruption, commissions of inquiry and from intelligence agencies
• witness statements from persons other than the requestor or any documents including reporting, commenting on or referring to witness statements
• guidance counselling session records and anecdotal/working notes
• medical reports except where originally provided by the requestor
• requests that would require excessive efforts by the department to fulfil.

Additional release considerations

If a third party holds copyright on the requested information, the manager, principal, director or above must consider their responsibilities and copyright requirements under the Copyright and other intellectual property procedure prior to releasing the information. For enquiries regarding copyright contact Copyright.ITB@qed.qld.gov.au.

Consider the suitability of how access is given. A physical inspection of the information may be more suitable than providing digital access. An inspection will allow the requestor to look at the documents and take written notes but not to remove them from the premises or photograph or otherwise record them. The manager, principal, director or above should ensure that an inspection is supervised by an employee throughout the viewing and the restrictions mentioned above are observed.

The disclosure of certain information is limited, exempt or can be refused under Queensland legislation. For more information refer to:

• the Right to Information Act 2009 (Qld) section 47 lists the grounds on which access may be refused, schedule 3 sets out types of exempt information which is further detailed on the Office of the Information Commissioner's exempt information page and schedule 4 public interest considerations
• the Information Privacy Act 2009 (Qld) Information privacy principle 11 within schedule 3 provides limits on the disclosure of an individual's personal information.

Where the information requested is not suitable for administrative access release as outlined above, the requestor may submit a formal Right to Information or Information Privacy application.

Making a decision to release information

The manager, principal, director or above must approve or decline the administrative access request.

Approving access to the information requested

If the manager, principal, director or above decides to release the information, they must:

• consider human rights (DoE employees only) in their decision making and record the decision or note as not applicable
• remove/redact personal information (for example date of birth, name and address, email address, phone number) about persons other than the requestor from all documents prior to release. This does not apply to routine personal work information of public sector employees such as work emails, work numbers (excludes mobile numbers), professional opinions and incidental appearances of a person's name in work documents
• collate the requested information either electronically or in hard copy
• record the decision to grant access to the requested information in the authorised recordkeeping system.

Declining administrative access to the information requested

If the manager, principal, director or above decides not to release the information administratively, they must:

• consider human rights (DoE employees only) in their decision making and record the decision or note as not applicable
• inform the requestor in writing the reason for the non-release
• redirect the requestor to submit a formal Right to Information or Information Privacy application, if appropriate
• record the decision to decline the access to the requested information in the request's record within the authorised recordkeeping system and close the record.

Processing an administrative access release request

Once all the above steps have been followed and the request has been determined suitable for release the release is undertaken as follows.

For information that is, or has been, publicly available

If the information requested is already publicly available or has been made publicly available previously, the manager, principal, director or above must respond to the requestor in writing advising them where the information can be found or, if no longer accessible to the public, provide copies of the previously available information. Examples include distributed fete flyers, school updates or departmental website publications such as, annual reports, disclosure logs, policy and procedure register and open data portal.

It is not necessary to verify the requestor's identity for this type of request as the information has already been made available to the public.

The response to the requestor is recorded in the authorised recordkeeping system and the record is closed. No further action is required.

For information that does not include personal, confidential or protected information

Where information does not include personal, confidential or protected information, the manager, principal, director or above must respond to the requestor in writing providing them the information.

It is not necessary to verify the requestor's identity for this type of request as the information does not include personal information.

The response to the requestor is recorded in the authorised recordkeeping system and the record is closed. No further action is required.

For information where personal information is included

If the request relates to personal information about a particular person, the manager, principal, director or above must confirm the requestor has the authority to access the information. This includes both the identification of the requestor, and the authority of any person whose information they are requesting. For further information, refer to the Office of the Information Commissioner's Right to Information page on Evidence of identity and authority.

All original identifying documents must be sighted. If they are copies, they need to be certified by a justice of the peace, commissioner of declaration, lawyer or notary public. The manager, principal, director or above must include a note within the access request's record of what type of identity documents were provided and sighted. Documents can be sighted in person or virtual meeting, and include but are not limited to:

• photo identity documents such as drivers' licence, photo identification card or passport
• status as a parent such as a birth certificate (which can be used both as evidence of identity and evidence of relationship), statutory declaration or child custody agreement
• authorisation to act on behalf of the individual/s such as statutory declaration or power of attorney.

Principals or their managers should check within OneSchool to confirm the validity of the requestor's relationship to the student.

Identity documents provided by the requestor are not to be retained in hardcopy or within any electronic/online system. Any provided (sent or received) identification documents, when no longer needed as part of the request for information, should be deleted, destroyed or, if an original document, returned to the requestor. Hardcopy document copies must be shredded or placed in a secure destruction bin.

Once the requestor's identity has been confirmed, the manager, principal, director or above must respond to the requestor in writing providing them the information requested. The response to the requestor is recorded in the authorised recordkeeping system and the record is closed. No further action is required.

If the requestor has not provided sufficient identification, the manager, principal, director or above must respond to the requestor informing them their request has been declined. The response to the requestor is recorded in the authorised recordkeeping system and the record is closed. No further action is required.

Reporting non-compliance

If employees suspect a breach of privacy has occurred in the administrative access process, they must report it to their supervisor or manager. The supervisor or manager must take action as per the Information privacy breach and privacy complaints procedure.

If employees suspect that other restricted information has been released, they must report it in accordance with the Information security procedure.

Definitions

Legislation

• Human Rights Act 2019 (Qld) 
• Information Privacy Act 2009 (Qld) 
• Right to Information Act 2009 (Qld) 
• Public Records Act 2023 (Qld) 

Delegations/Authorisations

• Nil

Other resources

• Administrative access to information – End-to-end process map 
• Administrative access to information – Decision making process map 
• Disclosing personal information to law enforcement agencies procedure 
• Documents held in schools – access and requests guideline (DoE employees only)
• Information access officers (IAO) Network OnePortal page (DoE employees only)
• Information asset and recordkeeping procedure 
• Information privacy breach and privacy complaints procedure 
• Information security classification (DoE employees only) 
• Information security procedure 
• Information sharing under the Child Protection Act 1999 (Qld) procedure 
• Principal guidelines - Student discipline (Redacting records) 
• Queensland Government's Information access and use policy (IS33) 
• Records management OnePortal page (DoE employee only) 
• Right to Information and Information Privacy fees and charges 
• Right to Information or Information Privacy application 

Superseded versions

Previous seven years shown. Minor version updates not included.

3.0 Access to Records Held in Schools