3.10 Security and management of Cabinet information
Cabinet is the highest decision-making body in government and therefore matters discussed have significant implications for the State, private sector business and individuals. The unauthorised and/or premature disclosure of matters contained in Cabinet documents can be damaging to the public policy agenda and the government generally, and to the public interest. This includes, but is not limited to, consultation on proposals prior to Cabinet consideration, as well as discussion around scheduling of Cabinet submissions.
Unlawful disclosure of Cabinet-in-Confidence information may constitute an offence under the Criminal Code, Public Sector Ethics Act 1994 and constitute corrupt conduct under the Crime and Corruption Act 2001.
Offence provisions relating to unlawful disclosure of Cabinet-in-Confidence information relates to both electronic and hardcopy forms of information.
Cabinet documents are defined in 1.5 Definition of Cabinet documents. The range of documents that are considered as Cabinet documents is extremely broad and can include any information that is prepared as part of Cabinet policy development, consultative processes, and/or during Cabinet submission drafting. These documents, whether maintained in electronic and/or hardcopy form, must be the subject to the same security protocols as documents actually considered by Cabinet or generated as a result of Cabinet's deliberations.
Ministers and Chief Executive Officers are accountable for Cabinet-in-Confidence information held within their respective portfolios/departments, and accordingly they must be satisfied with the adequacy of measures designed to protect the security and confidentiality of that information.
Should a breach of security be suspected or detected in relation to Cabinet-in-Confidence information, the Cabinet Secretary should be notified immediately.
Security measures governing the filing and storage of electronic and hardcopy Cabinet documents need to be tailored to each department's information management systems and business environment to ensure high security and reduce the risk of unauthorised disclosure of information.
Security measures should comprise both technological solutions and administrative safeguards.
It is the responsibility of Chief Executive Officers to ensure there are security protocols in place to provide appropriate security for Cabinet-in-Confidence information.
Hardcopy Cabinet-in-Confidence documents must be filed on dedicated files held within appropriately secure storage areas, and not on general purpose files which are generally accessible and distributed without access controls. Similarly electronic information must be stored in dedicated secure drives and directory structures, and not in areas which are generally accessible to unauthorised officers.
Other issues which should be considered in connection with departmental information systems are:
- password protected screen-savers with a maximum of five minutes must be installed on computers where officers have access to Cabinet-in-Confidence information
- security safeguards including biometric authentication, pins and passwords must be configured on iPads used to access Cabinet-in-Confidence information
- system safeguards must ensure that a high level of security on Cabinet-in- Confidence information to protect against incursion by unauthorised parties via network and internet connections
- administrative practices should govern the printing of Cabinet-in-Confidence information and the subsequent secure disposal of that printed information.
Access to Cabinet-in-Confidence information, whether in hardcopy or electronic form, must be administered closely, with access being granted only on the authority of the CLLO or other designated delegate(s) of the Minister and Chief Executive Officer.
Refer to 3.11 Access to Cabinet documents for further information regarding access to Cabinet documents.
During development or consideration of Cabinet proposals, departments should be vigilant as to the confidential status of the information, and actively work towards keeping working documents to a minimum. On finalisation of Cabinet submissions, electronic draft versions should be stored securely in dedicated secure drives and hardcopies disposed of in favour of a master final original copy maintained by the CLLO and/or official copies distributed by the Cabinet Secretariat. Disposal of documents must be in accordance with the provisions of the Public Records Act 2002 governing the disposal of public records.
Administrative practices, approved by the Chief Executive Officer, must be in place to ensure the secure filing and storage of Cabinet-in-Confidence information beginning at the time of its creation. Regular audits must be conducted by departments to ensure compliance.
On change of government, all forms of Cabinet documents must be treated in strict accordance with Caretaker arrangements as outlined in the Guidelines on the Caretaker Conventions.
Copying of Cabinet documents distributed by the Cabinet Secretariat is not permitted. These documents include Cabinet submissions and attachments, decisions, minutes of proceedings, business lists and any briefing notes. Cabinet documents must only be accessed as per the protocols presented in Chapter 3.11 Access to Cabinet documents.
All Cabinet documents distributed by the Cabinet Secretariat are uniquely bar-coded and circulation details are recorded. The TCIS records each occasion that an electronic Cabinet file is viewed and/or printed by an authorised officer.
Cabinet documents distributed by the Cabinet Secretariat should not be further circulated in electronic format, such as via email, except through the secure Cabinet External Briefing Officer system.
On return of Cabinet documents printed from the TCIS, the bar-codes are individually scanned into the database which finalises the records. Printed documents that have not been returned are classified as outstanding.
It is the responsibility of the CLLO to conduct periodic audits of the location, handling and secure storage of Cabinet documents held by their agency and to ensure the outcomes of those audits are reported to their Chief Executive Officer.
The Cabinet Secretariat will periodically conduct audits of outstanding Cabinet documents.
In the event of loss of these documents, the procedure outlined in 3.10.6 Loss of Cabinet documents should be followed.
Electronic access to Cabinet documents distributed by the Cabinet Secretariat via the TCIS expires two weeks after the date of distribution. Departments are entitled to retain Cabinet documents after this time provided there is implementation responsibility or some other departmental interest has been established, subject to ensuring those documents being managed in accordance with the security considerations at 3.11 Access to Cabinet documents.
If a department wishes to access a document after expiry from the TCIS, the department will be required to submit a request to the Cabinet Secretary via the TCIS.
Hardcopy Cabinet documents which are no longer required must be returned by the relevant departmental CLLO to the Cabinet Secretariat with a covering report listing all documents being returned.
After recording the return of the documents, secure disposal will be undertaken by the Cabinet Secretariat.
At the beginning of the caretaker period and in accordance with instructions issued by the Cabinet Secretary, all Cabinet documents previously circulated by the Cabinet Secretariat as part of the official Cabinet record that are held in ministerial and departmental offices should be identified and prepared for possible return to the Cabinet Secretariat for disposal purposes.
In the event of a change of government, all Cabinet documents distributed to departments, including those that have been issued for records purposes, must be returned to the Cabinet Secretariat for disposal.
All other Cabinet documents not distributed by the Cabinet Secretariat, such as working papers and general correspondence on Cabinet proposals, may be disposed of by the department without recourse to the Cabinet Secretariat. Departments should however ensure that any such action is in accordance with the provisions of the Public Records Act 2002 governing the disposal of public records.
Refer to the Guidelines on the Caretaker Conventions for more information on caretaker arrangements.
Immediately upon discovery of the loss of a Cabinet document distributed by the Cabinet Secretariat, the matter must be reported to the Cabinet Secretary. The Minister or the Chief Executive Officer, as the accountable officers, must instigate an appropriate investigation into the loss.
In cases where it is suspected that the loss can be attributed to unlawful activity, the Cabinet Secretary should be consulted and the matter will be referred to the Queensland Police and/or the Crime and Corruption Commission for investigation depending upon circumstances.
Upon conclusion of investigations, and if the Cabinet document in question has not been recovered, the Chief Executive Officer must provide official notification of the loss in writing to the Cabinet Secretary. This notification will be used to finalise the outstanding status of the document on the database maintained by the Cabinet Secretariat. Depending on the circumstances of the matter, the notification may be required to be drawn to the attention of the Premier as Chairperson of Cabinet.
The notification must take the minimum form as set out at the Loss of Cabinet document template in the Appendices. Additional information may be provided where considered necessary.
Official Cabinet documents are provided to the Queensland State Archives by the Cabinet Secretariat, Ministers and departments should not provide official copies of Cabinet documents to the State Archives.
Prior to the expiration of a restricted access period in accordance with the Public Records Act 2002, the State Archives will seek approval from the Cabinet Secretary to release the records.
For all Cabinet documents created after 1 July 2009, the restricted access period is 20 years; before this date the restricted access period is 30 years.
Documents will be released at the conclusion of their Restricted Access Period unless there are overriding privacy considerations or other factors in the public interest which mean the documents should not be released at that time. In these cases, the Cabinet Secretary will request the State Archives to apply a further restricted access period for an additional term.
Prior to the release of documents by the State Archives, the Cabinet Secretary will contact the present leader of the party that formed the government in office during the period the records were created, and afford the opportunity for the leader or nominee to view the documents proposed for release.