This is an HTML version of an attachment to the Freedom of Information request 'Business case for the Points Based Activation System'.

Date: Sat, 20 Aug 2022 01:57:25 +0000
Subject: Internal review of Freedom of Information request - Business case for the Points Based Activation System
From: Justin Warren <xxxxxxxxxxxxxxxxxxxxxxxxx@xxxxxxxxxxx.xxx.xx>
To: DEWR - FOI <xxx@xxxx.xxx.xx>

**************************************************************************
CAUTION: This email originated from outside of the organisation. Do not click links or open attachments unless you recognise the sender and know the content is safe.
**************************************************************************

Dear Department of Employment and Workplace Relations,

Please pass this on to the person who conducts Freedom of Information reviews.

I am writing to request an internal review of Department of Employment and Workplace Relations' decision in my FOI request 'Business case for the Points Based Activation System'. This request for internal review is separate from my request to review the charges decision. It deals with the substance of the decision to release information or not.

Dates of documents
I note that the document date is missing from the Schedule of Documents for documents 5 and 6.
It also appears that document 5 in fact consists of multiple documents: a ministerial submission, correspondence to the Prime Minister, and 3 attachments. Each of these documents should be considered separately.

It is surprising that document 6, in particular, remains undated given that it was allegedly a New Policy Proposal that was submitted to Cabinet. Similarly, it seems unusual that the date of creation of a Ministerial submission (document 5) or correspondence to the Prime Minister (also document 5 somehow) would be unknown. The date of a document’s creation and when it was submitted to Cabinet are important facts, particular given the department’s use of s 34 to claim information is exempt from disclosure.

Missing documents
I asked for two versions of the Risk Management Plan:
1. the version current when the proposal was submitted for approval, and
2. the version current on 27 May 2022 at 9am Australia/Melbourne time.

Only a single document, document 4 “New Employment Services Trial Risk Management Plan 2019-2022” was found, dated 28 June 2021 in the Schedule of Documents, yet the document itself appears to have been created some time before 31/07/2020 which is listed as the Next Review Date on page 1 of document 4.

Please clarify if no other versions of this document exist. It would be surprising to learn that a document that had not been updated since some time before 31 July 2020 was still the most current risk management plan on 27 May 2022.

s 22
The decision maker has used s 22 to “delete exempt material” from a number of documents. However, the schedule of documents, and the edited documents themselves, specifically refer to s 22(1)(a)(ii) which is a claim that “to give access to a document would disclose information that would reasonably be regarded as irrelevant to the request for access”.

The decision maker provides no explanation as to why the information that has been deleted would reasonably be regarded as irrelevant to the request for access.

In document 4, these redactions appear to be parts of the Treatments sections for various risks. Given that my request specifically asked for “Documents constituting a risk register or equivalent documentation describing the risks from the proposal, risk ratings, proposed treatments and mitigations, etc.” it is not clear on what basis the decision maker believes it was reasonable to assume that I would regard this information as irrelevant. Indeed, I do not.

In documents 13-17 (Employment Steering Committee meeting minutes (ESC minutes)) it seems that some redactions may be for agenda items unrelated to the PBAS program that is the subject of my request and may be reasonable. However, I note that the majority of the content of item 6 titled “PBAS – labour marker credits [in Fortress]” in the ESC minutes dated 5 August 2021 have been redacted under s 22(1)(a)(ii). Given the title of this item, it is difficult to see how this information would reasonably be regarded as irrelevant to my request for access.

s 22(1)(d) states that “it is not apparent (from the request or from consultation with the applicant) that the applicant would decline access to the edited copy.”

If the agency wishes to use s 22 to claim that some information is irrelevant to my request, it should consult with me to confirm that its assumptions are correct. To date, the agency has been extremely wrong in its beliefs about what I consider to be irrelevant. It should also clearly identify the basis on which each s 22 redaction has been made, either by further annotating each redaction or providing a more fulsome explanation in the Schedule of Documents for each type of redaction.

s 47C exemptions
I find it difficult to accept that information in a risk management plan can be considered deliberative material. The purpose of a risk management plan is to state facts and the outcome of deliberations. The FOI Guidelines at [6.66] helpfully notes that “the decision or conclusion reached at the end of the deliberative process” is not deliberative matter.

The onus is on the department to justify why disclosure would be contrary to the public interest. Its attempts to do so are glib and superficial, and provide no detail as to why any harm to the public interest would occur in the circumstances specific to this case.

The department claims that some of the s 47C conditionally exempt material “is closely connected to the Cabinet submission”. The FOI Act specifically provides for exempting material related to Cabinet submissions under s 34. If the material is not covered by s 34 it is difficult to see how the public interest will be harmed by its disclosure.

The “frankness and candour” argument against disclosure has been dealt with on numerous occasions in the case law and is specifically referred to in the FOI Guidelines at [6.79]-[6.85]. The decision maker provides no evidence that lessening of frank and candid advice would occur.

The purpose of a risk management plan is to ensure that the department has appropriately identified and mitigated risks and vulnerabilities that could be deliberately exploited. If it has failed to do so, it is in the public interest that this is revealed so that we can identify why risks have not been identified or managed appropriately. This is very much in line with the objects of the FOI Act as described in s 3(2).

s 47E(d) exemptions
The purpose of a risk management plan is to ensure that the department has appropriately identified and mitigated risks and vulnerabilities that could be deliberately exploited. If it has failed to do so, it is in the public interest that this is revealed so that we can identify why risks have not been identified or managed appropriately. This is very much in line with the objects of the FOI Act as described in s 3(2).

If the department is aware of certain risks identified in the risk management plan, dated 28 June 2021, that are still substantial enough in August of 2022 to be vulnerable to targeted exploitation, this raises questions about the department’s competence at managing such risks. It is in the public interest to know how vulnerable important government systems may be so that we can ensure that appropriate resources and attention are brought to bear to fix the situation.

Regarding the names and contact details of departmental employees, the FOI Guidelines helpfully provide at [6.153]:
“Where public servants’ personal information is included in a document because of their usual duties or responsibilities, it would not be unreasonable to disclose unless special circumstances existed. This is because the information would reveal only that the public servant was performing their public duties.”

Also, at [6.101] the FOI Guidelines explain: “For the grounds in ss 47E(a)–(d) to apply, the predicted effect needs to be reasonably expected to occur. […]There must be more than merely an assumption or allegation that damage may occur if the document were to be released.”

Reasonably expected means that “[t]here must be ‘real’ and ‘substantial’ grounds for expecting the damage to occur which can be supported by evidence or reasoning. A mere allegation or possibility of damage is insufficient to meet the ‘reasonable expectation’ test.” (FOI Guidelines at [5.27])

The decision maker has failed to meet the required evidentiary threshold for s 47E(d) to apply.

s 34 exemptions
s 34(4) states:
“A document is not an exempt document only because it is attached to a document to which subsection (1), (2) or (3) applies.”
Please review the decision to use s 34 to exempt attachments, paying particular attention to s 34(4) and s 34(6) of the FOI Act.

s 34(2) exemptions
The decision maker appears to have incorrectly applied s 34(2) to exempt material in documents 5 and 7-11.

The decision states: “The material in question consists of extracts of documents which were submitted to the Cabinet for its consideration.”

s 34(2) states: “A document is an exempt document to the extent that it is a copy or part of, or contains an extract from, a document to which subsection (1) applies.”

Please confirm that the material in question is extracts of documents to which s 34(1) applies, as distinct from extracts of documents that were submitted to Cabinet. Documents are not exempt merely because they have been submitted to Cabinet, nor is an extract of such documents.

A full history of my FOI request and all correspondence is available on the Internet at this address: https://www.righttoknow.org.au/request/business_case_for_the_points_bas

Yours faithfully,

Justin Warren



-------------------------------------------------------------------
Please use this email address for all replies to this request:
xxxxxxxxxxxxxxxxxxxxxxxxx@xxxxxxxxxxx.xxx.xx

This request has been made by an individual using Right to Know. This message and any reply that you make will be published on the internet. More information on how Right to Know works can be found at:
https://www.righttoknow.org.au/help/officers

Please note that in some cases publication of requests and responses will be delayed.

If you find this service useful as an FOI officer, please ask your web manager to link to us from your organisation's FOI page.

-------------------------------------------------------------------