The Taking Responsibility program is about providing all staff with the tools, training and resources to ensure the department fulfils all of its obligations. Taking responsibility is what we do when we adopt good records management practices and why we ensure sensitive information is handled in a sensitive manner. It is about asking for advice if unsure, so we can all adopt stringent but practical regimes. The program aims to maintain and grow awareness of the key obligations that each staff member has in their day-to-day work. The Program is about supporting you with tools, training, promotional materials and resources to ensure all staff know how to perform their roles and meet all of their obligations on an ongoing daily basis. Some of those obligations include adhering to the VPS Code of Conduct, privacy and freedom of information laws, information security requirements, records management practices and risk and environmental management. The program takes a pro-active approach to compliance through cooperation and coordination and, only where necessary, through intervention. The program emphasises three broad activities. These are: prevention – through policies, procedures, general awareness activities and learning and development tailored intervention – through self assessment tools, monitoring of activities, issues management and feedback treatment and control – through investigations, complaints handling, disciplinary procedures and auditing.
Better compliance for you and the department means more efficient use of resources and superior service delivery. Good processes, systems, manuals and operating procedures, allow you, management, and our contractors, to concentrate on your jobs without fear of personal liability, prosecution, or job loss for not doing the right thing. Good policies and procedures that are followed improve our reputation as a leading government department. Focusing our attention on our main obligations can reward us in improved employee relations. It is important that we are aware of our the number of complaints, the quality of the advice we give, employee and client satisfaction, and number of errors that require our treatment and control. By being aware of these issues we can overcome problems by being flexible, listening to people’s concerns and problems, and through the development of innovative solutions.
While there are several obligations you need to be mindful of as an employee, responsibilities which are pivotal to the Taking Responsibility program are: Privacy & FOI Records Management Information Security Code of Conduct Environment As a group they form the mnemonic – PRICE. The cost of non- compliance can be “price”-less, whereby breaches exact a heavy “price” on both individuals and the department. What price would you personally put on non-compliance?
The Taking Responsibility Program consists of four distinct phases: Risk, Awareness & Education, Monitoring & Compliance, & Policies & Procedures. Under each of these headings a number of activities have, or will be occurring. It is important to bear in mind that all of these phases are just as important as each other. All parts of the program need to be ongoing and kept active. Briefly, there will be a number of communication and training activities. There will be regular communication by a variety of means to keep compliance in your mind. Think short presentations ( like this one), posters and giveaways, articles on J-NET, messages on email and e-messages. A few well chosen key messages have been developed. Communication back the other way from you is also just as important! We are also taking a close look at our policies and procedures. Our policies and procedures must be written from the person who will carry them out, so they require direct input from the operating divisions to ensure that they actually work. We are examining how many policies we have, the quality of those polices and how we train you in there requirements. An important part of monitoring is to identify the main potential danger areas in each work practice and pay special attention to those areas on a regular basis. The Programme will be working closely with business units to monitor against unwanted problems. The purpose of monitoring is to ensure that the required procedures are being followed, help resolve difficulties at an early stage, seek, and listen to, any suggestions for improvements, and serve as early waning device. Underpinning a lot of this program, is identifying and controlling danger areas. The prompt rectification of all failures of the system can, to some extent, be managed through a threat and risk assessment approach.
Many of you would have received some promotional materials either electronically or in hard copy as part of Privacy and Human Resources Awareness Week. CCS staff would have received materials from CV Head Office. In the coming months posters and tips will be distributed. Sneak and Peak In addition, hot off the press, is a sneak peak at some of the posters that have been developed and will be rolled out in the coming weeks. Each of the icons in the secondary posters also features in the primary poster. The hand and tree for environment, a USB key and padlock for information security, and a whistle for whistle blowing.
The coloured balloon activity raises awareness of the clear desk and screen policy, especially the importance of securing sensitive and private information. The coloured balloons and cards used green, orange and red to signify how well staff complied with the policy. Coloured cards provided individuals with a personal rating while the balloons indicated team performance. The activity also used black balloons to highlight the importance of being environmentally responsible such as turning off lights and computers at the end of every day. The activity provides Managers with an immediate indication as to which areas could be improved and which were doing things well. Information for Regional Managers on how to host a Coloured Balloon day activity and FAQs and tips on keeping a clear desk and being environmentally will be available from the Taking Responsibility homepage.
When demonstrating compliance one of the matters we examine are our records. It is therefore important that all our employees understand what is a record. Therefore the department is looking to deliver sessions about public sector record keeping practices, as part of the Taking Responsibility program. At this stage, sessions will be run at 121 Exhibition Street Melbourne; however, there is the prospect of regional roadshows in the near future. In the meantime, regional staff unsure about What is/ is not a corporate record should refer to the handy double sided fact sheet on J-NET under Our Business> Knowledge Management>Records Management>Resources> Manuals & Guides
The more you are involved in this Program, the more comfortable you will feel, which is helpful for learning about and understanding your main obligations as employees. Ways you can get involve include: Visit the Taking Responsibility homepage often for information and tips model the behaviour expected by our policies and procedures (includes putting away and locking away sensitive matters) Attend training initiatives when offered in the regions Identify, monitor and notify non-compliant behaviours you witness. Don’t be an accomplice to bad behaviours Mention in your conversations some of the Taking responsibility messages Share your suggestions. Email firstname.lastname@example.org What would make you take your responsibilities seriously? ( e.g. having one pagers, summary sheets, case studies) We encourage communication back the other way is just as important so keep your suggestions coming!
Some thoughts to leave with you First, this program aim is to make taking our obligations seriously matter – it concentrates the mind so to speak. Through this programme you should learn more about your responsibilities. Second, it is better if we discover a better way of doing things, a breach first rather from someone else. That is why this programme will be putting suggestion boxes in break out areas to receive anonymous feedback. I hope you have learnt a little about the Taking responsibility programme and as the programme becomes more mature I would welcome the opportunity to come back and talk to you all again. Further contacts for the Program are available at the Taking Responsibility homepage.
MOBILE DATA: HAS YOUR INFORMATION GONE WALKABOUT? Brent Carey Manager, Privacy Feedback & Projects Department of Justice
Overview – Our Story <ul><li>Briefly explain the department and its structure </li></ul><ul><li>Position the importance of data held on mobile devices from a privacy perspective </li></ul><ul><li>Mobile data Game Plan ( Case Study) </li></ul><ul><ul><li>Policies for Portable Devices </li></ul></ul><ul><ul><li>Security Measures 101 </li></ul></ul><ul><ul><li>Discovering the Value of data on Devices </li></ul></ul><ul><li>Questions </li></ul>
The Department <ul><li>2007-08 Budget: $3.15 billion </li></ul><ul><li>Responsible for 45% of Victorian Government’s 2007 legislative program </li></ul><ul><li>More than 5000 staff </li></ul><ul><li>Six ministerial portfolios </li></ul>
Positioning the relevance of data on mobile devices <ul><li>What’s the context? </li></ul><ul><ul><li>Enshrined right of access in privacy laws </li></ul></ul><ul><ul><li>Balance between full disclosure and privacy </li></ul></ul><ul><ul><li>Implied undertakings of confidentiality </li></ul></ul>
The success <ul><li>encryption process </li></ul>
Just when we thought it was safe – The ugly <ul><li>Unexpected </li></ul><ul><li>Coming without warning; unforseen </li></ul><ul><li>“ missing filing cabinet” </li></ul><ul><li>Houston we have problems </li></ul>
The Bad <ul><li>$$$ </li></ul><ul><li>Time </li></ul><ul><li>Coordination </li></ul><ul><li>Difficult decisions </li></ul>
Houston, We have a solution <ul><li>TR program </li></ul><ul><li>The launch </li></ul>
The Goof - Taking Responsibility program OVERVIEW <ul><li>The taking responsibility program is about supporting our people with: </li></ul><ul><ul><li>tools </li></ul></ul><ul><ul><li>training </li></ul></ul><ul><ul><li>communication </li></ul></ul><ul><ul><li>resources </li></ul></ul><ul><li>To ensure they know what to do to meet all their obligations on an ongoing daily basis </li></ul>
<ul><li>Making it easier for our people to understand what is required of them </li></ul><ul><ul><li>You can ‘find and assign’ </li></ul></ul><ul><li>Gives our organisation and people a level of defensibility </li></ul><ul><ul><li>Protects staff and the departments reputation </li></ul></ul><ul><ul><li>Awareness of main legal obligations </li></ul></ul><ul><ul><li>Minimises potential legal breaches and resulting harm </li></ul></ul><ul><li>Highlights continuous room for improvement </li></ul>Why have we decided to do this? BENEFITS !
Responsibilities that govern how we work Underpinning this is Risk management framework ! What price is non-compliance ? <ul><li>Environmental framework </li></ul>Environmental <ul><li>Public Administration Act </li></ul>Code of Conduct <ul><li>Information Security Strategy </li></ul>Information Security <ul><li>Public Records Act </li></ul>Records Management <ul><li>Information Privacy Act </li></ul><ul><li>Freedom of Information Act </li></ul><ul><li>Health Records Act </li></ul>Privacy & FOI
Implementation phases of the program Risk Monitoring & Compliance Awareness & Education Policies & Procedures
How can our people take responsibility? <ul><li>Visit the Taking Responsibility homepage often for information and tips </li></ul><ul><li>Attend training initiatives when offered </li></ul><ul><li>model the behaviour expected by our policies and procedures (includes putting away and locking away sensitive matters) </li></ul><ul><li>Take five minutes out of your day to familiarise yourself with a policy </li></ul><ul><li>Identify, monitor and notify non-compliant behaviours you witness. Raise issues with your manager and/or at a staff meeting. Don’t be an accomplice to bad behaviours </li></ul><ul><li>Mention in your conversations some of the Taking Responsibility messages </li></ul><ul><li>Sign up for legislative alert services </li></ul><ul><li>Share your suggestions. Email [email_address] What would make you take your responsibilities seriously? </li></ul>
Email: email@example.com ! Brent Carey 'Taking Responsibility' program 8684 0007 Sandra Willmott Records Management 8684 7054 Michele Spinks Risk Management 8684 0587 Kerry Scholes Information Security Management 8684 1593 Prue Shepherd Regional Engagement 5225 3333 J-Net > Our People > Our Responsibilities Support and further information