Services & Organisation Committee Agenda - 10 December 2024
Date: Tuesday, 10 December 2024 at 1:30PM
Location: Noosa Shire Council Chambers , 9 Pelican Street , Tewantin , QLD 4565 , Australia
Organiser: Noosa Shire Council
Duration: 01:13:50
Synopsis: Strategic Asset Management Plan adopted, Privacy Policy updated incl. breach response, International delegation approved w/ minimal cost, Transport security role formalised, Asset and cyber risks addressed.
Meeting Attendees
Committee Members
Karen Finzel Jessica Phillips Frank Wilkie Nicola Wilson Non-Committee Members
Executive Officers
Chief Executive Officer Larry Sengstock Director Infrastructure Services Shaun Walsh Director Community Services Kerri Contini AI-Generated Meeting Insight
Key Decisions & Discussions Larry Sengstock: Council approved the Mayor’s participation in the Council of Mayors SEQ delegation to Singapore, Manchester and Paris; costs covered by COMSEQ except minor transit meals (Item 7.1) (02:18–03:30). Frank Wilkie: Framed the trip’s objectives: legacy planning for 2032, regional waste-to-energy, water recycling, and transport outcomes; committed to report back with a “Noosa lens” (Item 7.1) (05:43–07:44). Jessica Phillips: Emphasised unified regional representation and the carbon-neutral Games ambition; focus on enduring transport and facilities improvements (Item 7.1) (07:10–07:44). Shaun Walsh: Sought to formalise councillor attendance at Sunshine Coast Transport Security Precinct meetings; Council appointed Jessica Phillips as attendee (Item 7.2) (08:51–10:56). Jessica Phillips: Accepted appointment citing policing background; will brief Council via CDF on public transport safety learnings linked to Go Noosa (Item 7.2) (11:11–11:59). Brian (Civil & Asset Ops Mgr): Council adopted the Strategic Asset Management Plan (SAMP) 2024–2030; builds from 2015 framework, 2017 SAMP, and a 2022 KPMG audit with 38 recommendations (Item 7.3) (13:20–17:01). Devin Wilson: Detailed new hierarchy: Asset Management Policy → SAMP → Total Asset Management Plans (by asset class) → Site-specific plans; strengthened governance via Steering Committee and working groups (Item 7.3) (16:54–25:08). Frank Wilkie: Sought plain-English outcomes; officers confirmed proactive maintenance, renewal programs, and defined levels of service to deliver visible improvements (Item 7.3) (21:57–24:41). Brian: Next steps: asset information system build, annual State of the Asset reporting, 2025 refresh of total plans; Hastings Street precinct plan underway (Item 7.3) (27:40–29:27). Dee (Governance): Council adopted an updated Privacy Policy aligned to the Information Privacy and Other Legislation Amendment Act 2023 (Qld) and new Queensland Privacy Principles; added breach response and surveillance tech sections (Item 7.4) (52:46–57:41). Dee: Outlined staged staff training program, OIC resources use, and cross-council collaboration; clear contacts for complaints included (Item 7.4) (57:59–01:00:30). Dee: Explained data breach response: rapid identification, containment led by Corporate Services and IT, risk assessment, OIC notification/communications, and lessons-learned reviews (Item 7.4) (59:37–01:04:30). Contentious / Transparency Matters Larry Sengstock: Stated no direct Council cost for the Mayor’s travel beyond minimal meals, addressing public cost concerns (Item 7.1) (02:18–03:30). Shaun Walsh: Said councillor attendance at the Transport Security forum is not required but formalised “for accountability and transparency” (Item 7.2) (08:51–09:55). Brian: Opted against paying KPMG for a follow-up review, relying on internal capability and standards compliance to conserve funds; flagged other internal/external reviews via Finance (Item 7.3) (30:26–31:49). Dee: Assured complainant identity is protected as personal information; outlined complaint handling and external OIC review rights (Item 7.4) (01:05:59–01:09:47). Jessica Phillips: Sought sector-wide training alignment to avoid duplication; Governance confirmed reliance on OIC and inter-council sharing (Item 7.4) (59:07–59:37; 59:37–01:00:30). Legal / Risk Dee: Privacy Policy updated to reflect IPOLA 2023 (Qld), shift to QPPs, and formal breach response duties; surveillance technology addressed to mitigate privacy impacts (Item 7.4) (52:46–57:41). Dee: Data breach protocol emphasises first 24 hours, OIC engagement, and business continuity testing; strong nexus to cyber risk management (Item 7.4) (59:37–01:04:30; 01:10:02–01:10:39). Frank Wilkie / Dee: Employees face consequences under Codes of Conduct and the Local Government Act for unlawful disclosure of confidential information (Item 7.4) (01:08:13–01:08:49). Brian: Identified stormwater renewal backlog risk and need to smooth renewals to avoid intergenerational liability; aims to keep works sequenced ahead of reseals (Item 7.3) (43:10–44:49). Brian: Resourcing risk in asset accounting recruitment; interim use of consultants for specialist inspections and surveys (Item 7.3) (34:45–37:28). Devin Wilson: Technology-driven inspections generate large defect datasets; process triages non-actionable items to manage capacity and reduce site visits (Item 7.3) (39:10–41:10). Community Transparency Frank Wilkie: Committed to post-delegation reporting with Noosa-specific insights (Item 7.1) (05:43–07:44). Brian: Annual public-facing State of the Asset reporting to improve visibility on asset condition and renewals (Item 7.3) (27:40–29:27). Jessica Phillips: Will brief CDF after Transport Security meetings to inform policy/settings for Go Noosa (Item 7.2) (11:11–11:59). Dee: Policy re-written in Q&A style with clear contacts to improve public comprehension and access (Item 7.4) (52:46–57:41). Police Mentions Shaun Walsh: Transport Security forum includes QPS, TMR, TransLink, QRail and operators for coordinated security management (Item 7.2) (08:51–09:55). Jessica Phillips: Policing background cited as rationale for appointment; objective to enhance bus and road network safety (Item 7.2) (11:11–11:59). Cyber Crime / Data Security Dee: Explicit linkage of privacy to cyber threats; breach plan embeds rapid IT-led containment and OIC engagement (Item 7.4) (59:37–01:04:30; 01:10:02–01:10:39). Devin Wilson: Adoption of AI-enabled inspections (truck-mounted cameras; planned e-scooter pathway scans) improves early defect detection, reducing risk exposure (Item 7.3) (39:10–41:10). Environmental Concerns Brian: Coastal/canals working group focuses on Council-controlled assets (beach accesses, lock & weir, revetment walls, Noosa Main Beach); Dog Beach usage is stressing supporting assets (toilets, bins) (Item 7.3) (32:29–34:17; 45:01–46:22). Brian: Site-specific precinct planning (e.g., Hastings Street) to coordinate service levels and renewals across foreshore and associated infrastructure (Item 7.3) (25:08–25:42; 27:40–29:27).
Official Meeting Minutes
MINUTES Services & Organisation Committee Meeting Tuesday, 10 December 2024 1:30 PM Council Chambers, 9 Pelican Street, Tewantin Committee: Crs Karen Finzel (Chair), Jessica Phillips, Frank Wilkie, Nicola Wilson “Noosa Shire – different by nature” SERVICES & ORGANISATION COMMITTEE MEETING MINUTES 10 DECEMBER 2024 1. DECLARATION OF OPENING The meeting was declared open at 1.30pm. 2. ACKNOWLEDGEMENT OF COUNTRY Noosa Council respectfully acknowledges the Traditional Custodians of the lands and waters of the Noosa area, the Kabi Kabi people, and pays respect to their Elders, past, present and emerging. 3. ATTENDANCE & APOLOGIES COMMITTEE MEMBERS Cr Karen Finzel (Chair) Cr Jessica Phillips Cr Frank Wilkie Cr Nicola Wilson NON COMMITTEE MEMBERS Cr Amelia Lorentson EXECUTIVE Chief Executive Officer Larry Sengstock Acting Director Infrastructure Services Shaun Walsh Director Community Services Kerri Contini APOLOGIES Nil. 4. CONFIRMATION OF MINUTES Committee Resolution Moved: Cr Nicola Wilson Seconded: Cr Jessica Phillips The Minutes of the Services & Organisation Committee Meeting held on 12 November be received and confirmed. Carried unanimously. 5. PRESENTATIONS Nil. 6. DEPUTATIONS Nil. 7. REPORTS FOR CONSIDERATION OF THE COMMITTEE SERVICES & ORGANISATION COMMITTEE MEETING MINUTES 10 DECEMBER 2024 7.1. MAYOR'S ATTENDANCE AND REPRESENTATION OF COUNCIL – COUNCIL OF MAYORS SEQ, OVERSEAS DELEGATION 2025 (INTERNATIONAL TRAVEL) Committee Recommendation Moved: Cr Jessica Phillips Seconded: Cr Nicola Wilson That Council A. Note the report by the Chief Executive Officer to the Services & Organisation Committee dated 10 December 2024 regarding the Mayor’s attendance and representation of Council at the Council of Mayors SEQ, international delegation to Singapore, Manchester and Paris; and B. Approve the Mayor’s attendance at the Council Mayors (SEQ) international delegation in February 2025 (currently earmarked for Tuesday 4 February 2025 to 14 February 2025); and C. Note that all costs will be borne by Council of Mayors (SEQ) with the possible exception of minimal meals/food during transit. Carried unanimously. 7.2. COUNCILLOR ATTENDANCE AT SUNSHINE COAST PRECINCT TRANSPORT SECURITY MEETING Committee Recommendation Moved: Cr Frank Wilkie Seconded: Cr Nicola Wilson That Council A. Note the report by the Director Infrastructure Services (Acting) to the Services and Organisational Committee dated 10 December 2024; and B. Appoint Cr Phillips to attend the quarterly Sunshine Coast Transport Security Precinct Meetings. Carried unanimously. 7.3. STRATEGIC ASSET MANAGEMENT PLAN 2024-2030 The following material was presented to the meeting in relation to this item: Civil & Asset Operations Manager – refer to Attachment 1 to the Services & Organisation Committee Minutes - Presentation: SAMP Update Committee Recommendation Moved: Cr Frank Wilkie Seconded: Cr Nicola Wilson That Council A. Note the report by the Civil and Asset Operations Manager to the Services and Organisation Committee dated 10 December 2024; and SERVICES & ORGANISATION COMMITTEE MEETING MINUTES 10 DECEMBER 2024 B. Adopt the Strategic Asset Management Plan (as provided as Attachment 1 to the report) in line with the continuous improvement of the asset management functions across Council. Carried unanimously. 7.4. PRIVACY POLICY REVIEW Committee Recommendation Moved: Cr Nicola Wilson Seconded: Cr Jessica Phillips That Council A. Note the report by the Governance Manager to the Services & Organisation Committee Meeting dated 10 December 2024; and B. Adopt the updated Council Privacy Policy, provided as Attachment 1 to the Report. Carried unanimously. 8. REPORTS FOR NOTING BY THE COMMITTEE Nil. 9. CONFIDENTIAL SESSION Nil. 10. MEETING CLOSURE The meeting closed at 2.44pm
Meeting Transcript
Karen Finzel 00:00.000
Good afternoon and welcome to the Noosa Shire Council Services and Organisation Committee 10th of December 2024. I'd like to note we have Councillor Wilkie, Councillor Wilson and Councillor all in attendance at the table today. And in the gallery we have Councillor Lorentson and welcome to the staff that's joining us today in the gallery. Good afternoon Mr CEO. Right so we have, we open the meeting at 1:30 and I'd like to acknowledge, is that correct? Yes. We're good to go? Yes. I'd like to acknowledge the Kabi Kabi elders past, present and emerging and pay respects to the inherent wisdom and knowledge that they bring to our environment. on this land. and waters in which we live, work and play. So good afternoon and welcome. We have everyone in attendance and there are no apologies. Can we have a confirmation of confirmation of the minutes, please? Jessica Phillips 01:11.362
I'll move that. Karen Finzel 01:12.502
That's moved by Councillor Wilson. I'm happy to second. Happy to second. Councillor. All in favour? It's unanimous. Frank Wilkie 01:22.927
I wasn't, I don't believe I was there so I can't confirm. Karen Finzel 01:26.467
Okay, so can you confirm that? No, you can confirm. We have to reach them. Shaun Walsh 01:34.323
Right. Karen Finzel 01:36.563
We have no, are we ready to move on? We have no presentations and no deputations. We have reports for consideration. Larry Sengstock 01:54.220
All right. You don't need to catch up. Karen Finzel 01:56.920
Sorry. Technical issues. Larry Sengstock 02:13.140
Yes. Oh, right, okay. Sorry, yeah, yeah, yeah, no, sorry. It's me that's presenting this one. Karen Finzel 02:18.200
Oh, right, okay. So we thank you for your report, Mr. CEO. Larry Sengstock 02:23.300
So, thank you, Councillors. This is just a report to confirm that the Council of Mayors South East Queensland that we're a part of is taking a delegation to overseas, to Singapore, Manchester, and Paris in February, and all the mayors are invited of the CommSec group, and so we are just seeking approval for the mayor to attend and represent Noosa Council on that. The cost to do this travel is completely paid for by CommSec. So there is no direct cost to council other than a few maybe sundry costs but nothing of any major and the value of this that we are looking to get as Noosa being part of this is extremely important given that this is in the lead up to 2032 Olympics and understanding what the what some of the issues that we made we should be looking at this at this point eight eight years away from the from the games and and what we should be should be looking to do and where Noosa fits into that and how we can benefit from it so it's really important that that our Mayor Frank attends this this It's a great opportunity, is what I believe, but it's certainly up for certainly up for councillors to approve. Karen Finzel 04:02.576
Thank you, Mr Senior. Any questions? Yes, thank you, Councillor Wilson. Tell us the significance of why Manchester? Larry Sengstock 04:09.956
Well, Manchester held the 2002 Commonwealth Games. 2002 Commonwealth Games, I should know that, this is my history, and also did a whole lot in terms of revamping, using it to remodel the city, so I know East Manchester was used as a rebuild. Same as what they did with Lorentson, with East Lorentson, I think it was East Lorentson, where they used it to really revamp their city and rebuild their whole city centre and all their sporting facilities and build their future, so that's what... So that's what they're looking for in terms of how Brisbane and the city is using it from a legacy point of view. So it's not just a blip, you have the games and move on. It's actually building things that have got longer legacy and Manchester were one of the first to really prosper from that. Karen Finzel 04:59.340
Fantastic. Any further questions? Frank, any comments from you? You've been the mayor on the trip. Frank Wilkie 05:07.720
I have no questions. No, I'm happy for other councillors to move it. And then I'll speak to it if needs be. Karen Finzel 05:19.784
Okay, so do we have a mover for the report? I'm happy to move. That's Councillor. And do we have a seconder? A second. Councillor Wilson. We'll take it to a vote. Frank Wilkie 05:43.140
Delegation for all the representatives from the 12 South East Queensland councils to areas which have projects that represent ideas and initiatives that we could benefit from as a region of South East Queensland will end up to the 2032 Olympics. We'll be looking at projects like regional waste facilities where CommSec is looking at investigating regional facilities to handle waste. We'll be looking at a few waste to energy projects. We'll be looking at water recycling projects. projects. Opportunity of a Commonwealth or an Olympic Games to benefit the communities in an ongoing way once the games have been over and in a way that doesn't overly burden the cities or the communities. I'll be doing a report on key learnings. I'll be applying a Noosa lens to that. When I'm there and also certainly in my reporting back. Jessica Phillips 07:10.240
Thank you. And it's also important that we travel as a united delegation during this trip. Representing the region as a whole. It's about regional collaboration that's the most important thing. This is about positioning the South East Queensland region in a way that benefits the region in the lead up to the 2032 Olympic Games and beyond, possibly as the first carbon neutral Olympic Games. Because, um... Frank Wilkie 07:44.320
We want to have a legacy of improved transportation, improved community facilities, improved improved waste facilities post-2032. Karen Finzel 07:58.132
Well, it sounds like it'll be a wonderful opportunity and we're looking forward to the report. And not only that, we're looking forward to some great legacy projects for this Shire that benefit and are sustainable moving forward into the future. Frank Wilkie 08:12.532
Thank you, Madam Chair. Thank you, councillors. Larry Sengstock 08:15.096
Thank you, thank you. We've put that to the vote. Karen Finzel 08:19.756
Yep, that was unanimous. Larry Sengstock 08:21.356
Post the vote. Karen Finzel 08:22.816
Moving to 7.2, councillor attendance at the Sunshine Coast Precinct Transport Security meeting. Now we have a report coming to us. Shaun Walsh 08:45.120
Good afternoon, councillors. Karen Finzel 08:46.700
Good afternoon, welcome to the table. Shaun Walsh 08:51.280
The purpose of the report is to appoint a councillor to attend the Sunshine Coast Precinct Transport Security meeting. This meeting is held quarterly and attended by technical representatives from other councils, Queensland Transport and Main Roads, TransLink, Queensland Rail, Queensland Police. as well as contracted public transport providers, particularly bus fleets. The meeting seeks a coordinated approach to security management, including information dissemination about incidents, trend analysis, as well as a common approach to security management across the public transport network. Our council is a stakeholder because of our contracted arrangements under the Go Noosa program, where we do actually provide a public transport service. There's no requirement council to actually have a councillor at that meeting, but it's very interesting information from a security perspective, and we've had a councillor express interest in attending the meeting. And to formalise arrangements, this is why this report's being presented to council, for the purposes of accountability and transparency. Councillor has expressed interest in attending due to a PPS background, and has attended a recent meeting and found it very useful. Thank you. Frank Wilkie 09:55.930
Madam Chair, I'd like to move that Councillor Jessica Phillips be appointed to attend the quarterly Sunshine Coast Transport Security Precinct meetings. Madam Chair, I'd like to Karen Finzel 10:09.870
So no that's been moved Councillor Wilkie, seconded by Councillor Wilson, would you like to speak to that? Frank Wilkie 10:17.905
Thank you Madam Chair. Look, as said by the Acting Director of Infrastructure, Councillor has expressed an interest in security matters, interest in keeping QPS matters, transport is part of that purview. It's not essential that a councillor attend this, but I think any councillor that shows the initiative and has the interest to go over and above the normal statutory duties, I think they ought to be applauded and supported. So hence the nomination. I believe Councillor I believe Councillor has sought that out, so I haven't nominated her without her knowing that this is going to happen. Karen Finzel 10:56.558
Thank you, that was my next question. Are you happy to accept the nomination? I am, yes, thank you. I did seek it out. I'll speak to it when it's been... Fantastic. Is there any questions around that, Councillor Lorentson? No. So, yeah, Jess, happy to... Jessica Phillips 11:11.558
Thank you for allowing me on you for allowing me on the committee. Given my background in policing, I feel that it's a great opportunity to observe what's going on in the district, especially with our Go Noosa program and hearing what's going on around the coast. So I look forward to coming to our CDF with a briefing or some... information about what I've taken away and yeah just be able to listen and take on board some of the things that maybe are happening differently and I'm excited it's definitely up my wheelhouse around what we can do to improve safety on buses and on our road network and things like that so it'll be really interesting moving forward. I take out of it. Karen Finzel 11:59.960
Thank you. Well thank you for taking that on board. I think we're all going to benefit from having you observe around the table and bring that back to to Council through our CDF process which gives us create change where needed or develop further policies or whatever so I think it's really good also for our community to have trust that when they travel on public transport that they can do so with confidence that they can do that with safety and the best of our ability. So Thank you. You're welcome. We'll take it to the vote then. I don't wish to close. Oh you don't wish to close. Thank you Mr. Mayor. We'll take it to the vote. All in favour? Yes. So that's Councillor Wilkie, Councillor Wilson, Councillor, Councillor Finzel. All unanimous. Thank you. Then we're moving on to the strategic asset management plan 2024. Thank you to the staff. Welcome to the table. Brian 13:20.820
So this report's seeking adoption of the strategic asset management plan and we've got a small presentation that we would like to Presentation that we would like to put up and just in ways of providing a bit about how we got to this point you're gonna take us on the roadmap journey oh come on that's my finishing line okay next slide thanks so just in providing a So just in providing a bit of a background, Council's legislated to produce detailed asset management plans and developing a strategic asset management plan and updating it is definitely part of of that legislative requirements. We started our asset management framework in building it in 2015 when we did a capability assessment of our asset management activities and it was really a gap analysis of where we're at and the continual improvement that we required to get to where we are today. Through that process in 2017 we drafted our first strategic asset management plan and from that point we built some really strong governance around our asset management activities across council and and that enabled us to produce a suite of detailed asset management plans for our major asset classes including our transport infrastructure assets our parks and playgrounds our buildings and facilities and our stormwater drainage and since then we've done a major a number of really strong good governance activities including proactive condition assessments and programs for our bridges which has really given us great opportunities for funding for bridge renewal programs our road continual road surveys where we run our reseal and heavy patching programs we're 90% through our strong We're 90% through our stormwater CCTV inspection programs and we have other in-house condition assessment activities with pathways, buildings and facilities, playgrounds and accesses as well to build and in the future to produce long-term renewal programs around those. So moving forward in 2022 we had an asset management audit commissioned which was done by KPMG and from that audit it was really another means of time to have a review of from the first time when we did our capability assessment and look at where we needed to update and improve our asset management framework for council so that review came with 38 recommendations and got us to the point where we are today in drafting a strategic asset management plan and that draft document I really need to acknowledge Devin Wilson our asset systems coordinator he's pulled this all together it is very an exhaustive document and concise with from those recommendations and I'm recommendations, and I'm going to hand over to Devon now and she's going to go through a little bit of what she's done in updating the strategic asset management plan and what's different from the old one. Devin Wilson 16:54.061
Fantastic, Thank you. Brian 16:56.881
Next slide, yeah. Devin Wilson 16:57.901
So, of the 38 recommendations, the key piece was actually the revision and update of the strategic asset management plan and the associated roadmap, which shows our commitment continues. to continual improvement. And it's kind of the starting point from which all the other improvements were generated because we needed that for the building block before we could move on. And the strategic management plan is part of a hierarchy of documents and the top of the hierarchy is the asset management policy which presents the guiding principles for our asset management implementation and our asset management framework. From that we create the S.A.M.P. or the Strategic Asset Management Plan which defines the asset management objectives of Noosa Council and how we were going to implement those and to detail of exact tasks and make key measurables as well. So there's a lot of work in translating that. It also defines the scope, direction and details. Direction and details of our Asset Management Plans and for Noosa Council we have revised our Asset Management Plans to become total Asset Management Plans in Asset Management classes and we have another hierarchy underneath now which are the site-specific Asset Management Plans. So we've revised our structure to get another level in there of the site-specific plans, the operational plans at that time, thank you. So all these documents are the framework Asset Management in Noosa Council and tell us how we can integrate Asset Management throughout the organisation for all of our activities. And some of the key things we've done of that how of the task so we can actually progress with that. with that strategic asset management plan is firstly we revised the asset management policy and that was endorsed earlier this year and was revised in line with the restructure the new corporate plan and our existing strategies and plans because the key is that everything needs to align. the corporate plan and other key strategies and plans and that's the asset management framework make sure we do have that alignment. We've also revised the governance structure to streamline it a little bit and the asset management steering commission committee are the decision makers for anything to do with asset management so the decisions rest with the asset management steering committee and under them are the asset specific working groups who can make decisions and escalate those to the asset management steering committee. We've also revised the responsibility matrix so we have an asset class responsibility matrix so at each stage of the asset lifecycle we know who is responsible to every single stage and that's been revised in line with the strategies corporate plan and the restructure as well so a lot of updating but in addition to that that then feeds into the creative into the creation of new charters for the asset management steering committee working group charters and working group responsibility matrices for the working groups as well so everything leads into the other one so this you can see how the strategic asset management plan is then generating all of the additional work in the correct order so everything is aligned we have also we have also looked at maturing our risk which is a risk management strategy for asset management in line with the corporate strategic risk and a risk management framework and we've done that by defining a risk management management register for asset management and strategic asset management. And the items in the roadmap or the tasks that we're addressing as part of the roadmap, they're the controls or measures to minimise or reduce or eliminate those risks. So that's particularly that's particularly important in our risk management maturity. Another key item we've completed is the asset management communication and stakeholder engagement plan and that's also documented in the SAM and that's because there's no point in developing all these things if you don't clearly indicate how you're going to communicate our framework, our practices, procedures and documents and any updates or feedback from stakeholders on that. So it's about having feedback on the document itself and also feedback from working groups and feeding to say other key stakeholders and contacts and consultants and that sort of thing. So it's about setting that framework so that there's better awareness, communication updates and also training it also encompasses training as well. So there's a lot of work here and these are just some of the key things already implemented and documented in the strategic asset management plan and of course there's then another five year plan of some key tasks that we're going to complete in the next five years to address some of our the gaps in our asset Can I just ask a question at this point, Devin? Frank Wilkie 21:57.396
Absolutely. That's a lot of excellent extensive internally facing government's work is being done. Say I'm a lay person, a resident lay payer, can you translate, how will that work translate to what a resident or a lay payer is going to see happening with Noosa Shire's assets in terms of the way we look after the roads, parks, gardens, bridges? Do you want me to answer this? Brian 22:32.821
Councillor, with that, the strategic asset management plan sets us up for our individual asset classes and those total asset management plans are the outward facing documents that would be better for our community in speaking and speaking and how we maintain and for example if we look at transportation how we maintain our roads bridges and pathways and that will be detailed in those documents so the strategic the strategic asset management plan sets up how often we should be providing and producing those be providing and producing those documents and reviewing them and ensuring how we and making sure that we include all the financial and the condition elements of that asset. So the strategy is really giving us the framework to produce those documents that will inform the community of our status of each asset class. Frank Wilkie 23:25.550
Well given that community members aren't going to be reading those documents, what they're going to be looking for is that the roads are maintained to a standard, that parks and gardens are refreshed regularly, that playground maintenance occurs before equipment needs to be replaced. equipment needs replacement, bridges are replaced before they, you know, present a risk. Is that what, all part of what this work is going to deliver for the community? Brian 23:53.610
Absolutely Frank Wilkie 23:54.630
Yeah. And help staff, keep staff on track to deliver. Brian 24:00.171
So the main key with the strategic asset management plan is identifying what we're committing to proactive maintenance and renewal programs for each of asset classes to deliver exactly that. Part of the elements of the individual asset classes is more detail about defining the levels of service and how frequently and how much funding we've got. To enable us to do that and smooth those renewals out over time. So to raise or lower our levels of service depending on funding sources and opportunities for us as well and expanding our networks of assets as well could be the challenges there too. Frank Wilkie 24:41.511
Great. So and Devon, you also mentioned that not only would there be all these different working groups from these different these different working groups for these different classes of assets, but there are site-specific working groups as well. Devin Wilson 24:52.348
Site-specific asset management plans? Frank Wilkie 24:54.868
Site-specific asset management. So, for example, the Coastal and Foreshore Infrastructure Working Group would have site-specific management plans for, say, the Dog Beach. Correct. Brian 25:08.688
That's exactly what we're Or Donella Bridge. Yeah, probably not just Donella Bridge. It's probably a little bit too micro. That's the bridge working group. Yeah. And a good example for that is that we are drafting and working at the moment in the Hastings Street precinct. Street Precinct Management Plan as a starting point. So capturing all our activities that we do down in that precinct and the assets that we maintain and operate and defining the levels of service that we do and building up maintenance and renewal. programs for that precinct. Frank Wilkie 25:42.317
Thank you for taking the questions. No problem. Devin Wilson 25:46.117
Thank you councillor. Frank Wilkie 25:47.857
I guess one of the key takeouts from the strategic asset management plan is our commitment to continual improvement as a council in our asset management practices and so part what of we've come up with is a 10-year improvement plan for asset management and that begins with the strategic asset management plan now once that's approved then we'll move move on on to doing the total asset management plans, asset management information strategy. And then we'll look at continually improving that. So in 2028, we will have a new corporate plan. So then 2029, we will request an additional internal audit of our asset management practices and our maturity level, so that the recommendations from that internal audit could once again feed into a revision of the SAMP in 2030. And following that revision of the SAMP in 2030, that will move on to then another iteration of the total asset management plans, etc. So it's commitment over the long term to improvement and reviewing and updating our material as our community and our requirements change. So that's part of that commitment to continue improvement for Noosa Council. Brian 27:01.265
Probably the most important out of that question that Councillor Wilkie asked was that in 2025, we'll be revising all the asset management plans, which we now as total asset management plans. Devin Wilson 27:15.493
And one of the key things, too, in this document is that we are looking at tasks that look at okay, well, you know, for our gravel roads, for example, what do we need? What can we supply? What equipment do we need? All those... So we're getting down to the nitty-gritty in these projects to make sure we actually can deliver the services that... Excellent. Brian 27:40.100
So our next steps in our asset management journey is obviously after we've got the strategic asset management plan adopted is developing our asset management information system system and that's really our record-keeping of how we structure our asset software and our data management and the way we collect it so that it can be I suppose extrapolated or reloaded into other systems should we ever decide to change from our technology our corporate systems across giving us good solid solid foundations in our our data management going forward as well as our activities that we do in our practices for collecting condition assessment managing work orders and the like should be all be documented in that asset management information documented in that asset management information system. And coinciding with that work we'll be doing our total asset management plans and developing them and on an annual basis we'll also commence to start reporting state of the asset reporting that we'll be able to pull out of our system to give you, give council and our community an Give Council and our community an understanding of the knowledge that we have on our assets, on their condition and the remaining lives and what our renewal programs will be over forecasting those for the 5-10 year periods and as I mentioned and yeah we're just starting to work on the Hastings Street precinct plan as one of those site-based plans that's more-based plans. That's more of an operational document that we use for in-house and collaborating across the different areas of responsibility in that precinct. Frank Wilkie 29:27.297
The 38 recommendations from KPMG according to this matrix, most of them have been implemented or addressed in some way. I just have a question, for example, number 28, develop, sorry, develop, update the asset management awareness training module and deliver the training program, this is documented in the SAMP roadmap, does that mean that the training module is being delivered or will be delivered? Brian 29:57.910
So we're revising the training modules so it's to be delivered yes and part of that is staff inductions as well as and then rolling through and developing competency training for the levels of staff within the organisation to ensure that they have a really good and solid practice of asset management within the organisation. Thank you. You're welcome. Jessica Phillips 30:26.202
I have a couple questions. I'll start please. Thank you. With the 2022 is when KPMG have provided the initial report, do we go back to them at any point with a review? I know we've got the internal at 2030. Is there an opportunity at all or is it that they would ever review what they've suggested? And that just as an outsider. Brian 30:54.482
Yeah, Councillor, we did consider that whether we would get an external to review the work that we've done to date, but we've taken every recommendation on board. And we've implemented that. And, you know, we've got good professional asset management practitioners within the organisation to develop this. And we felt that we've achieved what those recommendations are. There is an Australian standard too. That we've met that and that there will be other reviews done through our finance area as well, that will review our documents, not just KPMG, but we made the decision not to use any more funds for auditing purposes and get on with delivering the governance and the recommendations. So we're confident. Jessica Phillips 31:49.039
That's great, thank you. I like the continuous improvement part of it. There was just another couple more questions. Does the digital hub, you spoke about data management, do we ever include them in assisting in this space? Brian 32:10.315
We don't know. We look at different technologies and if there's anything there that would be for asset management, data collection and the like, and we are looking at AI as a means of that. has been in the media recent and but you know we don't. Jessica Phillips 32:29.632
Would you mind just talking me through the coastal canals and waterways just specifically? particularly, sort of, so, so maybe, you people watching know that we're not going to be monitoring like a state asset or something, can you just… Sure. Brian 32:43.708
In the coastal, in that working group, it's really around what council's responsibilities are. So they include beach accesses, lock of weir, revetment walls, predominantly, and our Noosa main beach and any other forms of other forms of infrastructure around there so it's dealing with those assets more so and how we will manage those and there are cross-area responsibilities with Environment Infrastructure Services and also local laws that we work together. Doggie Beach is a really good example of that. We've created a significant asset there and we are still developing our operational requirements around that because it's getting plenty of love and we're still working on access and re-vegetation and improving some infrastructure around that facility. And they're the sorts of examples that we use and talk about in that area. Other examples would be when we had the Loch and Weir renewal 18 months ago and we put that on the table and look at the challenges ahead of that with that particular infrastructure structure and get it to the source. The expertise around the table on the on the right way forward for that as well. Karen Finzel 34:17.333
You're welcome. Jessica Phillips 34:21.273
We've talked about various works and teams. teams and departments and branches that all need to be involved in this, really it's a whole organisation approach, which I love. How will we kind of basically resource in on this? Is there, do we have the sufficient resources to be able to deliver the plan? And what will the Brian 34:45.009
I can answer that one, it's okay. It is really, with asset management, it really is about a-up decision-making and coming and bringing the expertise from the ground and that's part of, you know, our position descriptions and bringing asset management involved in a lot of our roles. A lot of that is that we have those people on the ground already. It's about our It's about our collaboration. So resourcing, yes, we always do need some resourcing in regards to bringing in some expertise. You know, we're a smaller council. We do need to get, and we do call on consultants. consultants to help us with more detailed condition assessments and the like, and that's what those programs are within our capital works program with bridge, level three bridge inspections and getting consultants to do our road surveys because they have rather than us maintain that data or collect by that equipment so we are looking at so so that's we feel that we've resourced okay at this point we also know that know that we the world is changing and AI will look at us in regards to having to re-engineer our functions in rather than collecting data we might be assessing data on what what's the you know the the drone or you know the drone or you know that device is collected and we'll just be analysing the data as well as we can so so at this point we will we're pretty comfortable with the resources we've got I wouldn't say we're we're full deck of cards but you know when we're ready and we need we'll we'll put a hand up That one is a challenge and particularly it's it's in the finance field where we have the backlog here it's trying to recruit assets accountants so that's that's the challenge that the finance area has at the moment we have actually done a really great job from the infrastructure infrastructure side in collecting and and getting the data presented and loaded into the system right up to that stage gate of it then being written on financially and and we need the financial accountants and we need the financial accountants and that is a process that's heavily audited too so we do need the expertise there and I don't have the answer for this one for the finance team because they've been trying to recruit asset accountants for... Karen Finzel 37:28.951
Several years that means the work you've done will help us then have the data to recognise where the delays are occurring. Brian 37:46.052
Should do, yes, absolutely. Which is a really important piece of the work as well, isn't it? Yes, definitely and that audit obviously highlighted our challenges in that and our financial statements will tell us how much we haven't written on, what we've delivered and what we haven't written on. Frank Wilkie 38:06.220
Just to give a sense of the scale of the work that this asset management of my own system and capture that, how many assets are you charged, are you responsible for managing? Brian 38:19.428
Well, that's the beauty of the responsibility matrix, that we share the love around on who's responsible. But look, Council's responsible for a billion dollars worth of assets and when we componentise those, it's time. There we go. And after the floods, have recovery been increased? Yes, absolutely. And, but there's hundreds of thousands of components that we've got in the system of assets. So it's not riding one bridge on, it's breaking It's breaking that bridge down into components and from rail to wearing surface to structure and breaking those structures down so it is it's it's massive job to do and Devon's team manage the data in that space and yeah it requires a great discipline for that too. Frank Wilkie 39:10.332
Devon, there's a lot of interest in the technology that's affixed to the front of the waste recovery. waste trucks that assesses road conditions, the condition of the road. Can you talk a bit about how that's done and the value of that? Devin Wilson 39:31.493
I certainly can. How it assists or any of the challenges that it presents. So the cameras are picking up an incredible number of defects, some of which we will not necessarily do anything about because they're not something we would fix, but we would monitor them and if they got worse we would fix them. But it's things like potholes, faded signs, damaged signs, overhanging trees. litter, graffiti, damaged barriers, guardrails. Do you want to find all the garbage? No, just recycle. We've got one on the recycle truck and we want to roll out another one on the recycle truck and one on the e-scooter for the pathway inspection. So they are covering the whole Shire? Yes, they are. So this is for roads, it's currently covering the whole Shire. So we're getting quite a lot of So we're getting quite a lot of information in and we've actually, we're feeding that out to our crews in several different ways depending on the asset class. So exactly how that gets resolved depends on the asset class and the capacity is all based on existing capacity. So that's actually working really well at the moment and the good thing is it's got the images. So if we send a defect to the science crew, they don't actually have to go out and inspect. They've got a photo, they see here's the faded sun. Oh, it's a 60 kilometer speed sign. We'll actually order that, then go replace it. They're not wasting time going out and coming back. They can see a pothole, they have a look at it on the photograph. Right, this is what we need. look at where it is, we need traffic control. They can organise all of that without actually having to go and do the site inspection first. And that's the beauty of it, it's creating greater efficiencies and helping us get ahead of the game because if a customer hasn't caught that we wouldn't necessarily know about it. Jessica Phillips 41:30.338
Just last question, from here, what should I envision seeing like before councillors again out of this report? Brian 41:40.878
Well, again, this documents the framework, so the next step for us is presenting total asset management plans. us is presenting total asset management plans to you on those asset classes and explaining our renewal programs for, and I'll use the example again for roads, bridges and pathways. And we'll be presenting them to you, to council for endorsement. And again, they're a legislative requirement and they're a recommendation in that order that we need to do an update sooner rather than later. So that's what we're working on as soon as we walk out of here. we're working on. As soon as we walk out of here, we'll be moving on to that, as well as the asset management information system, which is our data management and our systems management process. So there's still a little bit more governance work The other tail end of that is that when we do have those total asset management plans adopted, we'll have those levels of service clearly defined, and that will help us with the levels of service documents produce with the budget packs each year as well. Thank you. Frank Wilkie 42:48.363
Brian, you mentioned that this is all part of, this is updating the strategic asset management plans, part of the process of continuing improvement, which is fantastic. Are there any, from your perspective, are there any areas that you're hoping that this could help us better address, areas where we are weak? Brian 43:10.207
Well, the knowledge of data, the collection of data is one thing, it's actually the actually the delivering the renewal programs is the other. So pulling together those renewal programs and ensuring that we've got good, solid, robust and ongoing renewals of our assets to ensure that we don't leave a backlog legacy. don't leave a backlog legacy for future generations is the key here. So we're at that point in time where we're collecting a lot of data. So there will be the need for us to produce produce renewal programs and we probably have a backlog of work that, you know, should have been done a couple of years ago for particularly stormwater, where we've had to deal with, you know, there's hundreds of thousands in stormwater assets alone. Yes. That we're working through to produce and prioritise as well. We do have a methodology around that and we're trying to work within, keeping in front of the resale program so that we're not digging up any roads that we don't, that we, you only resurfaced at the like two, so they're just 101 practices that we already are ahead of, but we want to make sure we're well advanced and very mature in that space going forward. So that's probably the biggest, scariest thing about... know, finding out what we don't know, because the previous asset management plans, a lot of the condition was modelled based on age or how old we thought these assets were. assets were to what they physically are now. And now we're getting that actual physical condition assessment. So sometimes assets last longer than interest payable. Frank Wilkie 44:49.724
Absolutely. Less than interest payable. Correct. Thank you. Thank Correct, yeah. Karen Finzel 44:54.029
Thank you. Any other questions at the time? I have a question. Campbell wants to thank you. Shaun Walsh 45:01.809
Just in terms of the dog beach, an excellent excellent asset to the Shire. In terms of continuous improvement, is the inclusion of the dog beach as part of the asset management plan, is that a move to consider? Brian 45:28.737
To answer the question, I don't think we can put our beach as a financial asset, so it's going to be an operating plan, Doggy Beach, because it's our expenses and activities that we do around there to ensure that we keep sand profile that's acceptable for the community, as well as their supporting infrastructure, car parks, public toilets and the like, and that's where we're finding the pressure. pressure of that doggy beach is putting back onto the other assets where we've got to get more regular servicing done around the toilet box and the garbage bins and the like because it's well utilised. Shaun Walsh 46:22.737
So, they fucking took the chain. We're looking at putting it on a pretty massive new program in terms of us. It's similar to what we do in Paris. We've worked somewhere in the East Coast for sure. And in the canals. So, actually, so, why don't we get to the... why don't we get to the, hopefully, the same staples that will be maintained and stuff, that are really quite profiled and see, you know, that's what we're trying to protect the system from. Thank you. Karen Finzel 47:00.042
Okay, we're happy to proceed forward. Frank Wilkie 47:06.106
Thank you very much for the work, very comprehensive, very extensive and for some reassurances you've implemented the 38 recommendations and we look forward to on our progress reports on this journey. Karen Finzel 47:07.862
Okay. Thank you. Jessica Phillips 47:34.046
Thank you for that great explanation, especially the hierarchies and methodology that we've gone through which was a great summary of that report. Thanks Brian and the team as well for all the work in producing this and it's a huge effort. As a member As a member of the Audit and Risk Committee, I am aware of the importance of this plan to ensure optimal management of our infrastructure and assets to meet the needs of the community and manage financial implications of maintenance, repair and replacement. It's great to see the governance structure focusing on those with eyes on the ground across all departments. This does need to be a whole-of-organisation approach to make sure all assets are logged and managed. I understand that challenges lay ahead. Did its implementation in ahead did its implementation in terms of resourcing and vetting processes and we need to be mindful of making sure all teams are supported to deliver this plan and the need for communication and training outlined in the report is really important. I'll also point out some of our financial management goals that are relevant here and indeed in all of our strategic decision making. Ensuring adequate funding for maintenance, renewal and replacement of assets. Using lifecycle costing to inform budget decisions, so not just the acquisition cost which we may look at because we can grant fund those, but we also have to think of the whole of life cost implications. Meeting our local government sustainability indicators. indicators and evidence-based decision-making, risk, demand, whole-of-life costs and community benefit defined. So these are all great aspects of this report, but I look forward to seeing how they play out in the coming years. A very good point because this is exciting. Community, the first thing they see is assets, don't they? They say the river doesn't look, the chair's broken or something, you know, the first thing they see when they're using the potholes and the roads and I think if anything worth celebrating through this is that they will see through this is that they will see regular maintenance be able to be achieved before a delay in our asset management. So if anything, I've taken it, it's exciting that community will hopefully see see us be able to stay on top of that maybe better than what we had in the past, which is great in my mind. So thank you for the report and I'm looking forward to seeing what we actually see. Tangible outcomes from it will be great. Thanks. Thank you. Karen Finzel 50:11.640
I won't add further comment. I think it's all been said, but a really big thank you to everyone on the team. You can see the amount of work that's gone into that, the quality of that work. I'm looking forward to seeing that come through, especially through the budget area, which has been a big part of questions. I've always asked about that conversion into our register. So I'm looking forward to seeing that move ahead. And also I'm excited about the improved communication between our stakeholders and our customers, which is really important. So I think that's a valuable contribution. valuable contribution to meeting the expectations of our community out there and making that far more efficient for those inside the organisation and those outside the organisation. So thank you very much for the work that's gone on in that. Thank you. Devin Wilson 50:56.985
Thank you Madam Chair, thank you. Yes, I'll just read out the recommendation that council make the report by the civil and asset operations manager to the services and organisation committed dated 10 December 2024 and adopt the strategic asset management plan as provided as attachment one to the report in line with the continuous improvement of the asset management functions. Thank you Madam Chair, I will look at this. Thank you. Frank Wilkie 51:26.245
You did say it was a matter of continuous improvement and that's all we can hope for, that's fantastic. And we know that know that there are areas where we need to do better, we mentioned stormwater assets, but I just recently, many residents have been giving really good feedback about the standard of the roads, the gardens, the roundabouts, the assets that the council... So I'd just like to pass that to them, positive feedback, because it's good to pass that on when you receive it, because, figure it or not, they don't hold back when we do something. A complaint. So I'd like to also forward this positive feedback that seems to be firing in about the way the Noosa Council team look after the assets. So please pass that on to the team. Thank you. Karen Finzel 52:19.358
Take that to the vote. That's unanimous. All in favour? Thank you. staff. Back to the agenda. Now we're up to item 7.4, the privacy policy review. And we've got government staff here to answer any of our questions. Thank you Dee. Dee 52:46.114
All right I'll take you through a summary of the report and the policy. So as you know, as you all know, the governance branch regularly reviews governance related council policies and procedures for improvements, legislative compliance, to ensure they're fit for purpose and best practice. Recently we focused on reviewing this year our existing 2014 privacy policy to ensure council continued to basically strengthen its governance framework and to deliver on its specific operational plan objective. Another key driver of the policy review are the recent privacy policy reforms. Specifically the Queensland information privacy and other legislation amendment acts 2023. Very long legislative name so I call it bipolar which has come into effect. The first stage of these reforms are going to be stage of these reforms are going to be coming into effect mid next year and we'll place new legislative requirements that obviously we must comply with following extensive internal and external external review of policy and consultation with law firms, local government sector and training specifically received on the IPOLA reforms from the Office of the Information Commissioner. Several key policies changes are proposed in this updated version. I'm just going to touch on some of them just to highlight those key changes. So basically a new modern format and approach to make To make the content more user-friendly for our community in essence I acknowledge and you've heard me say this many times privacy law is a complex area of law therefore the changes proposed are all about placing the policy into a new Q &A style format where questions are introduced that explain privacy law concepts to the everyday user so they can be more easily digestible and understood for example rather than simply stating that council complies with the privacy principles we go that step further we explain how we're complying with those principles through that Q &A format so people can understand it we've also aligned our new policy to council's policy development framework that's just been launched and and best practice model so that means you will see new elements in the privacy policy that the 2014 policy didn't have such as a new statement of intent, a clearer statement, a purpose and scope around the policy. We've also introduced a new section covering surveillance technology which you've briefly spoken about in the last item as well to acknowledge the work and function council does in this area and the impact it may have on privacy obligations in that space. We're also making it easier for the community to understand who and how to contact us if they have a query, a privacy query or a complaint or a concern and that previous policy really didn't have that. We need to have contact details in our policies for the community and finally we're now responding to these new legislative reforms that are coming in as well and we're adding in particular items items in there to address legislative requirements. So for instance, you're going to see which you have seen new legal definitions that are now embedded in the policy. A new definition for personal information has been updated, for example, so it aligns with the new bipolar reforms. And other terms like privacy breaches is now in that policy version. We're also aligning to the new Queensland Privacy Principles. You'll see the term QPPs floating around a lot more in the near future. Which replaces the former information privacy principles for Queensland and we've also introduced, and this is the really critical big part of it, an entire section on breaches. From privacy breaches to how we will respond specifically to a to how we will respond specifically to a data breach. And this is a critical part of the law reforms that we've expanded in Appendix A to the policy, so it's quite a large section in that area, but it really is in response to the Information Commissioner. And these new law reforms that state agencies including Council need to explain how we will respond to a privacy breach in that space. And finally, we are aware that further potential legislative changes may require us to revisit this policy work again in 2025/26 and undertake another review of this policy. However, upon the advice of external experts and the State regulator, we've started making staged changes now that are proposed so that we are in step with our legislative obligations. Karen Finzel 57:41.334
Thank you. After doing a lot of this legislation in the Queensland Police Service, just wondering how it affects internally, what training have our staff received around the implications of this in our organisation? Dee 57:59.242
We've started introducing these concepts with some internal in-house training in conjunction with our legal Council, who's been, Krista's been supporting me in that space. So we've kind of introduced the Introduced the concept and we've done some online training as well, but we are planning to really ramp that up once this policy is adopted. So we have an entire suite of training proposed in the new year, everything from Facebook, to face sessions, to lunch sessions, to online training as well. So we will keep in touch very closely with what the Information Commissioner is doing in that space. They've come out with some fantastic training material. And I've been attending, obviously in my role, a lot of their sessions. So we'll be using their resourcing as well to kind of work on a multi-faceted training model for all staff because this is really important so that they're comfortable with it. important so that they're comfortable with it and they know what the rules are and how they can appropriately manage personal information for their work. Jessica Phillips 59:07.486
Follow-up question to that then is, so we're doing our own local training. In our organisation is it, would it be advantageous for LGAQ to get, if every council, I'll get to my point sorry, if every council is doing their own thing but it's a state legislation, have we looked at? Have we looked at, so we're not reinventing the wheel? No. Can you just tell me if, yeah, how that's working? Dee 59:37.547
Yeah, so the State regulator, the Information Commissioner, is the one in the law mandated to roll out the training across all state departments as well as local governments. So it's kind of in there, kind of remit to roll it out. Having said that though, I do connect very closely with other local government Amen. Groups and definitely other governance teams across different councils and we are like basically talking quite actively in this space. We may share training material that we create ourselves with them and vice versa. So we do collaborate a lot to help each other out. So I foresee we'll continue doing that just to, as you say, why recreate the wheel if to, as you say, why recreate the wheel if someone's already doing something out there. So yeah, absolutely. It'll be a combination of that. Yeah. Thank you. Yes. I think it's quite And topical at it the is in the report, but you might be able to give us a little overview, is the data breach response strategy. So for instance, if Council's systems were hacked or some other IT kind of breach, could you the set sign of the report, but just for the benefit of anyone watching, could you just stand in for that? Absolutely. So this is a new concept that you will start to see more and more in other Council's policies as we start to tick off on the requirements of how we are going to respond to a data breach. data breach is, if we do receive one at Council, it is going to require the collaboration and support of various teams across Council, most I will say importantly IT, because of the steps that we need to follow in the management plan. And step one is to identify a data breach. We need to be really on the ball. I think, I believe in the report or I might have even discussed it with you guys, the first 24 hours of any breach is critical. And we need to hit the ground running. And basically that's an operational response instantly from the IT department. The other thing too that you'll see in these policies, we rely on obviously our internal staff identifying a breach if it happens, but equally if the public identify some sort of breach, they need They need to contact us as well and that is in here our contact details are really so we do rely on their support as well in this space so step one is to identify the breach obviously step two is to contain it and this is the critical stage I cannot stress this enough basically the the everyday operation around this is delegated to the director of corporate services through Larry the CEO obviously he can't be everywhere so the director of corporate services should hit the ground running with the IT team and try and contain the breach as best they can depending on how serious the breach is There may be a different style of response but they may also need to use external support providers etc to manage it as best they can. The data breach The Data Breach Response Plan for Heath could also be triggered in this space if the breach is identified to be quite serious so what that means is the director would bring the team together with the roles that have been identified in the policy to start working on mitigation and management. Step 3 is assessing basically the risk for individuals associated with the breach assessing the breach in detail as well conducting an investigation basically and collecting information about the breach preserving evidence etc so it's that kind of kind of step there. Step four is considering. So considering breach notification and importantly our communication strategy. So depending on the severity of the breach you will see that we would contact the Information Commissioner and my team would probably be responsible. for that filling out a report with all the details and sending it to them so they're alert and aware. Obviously in all this is what's important to note and you will see it in the stages that the individuals will also be contacted or will be considered and what the best appropriate way to handle that is. Well depending on the type of breach we deal with as well. And obviously step five is all about reviewing lessons learned. What could have we done better? Is there etc. The other thing too with review that you'll see in here is we will do regular testing and review of our plan as well internally to form part of our BCP business continuity planning so that you know we're prepared just in case an incident occurs. So hopefully that gives you a bit of a summary. that gives you a bit of a summary. Thank you. Karen Finzel 01:04:41.930
Thank you anything we can improve? Thank you. Especially the review. I think that's really important. In the training recently they said that taking time to review is one of the really high priority and will definitely contribute to better and more productive organisations. So it's good to know. So do we have any other further Thank you Madam Chair. Thank you for the report. You mentioned here under the question question and answer format, what is privacy? Well privacy relates to the protection of personal information in accordance with the IP Act and community expectations. So it's all about how Council treats this personal information of a resident or ratepayer. anyone once they have it. One of the most common concerns is that of residents that make complaints to Council they're really concerned that their details will become public and not be made known to the person they may be making a complaint about. What assurances can you give around the way that that data is held? Dee 01:05:59.312
I understand that we get that question a lot especially if a member of the public is concerned and wants to know before they tell us their concerns and complain what will happen personal information as you can see this policy is a very broad can see in this policy is a very broad term and if someone makes a complaint to council it is considered their personal information so it's classified as personal information of that person which means we must protect their information and preserve it. preserve their privacy so we would not be advising anyone out there in the community and it shouldn't you know who made a complaint about them that kind of thing that it's definitely not allowed it's under protected and can perhaps can you talk to the sort of um penalties there may be for a breach if a council employee did reveal that information yeah i think the um the member of the community if they feel that an officer has breached their privacy um they should lodge a privacy complaint to the So governance branch so the the process process is is in in here here as well and we would do an independent investigation into the matter and find out what's happened and provide the individual with a response within the time frame that's in the legislation which is 48 If they're not satisfied with the response, the complainant, then they have then the right to go to the information commissioner for an external review. So there's definitely that mechanism for people to raise But the person who committed the damage, it was not the prosecution. It's, I'd say the information commissioner would, I'd would review it and could take it to a tribunal and, you know, that kind of process. I know they're quite interested in mediating and exploring options, so it's not, you know, you don't just go straight to court for these things. You look at resolution between the parties, et cetera Frank Wilkie 01:08:13.745
So yeah. I guess, um, are there, are there stringent terms? Dee 01:08:17.905
Absolutely. Frank Wilkie 01:08:21.365
Absolutely. Dee 01:08:21.981
Absolutely. There's obviously the Privacy Act here that is a deterrent but there are other levers as well. We've got codes of conduct for our employees that talk about protecting and preserving people's personal information. We've also got the Local Government Act that has an offence, you know, if the information is considered confidential you cannot breach that confidentiality. So there are definitely legislative levers for that as well. Frank Wilkie 01:08:49.966
Either here or the council is willing to do this. Great. Dee 01:08:56.566
Noted. I'm totally mad at Erica. Oh absolutely, and we are... We take information, you know, information privacy as a very serious topic of training for our staff. We roll out regular training to make to make sure that people are across the rules, they're reminded on a regular basis and they know that this is quite serious and, you know, we're entrusted with so much as you've seen in policy and workshops we've been through, we're entrusted with a lot. information, a lot of personal information because of the work we do, so it's really critical that staff, A, feel comfortable, understand the rules, are aware and know how to apply, but equally they know where to go to if they need advice. Frank Wilkie 01:09:47.714
And just as Councillor Wilson alluded to, is there going to be a threat to our privacy? Cyber threats. Absolutely, Dee 01:10:02.910
It's very intrinsically and closely linked to cyber threats and the discussions that we have as a council around a council around that. Data hacks, data leaks, that kind of thing. Not surprisingly, you are seeing more of that coming to other pieces of law like the privacy law to try and ensure that organisations at the end of the day are thinking about this and they're doing as many reasonable steps as they can to protect people's personal information. Karen Finzel 01:10:39.703
Thank you for the report. We'll move to the recommendation that Council a. make the report by the Governance Manager to the Services and Organisation Committee meeting dated 10 December 2024 and b. adopt the of Council Privacy Policy provided as attachment 1 to the report. Do we have a move? Thank you. That's a move by Councillor Wilson, seconded by Councillor. Would you like to speak too? Jessica Phillips 01:11:08.119
Thank you for bringing this to us today. I think it's a really well written document. It's very clear, it's very user friendly, things like what council will elect, what council will elect, what council will elect, what council will a lot of information and how is it used, so it's very kind of step-by-step through that. Really useful accounts as well. I think we do get people, we get privy to this information all the time and then it just doesn't really know how we use that. But yeah, for the community, I think it's a great way of looking through how the information may be used and how they may be contacted, so I think it's a great way for them to explore that and then they will be able to listen to it. Thank you. Just very quickly, I watched this legislation roll out. It was definitely ready for, I think, public sector agencies, not just council, but... just council, but specifically anyone that gets information that can be quite confidential, it's good to give community some real trust that you're all over it, because it is there fundamentally to protect individuals. So yeah, the report's fantastic, thank you. Karen Finzel 01:12:29.592
Thank you, and a big thank you to the team and the governors. People have done that, especially for all the staff that have to take on this responsibility and do the training, and that hardly takes away of the amount as well now that they're getting the blindness training and being able to do their jobs with confidence. Thank you. So we'll take it to the vote. Frank Wilkie 01:12:50.999
Thank you very much. Thank you for the work on this. As Councillor Wilson put it, it's very useful in a way. You've explained it very, very well. I appreciate it. Thank you. Karen Finzel 01:13:15.506
Fantastic. Let's take it to the vote. That's all in favour. Thank you, Cathy. Thank you, Diana. Diana. What are we up to now? Yes. Noting reports that are out of the meeting. Larry Sengstock 01:13:30.273
What are we up to? Yeah, number eight. Yeah, that's right. Yeah, that's right. Number nine, confidential session. We were having one. And number ten, the meeting is closed today at 2:44pm. Related Noosa Council Meetings
← Browse all Noosa Shire Council meeting transcripts
