OFFICIAL
Agency reference:
FOI 24-25/086
Contact:
FOI Team
E-mail:
xxxx@xxxxxxx.xxx.xx
Mature Data
Via the Right to Know website
By email only:
xxxxxxxxxxxxxxxxxxxxxxxxxx@xxxxxxxxxxx.xxx.xx
Dear Mature Data,
Decision and Statement of Reasons issued under the Freedom of
Information Act 1982 – FOI 24-25/086
On 13 December 2024, the Department of Finance (Finance) received your email, in which
you sought access under the Commonwealth
Freedom of Information Act 1982 (FOI Act) to
the following:
The recently updated Data and Digital strategy Implementation plan, available at
https://www.dataanddigital.gov.au/sites/default/files/2024-
12/2024%20Metrics%20Framework%20v1.0.pdf contains the following description
"Overall entity Data Maturity Rating APS average data maturity (2024): 2.02 of 5. Source:
Department of Finance New metric based on the Data Maturity Assessment Tool, which measures
data maturity across the APS and was rolled out by Department of Finance in 2024."
This FOI request seeks access to the documents containing detailed agency ratings for all agencies
included in the Department's assessment, including each agencies individual responses.
On 23 December 2024, Finance contacted you to advise that the scope of your request
required extensive consultation with 92 other government agencies, all of which used the
Data Maturity Assessment Tool (DMAT). Finance therefore advised that processing your
request would substantially and unreasonably divert the resources of Finance from its other
operations and requested your assistance to narrow the scope of your request.
On the same date, you requested that Finance advise the maximum number of agencies that
would not substantially and unreasonably divert the resources of Finance in processing your
request.
On 24 December 2024, Finance advised that 10 agencies would not unreasonably divert
resources.
One Canberra Avenue, Forrest ACT 2603 • Internet www.finance.gov.au
link to page 2
OFFICIAL
On the same date, you revised the scope of your request to the detailed agency ratings and
individual responses for the following 9 agencies:
• Australian Public Service Commission
• Department of Home Affairs
• Department of Finance
• Department of Defence
• Department of Health and Aged Care
• Department of Industry, Science and Resources
• Department of Social Services
• Department of the Treasury
• Department of Veterans' Affairs
Authorised decision-maker
I am authorised by the Secretary of Finance and section 23(1) of the FOI Act to make
decisions in relation to FOI requests.
The purpose of this letter is to provide you with notice of my decision under the FOI Act.
My Decision
I have identified two (2) documents falling within the scope of your request.
I have decided to refuse access to the two documents as the release of these documents
would:
• prejudice the effectiveness of procedures or methods for the conduct of tests,
examinations or audits by an agency;
• prejudice the attainment of the objects of particular tests, examinations or audits
conducted or to be conducted by an agency; and
• have a substantial adverse effect on the proper and efficient conduct of the operations
of an agency.
Material taken into account
In accordance with section 26(1)(a) of the FOI Act, my findings on any material question of
fact, the material on which those findings were based, and the reasons for my decision to
grant access to the documents follows.
In making my decision, I have had regard to the following:
• the terms of your FOI request;
• the content of the documents that fall within the scope of your request;
• the relevant provisions of the FOI Act, including sections 3, 11, 11A and 47E; and
• the FOI Guidelines issued by the Office of the Australian Information Commissioner
(FOI Guideline
s)1.
Reasons for decision
I have decided to refuse access to the material within scope of your request, subject to the
following provisions of the FOI Act.
1
https://www.oaic.gov.au/freedom-of-information/freedom-of-information-guidance-for-government-
agencies/foi-guidelines
2
OFFICIAL
Section 47E – Certain operations of agencies
Section 47E of the FOI Act provides:
A document is conditionally exempt if its disclosure under this Act would, or could reasonably be
expected to, do any of the following:
(a) prejudice the effectiveness of procedures or methods for the conduct of tests,
examinations or audits by an agency;
(b) prejudice the attainment of the objects of particular tests, examinations or audits
conducted or to be conducted by an agency;
…
(d) have a substantial adverse effect on the proper and efficient conduct of the operations of
an agency.
The FOI Guidelines provide:
Paragraph 47E(a)
[6.93] Where a document relates to a procedure or method for the conduct of tests, examinations or
audits by an agency, the decision maker must address both elements of the conditional exemption in
s 47E(a), namely that:
• an effect would reasonably be expected following disclosure
• the expected effect would be, overall, prejudicial to the effectiveness of the procedure or
method of the audit, test or examination being conducted.
[6.94] The decision maker will need to consider the content and context of the document to be able to
identify the purpose, methodology or intended objective of the examination, test or audit. This
operational information provides the necessary context in which to assess the document against the
conditional exemption and should be included in the statement of reasons issued under s 26.
[6.95] The decision maker should explain how the expected effect will prejudice the effectiveness of
the agency’s testing methods. A detailed description of the predicted effect will enable a
comprehensive comparison of the predicted effect against the usual effectiveness of existing testing
methods. The comparison will indicate whether the effect would be prejudicial.
Paragraph 47E(b) [6.98] Where a document relates to the integrity of the attainment of the objects of tests, examinations
or audits by an agency, the decision maker must address both elements of the conditional exemption
in s 47E(b). The decision maker must be satisfied that:
a. an effect would reasonably be expected following disclosure
b. the expected effect would be prejudicial to the attainment of the objects of the audit, test or
examination conducted or to be conducted.
[6.99] The agency needs to conduct, or propose to conduct, the testing, examination or audit to meet
particular requirements, and have a particular need for the results (the test objectives). The operational
reason for conducting the test, examination or audit is the context for assessing whether s 47E(b)
applies and this operational reason should be included in the s 26 statement of reasons.
Paragraph 47E(d) [6.112] An agency’s operations may not be substantially adversely affected if the disclosure would, or
could reasonably be expected to, lead to a change in the agency’s processes that would enable those
processes to be more efficient.
[6.115] The predicted effect must bear on the agency’s ‘proper and efficient’ operations, that is, the
agency is undertaking its operations in an expected manner. Where disclosure of the documents
reveals unlawful activities or inefficiencies, this element of the conditional exemption will not be met
and the conditional exemption will not apply. This is for reasons including the irrelevant factors that
must not be taken into account in deciding whether access to the document would, on balance, be
contrary to the public interest.
3
link to page 4
OFFICIAL
As part of its functions and responsibilities, Finance is responsible for providing advice on
whole-of-government data policy matters.
The DMAT is a tool to provide agencies with a consistent approach to measuring and
understanding their organisation’s data maturity, providing a consistent, longitudinal
evidence-based means of measuring APS data maturity and capability. The DMAT involves
a self-assessment for each of the seven focus areas: Strategy and Governance, Architecture,
Operations, Risk, Quality, Reference and Metadata, and Integration and Analytics. By
objectively measuring, tracking and examining whole-of-APS data maturity, the DMAT will
help the Government identify areas for improvement and action.
The DMAT can be characterised as an examination for the purposes of paragraphs 47E(a)
and 47E(b) of the FOI Act. In the absence of statutory definitions, the process of
interpretation must begin with a consideration of the ordinary meaning of the words. The
Macquarie Dictionary defines:
Examination –
noun 1. the act of examining; inspection; inquiry; investigation.
2. the state of being examined.
3. the act or process of testing pupils, candidates, etc., as by questions.
4. the test itself; list of questions asked.
5. the statements, etc., made by one examined.
The DMAT as a periodic assessment to measure and understand an organisation’s data
maturity fits the above definition.
The DMAT questions are publicly available on the Finance websit
e2. However, the
requested documents, providing the agency self-assessment ratings, are not publicly
available. If these documents were released it would be easy to assign each agency’s
responses to the questions and determine any weaknesses in data maturity for each agency.
The responses contain information provided by other Commonwealth agencies to enable
Finance to properly and efficiently carry out its data policy functions. The purpose of the
DMAT is for agencies to provide self-assessments of their agency’s data governance,
systems and processes and Finance determines areas for potential improvement across the
APS.
The release of each agency's individual responses could reasonably be expected to:
• prejudice the effectiveness of procedures or methods for the conduct of tests,
examinations or audits by an agency (paragraph 47E(a));
• prejudice the attainment of the objects of particular tests, examinations or audits
conducted or to be conducted by an agency (paragraph 47E(b)); and
• have a substantial adverse effect on the proper and efficient conduct of the operations
of an agency (paragraph 47E(d)).
Paragraph 47E(a) Disclosure of these documents would or could reasonably be expected to prejudice the
effectiveness of the procedure and method for the DMAT.
2
https://www.finance.gov.au/government/public-data/public-data-policy/data-maturity-assessment-tool
4
OFFICIAL
As set out in the
Data Maturity Assessment Tool Guide, provided to each agency and also
available on the Finance website, the information gathered in the DMAT will be treated as
confidential:
Information gathered in the assessment will be treated as confidential. Outside of the completing
agency, individual responses will only be viewed by staff at the Department of Finance conducting
analysis and aggregation into agency sector and whole-of-APS results.
….
No individual agency’s non-aggregated results will be shared without consent
Department of Finance will also analyse the data collected through the Tool to measure whole-of
government data maturity level.
The nine agencies listed in your request completed the DMAT on the understanding that
their responses would be confidential.
Agencies required to complete the DMAT are able to seek an exemption from completing
the DMAT. A number of the DMAT focus areas and questions relate to aspects of data
security, especially questions 30 to 33 which request information about agency protocols
and processes to protect data from attack. Release of the DMAT responses could expose
agency data security vulnerabilities to exploitation by cyber criminals. Therefore, release of
DMAT responses could reasonably be expected to increase an agency’s risk from targeted
cyber-attacks. Agencies are more likely to seek an exemption from completing the DMAT
in future years if data security vulnerabilities can be identified through the public release of
individual results from the DMAT.
A larger number of agencies requesting and receiving exemption from completing the
DMAT in future will prejudice the effectiveness of Finance’s testing and examination
methods, and the quality of the results. If more agencies were granted exemptions based on
data security risks, this would undermine the integrity and purpose of the examination
process, as Finance would not be able to draw valid insights into whole-of-APS data
maturity from a smaller group of respondents.
This is the first time results from DMAT have been gathered, and there has been a nearly
one hundred percent response rate from in-scope agencies. Agencies responded based on the
understanding the information gathered in the DMAT would be treated as confidential.
The current testing and examination methods are on track to be able to provide a consistent,
longitudinal evidence-based means of measuring APS data maturity and capability and a
change in the procedures and methods to publish individual responses would put the
comprehensiveness of the evidence base at risk. This would impact Finance’s ability to use
the results to implement the Data and Digital Government Strategy.
Paragraph 47E(b) Disclosure of these documents would or could reasonably be expected to prejudice the
attainment of the objects of the DMAT and Finance’s whole-of government data maturity
analysis.
The primary purpose of the DMAT is to provide agencies with a consistent approach to
measuring and understanding their organisation’s data maturity. As set out above, the
DMAT will also help agencies implement the Government’s data agenda, as outlined in the
Data and Digital Government Strategy, by providing a consistent, longitudinal
evidence-based means of measuring APS data maturity and capability.
5
OFFICIAL
As explained above, the nine agencies listed in your request completed the DMAT on the
understanding that their responses would be confidential.
While the Government has agreed to mandate use of the DMAT by all in-scope Government
agencies to self-assess data maturity, it is reasonable to expect if the requested documents
are disclosed, some agencies would seek an exemption from completing the DMAT in
future years. Further, I consider that agencies could decline to include any in-depth
additional information outlining the state of their data maturity on the assumption this
information will be made public.
In the current DMAT assessment year there were some agencies not in-scope for completing
the DMAT, who provided responses voluntarily. Again, disclosure of these documents
would likely disincentivise participation of agencies who provided responses voluntarily and
could discourage other out-of-scope agencies from participating in the future.
As set out above, decreased participation would make the DMAT results less useful and
undermine attainment of the object of the DMAT to objectively measure and track
whole-of-APS data maturity. Finance would not be able to reliably identify areas for
whole-of-government improvement if participation in the DMAT decreases. Disclosure of
individual responses may result in only those higher on the maturity scale providing detailed
responses that go beyond the minimum results required, which could reasonably be expected
to diminish the value of future results and impact attainment of the objectives of the DMAT.
Paragraph 47E(d) Disclosure of these documents would or could reasonably be expected to have a substantial
adverse effect on the proper and efficient conduct of the operations of an agency. Finance’s
data policy function aims to:
• maximise the appropriate use and re-use of data by the Australian Public Service,
including by addressing systemic challenges and opportunities
• provide advice and support to entities on their use of data
• organise collective action to build APS-wide strategies, frameworks and actions to
mature data capability and activity
• encourage appropriate sharing of public data, including the release of non-sensitive
data by default
• collaborate with state and territory governments and the private and research sectors
to extend the value of public data for the benefit of the Australian public
• engage with international governments to share approaches and identify best
practice, and
• implement governance mechanisms to support these functions.
In this role, Finance designed the DMAT tool to help agencies periodically assess their data
maturity and track their progress over time, and support implementation of the Data and
Digital Government Strategy and agencies’ own data strategies. Broad APS completion of
the DMAT will support management and development of, and build trust in, the Australian
Government data ecosystem and enable APS-wide reporting.
Decreased participation in the DMAT impacts the integrity of the aggregate data that
Finance can produce. Release of these documents would diminish Finance’s ability to
achieve its data policy functions and risk the achievement of objectives set out in the Data
and Digital Government Strategy. This constitutes a substantial adverse impact to Finance’s
proper and efficient conduct of its data policy functions.
6
OFFICIAL
For these reasons, I consider these documents are conditionally exempt in full under section
47E(a), (b) and (d) of the FOI Act. My consideration of the public interest test, in respect of
all the material subject to conditional exemption in these documents is discussed below.
Public interest test
Section 11A of the FOI Act relevantly provides:
(5) The agency or Minister must give the person access to the document if it is conditionally
exempt at a particular time unless (in the circumstances) access to the document at that time
would, on balance, be contrary to the public interest.
In finding that the documents are conditionally exempt in full, I am required to consider
whether it would be contrary to the public interest to give access to the information in the
documents at this time.
Factors favouring disclosure
Section 11B of the FOI Act relevantly provides:
(3) Factors favouring access to the document in the public interest include whether access to
the document would do any of the following:
(a) promote the objects of this Act (including all the matters set out in sections 3 and
3A);
(b) inform debate on a matter of public importance;
(c) promote effective oversight of public expenditure;
(d) allow a person to access his or her own personal information.
In considering the scope of your request and the content of the documents, I have taken into
account the intention of the FOI Act to provide for open government and that the release of
the documents would promote transparency of government activities. I consider the release
of the documents would promote the objects of the FOI Act.
I have balanced this consideration against the factors against disclosure below.
Factors against disclosure Paragraph [6.233] of the FOI Guidelines provides a non-exhaustive list of factors against
disclosure. I consider that the following factors apply to these documents, in that the release
of the information in the documents could reasonably be expected to:
• prejudice an agency’s ability to obtain similar information in the future, and
• prejudice the effectiveness of testing or auditing procedures.
As explained in my reasons for finding these documents exempt under section 47E of the
FOI Act, I consider the release of this information would adversely affect the DMAT
procedures and results and have a substantial adverse effect on Finance’s proper and
efficient conduct of data policy functions. In turn, the release of this information would
disincentivise the provision of responses and undermine advice to the Government.
These reasons weigh heavily against the release of the information in the document. As
such, I consider that the document should not be released.
Irrelevant factors Section 11B of the FOI Act relevantly provides:
7
OFFICIAL
(4) The following factors must not be taken into account in deciding whether access to the document
would, on balance, be contrary to the public interest:
(a) access to the document could result in embarrassment to the Commonwealth
Government, or cause a loss of confidence in the Commonwealth Government;
(b) access to the document could result in any person misinterpreting or misunderstanding
the document;
(c) the author of the document was (or is) of high seniority in the agency to which the
request for access to the document was made;
(d) access to the document could result in confusion or unnecessary debate.
I have not taken into account any of these irrelevant factors.
Balancing public interest factors
The FOI Guidelines relevantly provide:
[6.238] To conclude that, on balance, disclosure of a document would be contrary to the public
interest is to conclude that the benefit to the public resulting from disclosure is outweighed by the
benefit to the public of withholding the information. The decision maker must analyse, in each case,
where on balance the public interest lies based on the particular facts of the matter at the time the
decision is made.
I acknowledge that there is public interest in providing access to the information in the
documents for the reasons described above and for the reasons you have outlined in your
correspondence with Finance.
However, I consider that to release this information in the kind of detail you request would
prejudice the effectiveness of the procedure and method for the DMAT and the attainment of
the objectives of the DMAT, and could reasonably be expected to have a substantial adverse
effect on the proper and efficient conduct of the operations of Finance in its data policy
functions.
Therefore, on balance, I consider that in this instance the factors against disclosure outweigh
the factors favouring disclosure.
Review and appeal rights
You are entitled to request an internal review by Finance or an external review by the Office
of the Australian Information Commissioner (OAIC) of my decision. The process for review
and appeal rights is set out at
Attachment A.
If you have any questions about this request, please contact the FOI Team.
Yours sincerely,
Colleen Norton
A/g Assistant Secretary
Data Policy and Assurance Branch | Digital ID and Data Policy Division
Department of Finance
17 January 2025
8
OFFICIAL
ATTACHMENT A
Your Review Rights
Legislation A copy of the FOI Act is available at:
https://www.legislation.gov.au/Series/C2004A02562.
If you are unable to access the legislation through this website, please contact our office for
a copy.
Internal Review (IR) If you disagree with this decision, you can seek a review of the original decision. The review
will be conducted by a different decision maker, usually someone at a more senior level.
You must apply for an IR within
30 calendar days of being notified of the decision or
charge, unless we agree to extend your time. You should contact us if you wish to seek an
extension.
We are required to make an IR decision within 30 calendar days of receiving your
application. If we do not make an IR decision within this timeframe, then the original
decision stands.
Your request for an IR should include:
• a statement that you are seeking a review of our decision;
• attach a copy of the decision you are seeking a review of; and
• state the reasons why you consider the original decision maker made the wrong
decision.
Email
: xxxx@xxxxxxx.xxx.xx Post
: The FOI Coordinator
Legal and Assurance Branch
Department of Finance
One Canberra Avenue
FORREST ACT 2603
Information Commissioner review You may apply directly to the Office of the Australian Information Commissioner (OAIC)
for an Information Commissioner review of this decision. You must apply in writing
within
60 calendar days of this notice.
For further information about review rights and how to submit a request for a review to the
OAIC, please see
https://www.oaic.gov.au/freedom-of-information/your-freedom-
ofinformation-rights/freedom-of-information-reviews/information-commissioner-review.
9
OFFICIAL
Third parties If you are a third party objecting to a decision to grant someone else access to your
information, you must apply to the Information Commissioner within
30 calendar days of
being notified of our decision to release your information.
The OAIC asks that you commence a review by completing their online form which is
available on their website.
Your review application must include a copy of the notice of our decision that you are
objecting to, and your contact details. You should also set out why you are objecting to the
decision.
Email:
xxxxx@xxxx.xxx.xx Post: Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Phone: 1300 363 992 (local call charge).
Making a complaint You may complain to the Information Commissioner about action taken by the Department
in relation to your request.
Your enquiries to the Information Commissioner can be directed to:
Phone: 1300 363 992 (local call charge)
Email:
xxxxxxxxx@xxxx.xxx.xx There is no particular form required to make a complaint to the Information Commissioner.
The request should be in writing and should set out the grounds on which it is considered
that the action taken in relation to the request should be investigated and identify the
Department of Finance as the relevant agency.
10
