As part of their normal business, NSW government agencies and state owned corporations are required to protect the integrity and confidentiality of commercial, Cabinet and other official information that they are responsible for.

Information that relates to critical infrastructure or NSW counter terrorism arrangements would be considered security sensitive. Inadvertent or inappropriate release of such information may mean that NSW organisations lose control of who has access to the information.  In a worst-case scenario this could result in adverse consequences for the security of NSW critical infrastructure or risks to NSW citizens.

It is therefore essential that agencies and corporations protect and secure security sensitive information appropriately, whether in data or hard copy format. 

The national counter terrorism alert level remains at Medium. This means that a terrorist attack could occur. In light of the recent security incidents in the United Kingdom it is timely to remind NSW government organisations of the need to ensure procedures are in place to protect NSW Government security sensitive information from inappropriate release to third parties.

Security sensitive information

Security sensitive information is data that is classified PROTECTED and HIGHLY PROTECTED or holds a caveat SECURITY-IN-CONFIDENCE.

Other unclassified information in electronic or hard copy format may also be considered security sensitive. The following guide may assist organisations to determine if information not previously classified is now considered security sensitive. Information may be considered security sensitive if, through unauthorised or inappropriate disclosure or misuse it:

• may cause harm to a government department, a law enforcement agency or any person or organisation in NSW.
• may affect the operation of NSW Critical Infrastructure.
• may cause harm to Australia's national security.

Data that holds a national security classification such as RESTRICTED, CONFIDENTIAL, SECRET or TOP SECRET is also security sensitive information. All Australian jurisdictions have recently entered into a memorandum of understanding with the Commonwealth of Australia to protect such information in accordance with the Australian Government Protective Security Manual 2005. A NSW framework to implement our responsibilities under the memorandum of understanding is being developed.

NSW approach to the release of security sensitive information

The following whole of government approach is to be applied to the release of security sensitive information to third parties.

Security sensitive information should only be released by NSW agencies to third parties:

• by public officials with proper authority and in accordance with established organisation policies and procedures;
• where it is necessary for the purpose of properly discharging the organisation's functions;
• in accordance with government policy;
• in accordance with the rules or enforceable orders of a court or tribunal; and
• in accordance with a requirement made by a body with the statutory power to require production of documents or statements of information (for example under the Independent Commission Against Corruption Act).

Organisations may seek advice in the first instance from the Senior Security Advisor, NSW Department of Premier and Cabinet, Counter Terrorism and Disaster Recovery via email: [email protected] . The Counter Terrorism and Disaster Recovery directorate will coordinate specialist advice from the NSW Police Force or Australian Government security agencies where appropriate. Copies of the Australian Government Protective Security Manual 2005 are available in electronic format from the CTDR upon request.

All Government organisations, including State Owned Corporations should adopt this approach as part of their policy.

Morris Iemma MP
Premier