As digital threats become more sophisticated and frequent, organisations across both public and private sectors are under increasing pressure to protect sensitive information and maintain high ethical standards. For public sector agencies, success depends on staying agile, well-informed, and prepared to navigate an ever-evolving technological landscape.

“Cybersecurity is an ever-shifting challenge,” said Holding Redlich Managing Partner Elizabeth Carroll. “The Australian Government is on the front foot with the 2023–2030 Australian Cyber Security Strategy, committing to a best-in-class approach of annual updates to the Protective Security Framework.”

This proactive stance signals a future of continuous improvement and increasing expectations. Public sector agencies must remain agile, engaging in consultations such as those on the Protective Security Policy Framework 25 and the Hosting Certification Framework. Staying informed and involved helps agencies avoid ‘security fatigue’ while maintaining robust defences. Government data is a national asset, and must be treated as such. The Data and Digital Government Strategy outlines the importance of managing data in line with privacy, secrecy, and governance obligations.

“Projects involving personal information should adopt a ‘privacy by design’ approach from the outset,” said Carroll.

For agencies seeking to unlock the value of data through safe sharing, mechanisms like the DATA Scheme offer structured pathways.

“It’s important to consider that legal advice may be needed to ensure compliance with the Data Availability and Transparency Act 2022 and other regulatory frameworks,” said Carroll.

Good recordkeeping remains a cornerstone of accountability. Royal Commissions, ANAO audits, and inquiries consistently highlight the need for practices that support Freedom of Information (FOI) processes and meet archives requirements. The use of messaging apps, while convenient, introduces risks – especially when features like disappearing messages are enabled. The Office of the Australian Information Commissioner (OAIC) has issued guidance to mitigate these risks, including recommendations for disabling such features.

Further to data management and cybersecurity, policy and programs must consider ethics and integrity in their design.

“Ethical governance is not optional – it is foundational,” says Carroll. “The introduction of the Australian Public Service (APS) value of stewardship reinforces the need for long-term thinking, integrity, and sustainability in public administration.”

Embedding ethical considerations into policy and program design helps preserve public trust and ensures better outcomes for the Australian community.

As highlighted in recent commentary on ethics for government in-house lawyers, legal professionals play a critical role in guiding ethical decision-making and ensuring that legal compliance does not come at the expense of public interest.

While no system is foolproof, proactive legal and ethical frameworks are essential to protecting data and public trust. When challenges arise, legal support is available to help navigate the complexities.

Holding Redlich is proud to support the public sector as a Tier 2 Partner of IPAA ACT.

Further reading and resources:

• Messaging apps and information management – Lawyers Weekly podcast
• Accountability in the age of messaging apps – Government News
• Ethics for Australian Government in-house lawyers – The Mandarin
• Top 10 tips for participants in the DATA Scheme – Holding Redlich
• Review of the Data Availability and Transparency Act – Holding Redlich
• Privacy law reforms and 2025 priorities – Holding Redlich