Just after one corruption watchdog warned public servants not to peek at government records without good reason in its contribution to Privacy Awareness Week, another laid charges against a former police officer for doing just that.
On Wednesday, Victoria’s Independent Broad-based Anti-corruption Commission charged a former Detective Senior Constable with four counts of unauthorised access, use or disclosure of police information. This is alleged to have taken place last year, and the matter goes to court on July 3.
Incidentally, IBAC’s new chief Robert Redlich called for stronger police oversight powers including the ability to search and arrest officers in a February 5 parliamentary hearing, reported on May 20 by The Age. Currently, it has to ask other police officers to make the arrest, and Redlich feels the police cannot always be trusted to keep information confidential.
“That is part of the culture, though,” he told the committee. “We are dealing with an organisation in which nothing much has changed in that respect over 40 years.”
How to handle breaches and complaints
Elsewhere in Melbourne last week, the Office of the Victorian Information Commissioner ran workshops on de-identification and how to handle breaches and complaints, as well as a public debate on whether privacy and technology are incompatible, hosted by The Mandarin’s publisher, Tom Burton.
On Tuesday, a missive went out from Queensland’s Crime and Corruption Commission discouraging the exact kind of misconduct alleged by IBAC.
“Pursuing corruption in the public sector relating to the improper access and release of confidential information is a continuing area of focus for the CCC,” said the agency’s chairman, Alan MacSporran.
“For example, a key topic in the issues paper for the Taskforce Flaxton public hearing, currently under way, is the risk of inappropriate access to information, such as computer systems, and disclosure of that information.”
The CCC received 533 allegations of misuse of information between July 2017 and April this year, about 8% of the total, compared to 644 in the same nine-month period last year, which made up 9% of the agency’s workload. MacSporran said he was “encouraged” to see a slight drop in the percentage.
“This data indicates that the trend is heading in the right direction, however there is still room for improvement in protecting and managing data held by government agencies,” he said, pointing out that serious cases can result in dismissal.
“I urge all public agencies to ensure that they have frameworks in place to properly protect information and to educate staff on when it is not appropriate to access information.”
The Queensland Office of the Information Commissioner, as the lead agency, published resources for public servants including a quiz, posters with privacy tips designed to adorn agency office walls and a couple of videos.
In New South Wales, privacy commissioner Samantha Gavel held a “thought leadership event” with Attorney-General Mark Speakman lending ministerial weight to the occasion.
“As we conduct an increasing amount of business and socialising online, we must be vigilant about reviewing social media privacy settings, choosing complex passwords and taking care when using public computers to access personal information,” Speakman said.
One topic under discussion was the European Union’s new General Data Protection Regulation, which it intends to enforce globally after it takes effect this Friday. The Office of the Australian Information Commissioner advises it applies to organisations if they are selling goods or services to EU citizens or monitoring their behaviour inside the EU.
The OAIC hosted a special website for PAW and several events including a discussion of the EU’s new data protection law and a webinar for public servants, and tied the occasion in with the 30-year anniversary of the federal Privacy Act 1988. The e-safety commissioner also got involved with material aimed at families.
From principles to practice
The Northern Territory Information Commission held its PAW a bit earlier in the month, from May 7-11, and also published a set of printed tip sheets and a terse statement: “We are encouraging organisations to take a look at themselves and be confident that their handling of private information is something to be proud of.”
Themes for PAW, which was established by the Asia Pacific Privacy Authorities forum, vary around the country. “From principles to practice” was the name for the NT, Victoria and Commonwealth authorities, while in NSW it was: “Privacy in the digital age”. Queensland’s theme also highlighted digital privacy: “Value personal data — it’s worth protecting.”
The Australian Privacy Foundation also chose last week to publish its latest verdict on e-health records, and the new plan to boost take-up by switching the My Health record from an opt-in to an opt-out service. It is not impressed.
Assuming anyone who doesn’t get around to opting out before October 15 this year is “Clayton’s consent” in the view of APF spokesman Bernard Robertson-Dunn, a PhD qualified engineer whose professional background is in enterprise IT architecture, and who is urging Australians to get out while they can.
Correction: this article originally interpreted an article in The Age to mean that comments from a “private” parliamentary committee proceeding were leaked. This was incorrect; a transcript of the relevant hearing is published on the Victorian Parliament website.