[ISN] WA should beef up security: report

InfoSec News isn at c4i.org
Tue Oct 4 01:49:29 EDT 2005 

http://australianit.news.com.au/articles/0,7204,16769033%5E15319%5E%5Enbv%5E15306,00.html

Heather Quinlan
SEPTEMBER 30, 2005  
 
WEST Australian government agencies have better control of their
postage stamps than they do of confidential personal information
stored in their computers, a report by the state's corruption watchdog
shows.

A Corruption and Crime Commission (CCC) study revealed personal data
held on WA government computers was vulnerable to misuse and must be
better protected through staff security screening, monitored access
and beefed-up criminal laws.

The Protecting Personal Data in the Public Sector report, tabled in
parliament yesterday, found checks on inappropriate access and leakage
of computer-held information were inadequate.

CCC spokesman Glenn Ross said examples of data misuse ranged from
looking up a friend's address on a work computer, to the murder of
former police officer Don Hancock, which was made possible by
information provided to an outlaw motorcycle gang by a public servant.

Former transport department worker Karen Moore was charged and
convicted after providing the name and address to match a car
registration number supplied by a bikie associate.

The following month, the same car - which belonged to Mr Hancock's
friend Lou Lewis - was blown up, killing both men.

A Gypsy Joker bike gang member was later convicted of the bombing
murders.

The CCC study examined the handling of personal data in six state and
local government agencies, conducted surveys of 540 public sector
staff and considered 17 submissions - 11 from members of the public.

The state government, which is in the process of drafting new privacy
legislation, said yesterday it would accept many of the CCC's
recommendations.

WA Treasurer Eric Ripper, commenting on behalf of Premier and Public
Sector Management Minister Geoff Gallop, said the government must
improve its practices.

"Every citizen has the right to expect that confidential information
that the government holds will not be used for unauthorised purposes,"  
Mr Ripper told reporters.

"Human nature being what is is, it is hard to offer guarantees but we
need to do better in this area (of information security).

"Many public sector managers feel there are deficiencies in our
disciplinary framework and ... if they don't feel they've got the
power to take action, then that is something government has to attend
to."

The report found state and local government agencies had better
systems to control use of petty cash and postage stamps than the
access to confidential information held on computers.

The report, which also supported a privacy commissioner and privacy
legislation, also recommended amending the criminal code to prohibit
unauthorised access and disclosure of information.

Other recommendations included the establishment of uniform
definitions and criminal penalties, regular security checks of public
sector staff, and the introduction of a public sector oath to maintain
the confidentiality of information.

AAP

More information about the ISN mailing list