The community expects that people’s personal information should be respected and kept private by any agency authorised to collect, store and use it. With most public sector roles involving access to personal or sensitive information in some way, whether you handle it daily or only occasionally, protecting that information is part of your responsibility.
Every action matters. Privacy isn't just the job of IT teams or records officers, it relies on every public sector employee doing the right thing, every time.
Complaints involving unauthorised access or disclosure consistently rank among the top four most reported types of corruption. Since the beginning of this financial year alone, the CCC has received over 600 privacy-related corruption complaints. These complaints often involve allegations that employees have accessed sensitive or private information without a valid work reason - including their own records, or those of partners, family or friends.
Common types of complaints about misuse of information include:
|
Improper access to personal or sensitive data, whether out of curiosity, convenience or carelessness can cause real harm and damage public trust, even when it’s a well-intentioned single incident. Just because you can view data, doesn’t mean you should.
Some common reasons people misuse information are:
|
Information misuse can also lead to serious outcomes - it can meet the threshold for corrupt conduct under the Crime and Corruption Act 2001 when the behaviour is repeated, concealed or used to gain a benefit or cause detriment. This can mean disciplinary action, criminal charges, or a CCC investigation. It can also signal deeper cultural issues or system weaknesses in your agency.
What can you do?
Agencies have a duty to identify and safeguard these records, including through regular audits and system controls. Privacy isn’t just a compliance issue – it’s everyone’s business, and for some, it’s a matter of life and safety.
We encourage you to use Privacy Awareness Week as an opportunity to:
- Lead by example. Make protecting and respecting personal information a part of your integrity culture and take any breaches seriously.
- Talk about it. Use Privacy Awareness Week to communicate with your team or organisation about expectations and real risks. The Office of the Information Commissioner (OIC) Queensland has resources available to help.
- Know the signs. Repeated low-level breaches, poor system controls, or casual attitudes to information access can be early warning signs.
- Review your systems. This includes policies and access controls, things to consider are;
- Access revocation or amendment triggers when an employee exits or transitions roles.
- System controls to prevent or restrict unauthorised access and audits to identify where this has occurred.
- Use the tools.
- The CCC’s Corruption Prevention resources can help agencies understand common corruption risks and learn about effective strategies to prevent corruption from occurring.
- Our Corruption Prevention Advisory - Misuse of confidential information is a great place to start.
- There is also a CCC Guide to assessing allegations about misuse of confidential information.
- Complete a privacy impact assessment using the Office of the Australian Information Commissioner’s guide and eLearning module.
- If you’re working in local government, check out the Office of the Information Commissioner Queensland’s factsheet - What does privacy mean for councillors?
- The CCC’s Corruption Prevention resources can help agencies understand common corruption risks and learn about effective strategies to prevent corruption from occurring.
