Queenslanders should expect that the confidential information they provide to government agencies is not subject to unauthorised access by curious police officers and public servants.
In a report tabled in State Parliament today, the CCC has provided 18 recommendations designed to ensure that Queenslanders’ confidential information is less vulnerable to inappropriate access by staff of public sector agencies.
The report, Operation Impala – A report into misuse of confidential information in the Queensland public sector, is based on the findings of a public hearing conducted by the CCC last November.
The recommendations include:
- stronger IT access controls and audits of access
- increased accountability for staff who access information
- increased training on the responsibilities involved in dealing with people’s confidential information, and on the possible consequences of unauthorised access or use, and
- a new criminal offence that would make it easier to prosecute information breaches.
CCC Chairperson Alan MacSporran QC said Operation Impala examined how effectively seven public sector agencies — including police, health, transport, education and corrective services — safeguarded the data entrusted to them by Queenslanders.
The agencies were chosen as a representative cross-section of the Queensland public sector.
“We examined these agencies’ systems and cultures to find out how public servants were able to access people’s confidential information without any legitimate reason, and why they continued to do so despite the obvious issues this can cause,” Mr MacSporran said.
“We also wanted to understand how agencies responded to misuse of confidential information, whether by disciplinary action or by referring matters to the police or the CCC for consideration of criminal charges.”
Operation Impala heard evidence from Directors-General, the Commissioner of Police, the Information Commissioner, a range of legal, privacy and information experts and individuals who had their information inappropriately accessed and disclosed.
“The aim of Operation Impala was to help all public sector agencies build systems and cultures that ensure the information the public gives to these agencies is properly stored and protected,” Mr MacSporran said.
“We found during the hearing that agencies were at different levels of maturity in this area. Their approaches and sensitivity to risk depend on the types of information they collect, and how strongly the individual agency emphasises the importance of protecting people’s confidential information.
“Although individual agencies’ approaches may differ, it was evident they are all very sensitive to any loss of public trust in their operations, understand the damage that can be caused to people who are impacted by the access and disclosure of confidential information and they are committed to improving their systems.”
In addition to a number of recommendations designed to improve the culture of public sector agencies, the CCC has recommended the creation of a new criminal offence for public servants who access confidential information without a lawful reason.
“Creating a new offence in the Criminal Code will leave public servants in no doubt as to the seriousness of accessing, or disclosing, confidential information without a lawful reason. If the recommendation is adopted, it will mean these types of issues will no longer be viewed by public servants as minor indiscretions or misguided curiosity.
“A new offence will appropriately classify this type of conduct as criminal in nature, and in our view this aligns with the seriousness and consequences of accessing and disclosing Queenslanders’ confidential information,” Mr MacSporran said.
The CCC’s report, and a summary of the recommendations, is available on the CCC’s website at: www.ccc.qld.gov.au/operation-impala
ENDS
