Qld corruption watchdog calls out internal privacy threat

Queensland’s corruption watchdog has sent a firm reminder to the state’s public sector that hackers don’t always come in the guise of shady cybercriminals typing code from within dark rooms.

The Queensland police force learnt this the hard way, the Crime and Corruption Commission revealed, when one of its officers was convicted of 50 hacking offences after he used the QPS secure crimes database to investigate people he met via a phone dating service.

“What may seem a simple ‘peek’ by a public servant at someone else’s personal data is not only an invasion of privacy, it’s potentially a criminal offence and grounds for investigation by the Crime and Corruption Commission,” the CCC warned this week in a privacy week note to the public service.

Some of the worst cases it has investigated include:

• A public servant who was handed an 18-month suspended sentence for accessing valuation and building inspection reports to inform her own personal property purchases
• A police office accessing criminal histories of a friend’s ex-partner to help them out in a custody case being dragged through Queensland courts, and
• An officer handed a six-month suspended sentence for leaking information like car registration and criminal records to a relative who worked as a private investigator.

The commission said government workers abusing or improperly accessing confidential information held in state systems was one of the most common areas it is called on to investigate, and numbers are on the rise.

Since 1 July 2015, the CCC has completed 15 investigations into the unauthorised access of confidential information, resulting in 81 criminal charges and 11 disciplinary recommendations.

It has received 483 allegations of internal privacy and information breaches in the current financial year, which represents about 11.5 percent of all claims made to the CCC, and which is up from 7 percent a year ago.

“Unauthorised access and disclosure can adversely affect projects, give unfair advantage to a person or entity, breach a person’s privacy and will damage the reputation of the agency involved,” CCC executive director of corruption Dianne McFarlane said in a statement.

McFarlane and her team this week penned a formal letter to agency heads reiterating that the buck stops with them when it comes to the custodianship of public data.

“Any unauthorised release and disclosure is a serious breach of the trust placed in public sector employees,” she said.