Victoria’s corruption watchdog has suggested sensitive regulatory databases across the state are being abused by agency staff, blaming sloppy information security and governance.
The bombshell claim is contained stinging review of corruption risks faced by Victoria’s regulators published today by the Independent Broad-based anti-Corruption Commission (IBAC) that lays bare a litany of risks ranging from brothel kickbacks to dodgy development applications.
“IBAC and other integrity agencies have information suggesting regulators may be inaccurately recording, manipulating and misusing data to meet performance targets,” IBAC said in its report.
The watchdog has doubled down on what it sees as the clear potential for data holdings at state regulators to be used for corrupt activity.
It has listed an information security management clampdown as the first “prevention and detection” strategy to mitigate corruption risks.
Agencies covered in the IBAC review include VicRoads, WorkSafe, Consumer Affairs Victoria, the Victorian Building Authority and the Victoria Police Licensing and Regulation.
“Employees may be more likely to detect and report colleagues who do not manage such information appropriately,” IBAC said.
“Robust systems to detect the misuse of information can also assist regulators to identify employees who are inappropriately accessing and disclosing information.
“Such systems might include regular and random audits of database access.”
Random and persistent auditing of database access is already a common feature of welfare and law enforcement agencies. Some, like Centrelink, have revealed the results of such audits to the public.
Serving police officers in several states have also been disciplined or sacked for inappropriately looking up data on persons of interest, spouses and even neighbours.
The IBAC report into corruption risks at regulators is the first step in putting organisations in that sphere onto a common footing with the more stringent requirements placed on large sensitive data custodians like health.
“A greater awareness of the value of sensitive information held by regulatory agencies and how it could be misused is likely to lead to better information management practices and, in turn, fewer opportunities for corruption,” IBAC.
“Educating employees on the risks associated with working with personal, health or commercially sensitive information – as well as the relevant legislative provisions around handling such information – will ensure employees are more accountable in how they access and disclose information.”