ACT Policing, the law enforcement agency covering Canberra, has admitted to more unauthorised access to stored communications and telecommunications data than it first reported.
A lot more.
As iTnews reported earlier this week, the organisation ‘fessed up to 116 instances of metadata access which were allowed by an officer without the authorisation to do so.
Now ACT Policing has revealed in a statement issued at take-out-the-trash-o’clock late on Friday afternoon that the actual number of unauthorised metadata accesses was 3249.
There’s a teensy bit of upside in the fact that the extra incidences of unauthorised access didn’t take place in the same timeframe as the 116 other mistakes, and that ACT Policing was able to identify its errors by itself.
ACT Policing’s statement says it “subsequently examined all relevant records to determine the use of the data that had resulted from these requests.
"It was established that the majority of the results had not been used in evidence or provided to third parties.
"Action was also taken to develop a quarantine process to eliminate any future use of the data."
Interestingly, the statement adds: “Of the total telecommunications data requests, 240 generated information that was of value in progressing ongoing investigations and inquiries.
"Noting one investigation may require multiple telecommunications data requests, the 240 telecommunications data results were referred to individual case officers to conduct further examination and confirm its use and dissemination.
"During this process, steps were taken to commence quarantining the relevant material.”
ACT Policing has also promised not to mess up like this again and “has implemented measures to maintain enduring authorisation to prevent this issue reoccurring and is committed to ensuring access to telecommunications data is conducted appropriately and transparently.”
Changes to internal processes recommended by the Commonwealth Ombudsman have been adopted, and ACT Policing also “initiated its own additional changes to provide greater assurance.”
“Refresher training has been provided on legislation, delegations and assurance procedures to ensure authorisations are conducted in accordance with the legislation,” too.
Which makes iTnews feel much better, seeing as the first round of education was clearly so very effective.