The West Australian Public Transport Authority has tightened controls of sensitive information a year after the personal details of almost 2,000 staff were leaked to a union.

The state’s Corruption and Crime Commission found in 2018 that a PTA employee took advantage of a colleague leaving their computer unattended to access confidential staff details which he transferred to the Australian Rail Tram and Bus Industry Union.

The CCC said data and information misuse is a growing concern in the state’s public sector and underscores the need for strong IT security and careful management of records.

The CCC’s 2018 Report into unauthorised release of confidential information of the PTA found the employee, a senior linesman with the authority, transferred the personal details of 7,50 employees to the RTBU in June 2017.

The PTA and the union were involved in “acrimonious” EBA negotiations at the time.

The CCC recommended that that the PTA tighten access over controls, including logins.

In a report tabled in parliament last week, the commission said the PTA has since taken a number of steps to improve data security, including requiring employees to acknowledge its telecommunications  policy.

The PTA has also introduced mandatory automatic suspension of user accounts if they are inactive for three months, and automatically deletes information on shared drives after 30 days.

It is also taking steps to improve printing security and has updated its information security policy and Ethical Decision Making training.

IBAC warns Victorian public sector

The latest report comes after Government News reported earlier this month that the Victorian corruption watchdog warned public sector reliance on technology was making it easier to access and leak confidential information.

“The public sector holds vast amounts of personal information, much of it sensitive, including citizen’s financial data, health records and contact details along with political and economic information. It is vital that this information is properly secured and managed,” IBAC Commissioner Robert Redlich said in his report.

It also comes after University of Melbourne researchers last year found that potentially millions of public transport users could be identified from a huge, supposedly de-identified, Myki ticket data set that had been released by Public Transport Victoria as part of a science competition.

The alarming discovery prompted an investigation by the Office of the Victorian Information Commissioner, which said in a report released last August that the incident demonstrated the challenges of privacy risks inherent in the collection of large and complex datasets.

It also highlighted the need for the state’s public sector, which has many “large and sensitive data holdings”, to have a high level of data literacy, the information commissioner said.

Comment below to have your say on this story.

If you have a news story or tip-off, get in touch at editorial@governmentnews.com.au.  

Sign up to the Government News newsletter