Victorian privacy rights compromised

By Angela Dorizas

The confidentiality of personal information collected by government departments has been compromised, according to a report by the Victorian Auditor-General Des Pearson.

The report examined lack of effective oversight and coordination of information security practices in three departments.

“Neither the Department of Treasury and Finance nor the Department of Premier and Cabinet have addressed all aspects of information security following the disbanding of the Office of the Chief Information Officer and its supporting committees in 2006,” Mr Pearson stated in his report.

He said databases containing personal details of members of the public were easily accessible to unauthorised persons.

“Recent incidents of personal information being found in public places or in the hands of unauthorised persons, are further evidence of this,” he said.

“This situation has arisen partly because information security policy, standards and guidance for the sector are incomplete and too narrowly focused on ICT security.”

Mr Pearson said lax information security was not confined to the three departments under review, but widespread across the public sector.

He recommended that the three departments clarify their roles and responsibilities for information security; expedite the release of a comprehensive, integrated suite of standards and guidance that address all aspects of information security; mandate that all public sector agencies adopt the whole-of-government information security policies and standards; establish clear oversight to monitor the implementation of such policies; and establish a process to identify and communicate emerging information security risks across the sector.

The report, which was tabled in Parliament, also made a number of recommendations for all public sector agencies, including the introduction of staff training, more robust risk management practices, inventories of information stored by each department and agreements with third party services providers to set out standards of security over information handled.

Comment below to have your say on this story.

If you have a news story or tip-off, get in touch at  

Sign up to the Government News newsletter

Leave a comment:

Your email address will not be published. All fields are required