Editorial: Council Privacy Safeguards Fail
ON Saturday, New South Wales Police issued a media release stating they had suspended an officer without pay, who will now face court after he allegedly accessed restricted data on a police computer.
It might be tempting for a police officer to do a background check on their daughter’s new boyfriend, or for a nurse to look up the patient record of someone they like, but it is illegal.
In government you can only access information if you are required to do so in the course of doing your job and computer systems monitor when information is accessed and who has accessed it.
The police confirmed they regularly conduct audits of their staff to ask why they accessed files and ensure it is for legitimate reasons.
One of their officers may have recently failed that test, but police have been proactive in dealing with the alleged breach.
Unfortunately, there are not currently the same assurances from the Upper Hunter Shire Council.
While it would be a breach of the privacy act for a staff member to access files for their own purposes, Council has confirmed they do not have systems in place to monitor when personal information is accessed.
scone.com.au made an enquiry to Council in relation to who may have accessed specific personal property records during a specific period and was advised, “Council is unable to determine if xxxxx or or anyone else has accessed xxxx personal property details.”
Council, like all other government organisations need to ensure they adhere to the privacy act, but if they don’t have systems in place to see when staff members are accessing personal information, how can they prove it or police it?
While most Council staff may be highly trustworthy there still need to be checks and balances to ensure they are complying with the law.
Arguably some of the most trusted public servants are our doctors and nurses, but they are also some of the most tightly monitored.
Greg Jackson, manager records, privacy and information and security for Hunter New England Health said the 14,000 staff across the health system face a high risk and a high cost for a privacy breach.
“We have a very powerful auditing tool that records the details of every person who logs on, on what computer, what information they have accessed and the time they spent and if we get a privacy complaint we can use that to audit,” said Mr Jackson.
“There are severe penalties for privacy breaches ranging from dismissal back to corrective counselling, if they have inadvertently accessed the wrong patient record they may have retraining, but if they are using the information for their own personal gain that can result in dismissal and often that also means they lose their registration to operate as a clinician, it is high risk and high cost,” Greg Jackson said.
Wayne Bedggood, Mayor of the Upper Hunter Shire Council said he was surprised their system had a privacy gap and said they would consider other systems if it could not be fixed.
“It is a system that a lot of Council’s use and it doesn’t actually record access it only records modifications, so that is something we need to look into,” said Mayor Bedggood.
“We will see what they (the software company) can do about it and if they can’t close that loop then we might have to think about changing back to the older system,” he said.
“We have a code of conduct and obviously in any business where you have people in control of confidential information is an issue and at the end of the day if you’ve got a system that logs what’s happening then it is probably an incentive for ne’er-do-wells to do things properly, so I think it is another layer of protection for privacy for everybody not just the public, but within Council as well,” Wayne Bedggood said.
Elizabeth Flaherty
Editor, scone.com.au