Victoria’s anti-corruption watchdog says information misuse by local government employees appears to being going unreported .
“Allegations data … shows IBAC has received a very low number of allegations regarding information misuse against local government,” a report from The Independent Broad-based Anti-corruption Commission released last week says.
The report, Unauthorised access and disclosure of information held by Local Government, says councils need to improve how they protect the information they hold.
It says councils manage a wide range of official, sensitive and confidential information relating to ratepayers, planning, building, health services, waste management, emergency management, recreation and culture.
Local council employees, like councillors, are subject to codes of conduct mandated by the Local Government Act and employees who misuse information could found to be engaging in corrupt conduct.
However, IBAC says local councils often never find out that information is being misused, and when they do, they often don’t recognise it as misuse.
“Unauthorised information access may not be detected, and unauthorised disclosures may not become public or reported back to the individuals or the agencies affected,” the report says.
The report warns that increasing reliance on technology in the workplace has made it easier for public sector employees to copy and circulate data, while increased use of social media can provide a platform for unauthorised and anonymous disclosures of confidential information.
It also says procurement processes can be manipulated through the unauthorised disclosure of official information.
Examples of information misuse:
- While investigating allegations of fraudulent procurement by council employees, IBAC identified a situations where an approver in the procurement process would leave their computer log-in details and password on a Postit Note on their computer, so employees could approve purchase orders in their absence. The unauthorised disclosure of log-in details enabled corruption to take place.
- A councillor of East Gippsland Shire Council was found to have ‘acted with serious misconduct’ and suspended for four months after an investigation into allegations he leaked confidential information to the media.
- A former South Gippsland councillor was placed on a 12-month good behaviour bond and ordered to pay more than $15,000 for providong a resident, who was involved in legal proceedings against Council, with emails and documents to help in his legal fight.
Improving information security
IBAC says councils can prevent and detect misuse of information by adopting the Victorian Protective Data Security Framework , conducting comprehensive audit programs and raising employee and community awareness of the importance of reporting incidents when they occur.
IBAC Deputy Commissioner David Wolf told said protecting official information from misuse is critical to maintaining community confidence,
“Any unauthorised access or misuse of information matters because it adversely affects the willingness of the public to provide information that is necessary for councils to function properly and importantly, it damages community trust and confidence in local government,” he told a forum hosted by the Office of the Victorian Information Commissioner last Thursday.
He said recent council elections presented a timely opportunity for councils to step up on information security and build their resistance to corruption.
Interesting article, but ironically when I click on the link to the report in the story I get a warning that the website is insecure and might expose my personal information.
It would help very much if the review of the Public Records Act Victoria 1973 which has been going on for nigh on 3 years could be progressed and presented as a Bill to Parliament as soon as possible.In fact it would help if IBAC here in Victoria could have a look at what is proposed and make a suggestion in their current investigations that the compliance and penalty provisions including the possibility of criminal provisions that have been suggested
as possibilities be enacted in one form or another. I am sure that DPC would not mind as record keeping and information management in this State is in their jurisdiction. Goodness why – oh wait I do have some ideas.