Sorting Out Acc Information Security

< BACK TO NATIONAL starstarstarstarstar   People - National Press Release
27th October 2009, 07:00am - Views: 614

People Feature Commonwealth Ombudsman 1 image

People Feature Commonwealth Ombudsman 2 image


Tuesday, 27 October 2009

Sorting out ACC information security

Conflicting and outofdate internal information policies, multiple databases with varying

degrees of security and low staff morale increased the risk of confidential Australian

Crime Commission (ACC) intelligence falling into the wrong hands, according to

Commonwealth Ombudsman Professor John McMillan.

The Ombudsman today released the findings of a review of the ACC’s policies, practices

and procedures for information collection, storage and dissemination. The review was

prompted by a request from the ACC’s Chief Executive, following a leak to the media in

September 2008 of an ACC document detailing conversations at a Ministerial dinner.

‘The review established that the Australian Crime Commission performs its intelligence

gathering role in accordance with its legislation and that it does not appear to hold

improper or unauthorised records,’ Professor McMillan said. ‘The creation of the

document in question was entirely inappropriate, but seems to have been an anomaly.

‘However, the ACC does need to improve the way it handles sensitive information.’

Professor McMillan said that central to the issue were the conflicting policies,

procedures, guidelines and other documents, such as all staff emails from senior

management, that the ACC had in place.

‘Staff can be confused about whether the organisation endorses a needtoshare or a

need–to–know policy,’ he said.

‘This problem is compounded by a lack of clarity in the ACC’s definition of what

constitutes unauthorised access to information, while a lack of transparency in censuring

officers found to have breached policy has led to resentment and threatens staff morale.

‘The ACC's main record keeping database has a default that allows anybody to look at

any record, unless the creator has remembered to change the setting to restrict access.’

Professor McMillan acknowledged the ACC’s recent efforts to build a culture of integrity

and improve information handling and made six recommendations to assist, including

that the ACC should:

develop an overarching information governance policy as a matter of high priority

review the guidance given to consultants in relation to the use of ACC information

develop a definition for unauthorised information access and enforce it

consider improving audit and incident reporting systems.

The ACC has accepted the recommendations.

The Ombudsman’s report, Australian Crime CommissionReview of collection, storage

and dissemination of information, is attached. It is also available from


Media contact:

Fiona Skivington, Director Public Affairs

0408 861 803

news articles logo NEWS ARTICLES
Contact News Articles |Remove this article