Queensland’s Crime and Corruption Commission (CCC) continues to investigate the unauthorised use of sensitive government databases by the State’s Police Service.
Since 1st July 2015, the CCC has completed 15 investigations into unauthorised access to confidential information, resulting in 81 criminal charges and 11 recommendations for police to be suspended or otherwise disciplined.
The CCC has already received 483 complaints of internal privacy and information breaches this year, comprising 11.5% of all complaints received, up from 7% in 2015. The complaints allege police and other public servants accessed protected government databases without authorisation.
“What may seem a simple ‘peek’ by a public servant at someone else’s personal data is not only an invasion of privacy, it’s potentially a criminal offence and grounds for investigation by the Crime and Corruption Commission,” a CCC spokesperson said.
The complaints range from single incidents of access, to protracted courses of unauthorised conduct for personal gain, and include:
- A police officer who was convicted of 50 hacking offences after accessing the Queensland Police Service’s secure crimes database to trawl through information on women he met on a dating site,
- A police officer who accessed the criminal history of a friend’s former partner to help win a custody case.
- A government employee who was convicted and given an 18-month suspended prison sentence after accessing building reports to help make her property buying decision,
- A police officer who received a six-month suspended prison sentence after leaking car registration and criminal records to a relative who worked as a private investigator, and
- A former police officer, who had previously been fined $8000, for accessing the police database to obtain the phone numbers of other men to organise sex.
Warning to Top Brass
Executive Director of Corruption at the CCC, Dianne McFarlane, says the organisation has sent a formal letter to senior officers in the Queensland Police Service warning they will be held personally responsible for the misuse of public data under their control, and demanding that all officers be made aware of the seriousness of such breaches.
“Any unauthorised release and disclosure is a serious breach of the trust placed in public sector employees,” Ms McFarlane said.
Not the First Time
This is not the first time concerns have been raised about the unauthorised use of date.
In 2000, the Queensland Criminal Justice Commission released a report on the improper use of confidential information by members of the Service. The enquiry was prompted by allegations that officers at Nerang Police Station had regularly been accessing and using confidential data for unauthorised purposes.
The Report recommended that the Queensland Police Service:
- Advise officers that they are not permitted to access any computer system unless they do so as part of their official duties,
- Advise officers that they are not entitled to access computer systems merely by virtue of their status, rank, office or level of authorised access, and
- Educate officers about proper authorisation by giving specific examples of appropriate and inappropriate reasons for access.
Unfortunately, the recommendations were either not sufficiently implemented by Police Service heads, or the culture of police misconduct is so entrenched that regular breaches continue to occur; with many concerned police officers feel they are ‘above the law’ and can get away with criminal conduct.
Into the Future
Recent federal laws which require internet and phone service providers (ISPs) to store the personal meta-data of subscribers and release that information to police, law enforcement agencies and a range of other public servants without them having to give reasons for the access, let alone obtain a warrant, have renewed concerns about how this data will be used into the future; specifically, whether potentially thousands of public servants can be trusted to access and utilise that data for authorised purposes only.
Thanks to the new laws, over 2500 public service employees across the country, mostly police and law enforcement agents, are now able to directly access this wealth of personal information. The NSW Police Force leads the way, with more than 900 senior officers able to directly access the data, and sign-off on data requests by many thousand less senior officers.
And it seems our Force is still not satisfied – in a submission to the NSW State government late last year, it requested further powers to access personal financial records, again without a warrant. The changes would see data such as bank records and transaction histories join the cache of digital information at the Force’s direct disposal, without them having to show why they need it, alongside Opal Card travel data which is already stored and accessible through NSW Transport.
With so much personal information directly accessible to so many people without a warrant, it seems certain that the misuse of confidential information will only increase in coming years.