[LINK] Centrelink staff sacked for privacy breaches

brd at iimetro.com.au brd at iimetro.com.au
Wed Aug 23 09:23:34 AEST 2006 

Kim,

I don't know what you find wrong about the reports but the issue that disturbs
me is that systems have been built and are still being used that do not
monitor who is accessing sensitive information. If information should only be
viewed/accessed by those who need to know and who are appropriately
authorised, then the system should have features built in that at least
monitor access or, preferably, control access.

To me it is a failure of requirements identification and system architecture.

I bet there are many systems out there, both in the public and private sector,
that have all or nothing access controls - if you can access the system
you can view anything.

-- 
Regards
brd

Bernard Robertson-Dunn
Sydney Australia
brd at iimetro.com.auQuoting Kim Holburn <kim at holburn.net>:

> Almost everything about this seem wrong to me.
>
> http://www.abc.net.au/news/newsitems/200608/s1721505.htm
>
>> Hundreds of Centrelink staff have been caught inappropriately  
>> looking up the records of friends and ex-lovers.
>>
>> The privacy breaches were uncovered using specially designed  
>> spyware software.
>>
>> As a result of a two-year investigation, Centrelink has uncovered  
>> nearly 800 cases of what it has described as inappropriate access  
>> by staff to customer records.
>>
>> Nineteen staff have been sacked and nearly 100 resigned when they  
>> were confronted with the allegations.
>>
>> Five of the cases have also been referred by Centrelink to the  
>> Australian Federal Police (AFP).
>>
>> Centrelink general manager Hank Jongen says breaches of customers'  
>> privacy will not be tolerated.
>>
>> "It was done for a whole range of reasons - from just sticky- 
>> beaking, through to at the more serious end of records actually  
>> being changed," he said.
>>
>> More than 300 Centrelink staff are also facing salary deductions or  
>> fines, while 46 have been reprimanded.
>
> --
> Kim Holburn
> IT Network & Security Consultant
> Ph: +61 2 61258620 M: +61 417820641  F: +61 2 6230 6121
> mailto:kim at holburn.net  aim://kimholburn
> skype://kholburn - PGP Public Key on request
> Cacert Root Cert: http://www.cacert.org/cacert.crt
> Aust. Spam Act: To stop receiving mail from me: reply and let me know.
> Use ISO 8601 dates [YYYY-MM-DD] http://www.saqqara.demon.co.uk/ datefmt.htm
>
> Democracy imposed from without is the severest form of tyranny.
>                           -- Lloyd Biggle, Jr. Analog, Apr 1961
>
>
>
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link
>



----------------------------------------------------------------
This message was sent using iiMetro WebMail

More information about the Link mailing list