default text | larger text
top navagation imagemap Link to home page Link to search page Link to help page Link to sitemap page Link to website privacy statement Link to contacts page Link to disclaimer/copyright information
 
About the Office

Reports to Parliament

Performance Indicators

Other Publications

Media Statements

Work In Progress

Resource Links

Annual Report

Job Vacancies

Graduate
Opportunies

Information
for Agencies

Refer this Page

 

 

 

4 December 2002

AG’s REPORT HIGHLIGHTS CONCERNS OVER SECURITY OF CONFIDENTIAL PERSONAL INFORMATION

Auditor General Des Pearson has again warned public sector agencies over information system security, this time in relation to confidential personal information.

The warning is contained in Mr Pearson’s second Public Sector Performance Report of 2002 tabled in State Parliament today that also covers the management of intellectual property by the Department of Agriculture in relation to the development of a new apple variety, and the results of a Performance Examination focused on the need for government agencies to regularly evaluate the purpose and role of their building assets.

In an audit to assess the management of personal information at five selected agencies Mr Pearson found that though all were collecting that information lawfully and for proper purposes, four of the five were disclosing personal information to contractors and outsource companies without fully managing the associated privacy risks.

All five agencies were yet to fully fathom the privacy related risks in relation to information system security, and whilst they were committed to improving the process there was still a way to go to achieving best practice.

Improvements needed include undertaking risk assessments in relation to personal information held, implementing appropriate logging and monitoring of access made to personal data, and ensuring that personal information is wiped from obsolete equipment.

It was also found that none of the agencies had made it clear that there were processes in place to enable individuals to access and correct information about themselves.

In September last year the Auditor General warned all agencies to be vigilant and ensure appropriate security measures were in place, as audits at a sample dozen agencies had found both high and medium level risks of Internet and network security attacks, leaving the agencies vulnerable to unauthorised disclosure of confidential data.

Commenting on the information system security issue today Mr Pearson said: “Public sector agencies gather and maintain large amounts of personal and sensitive information about private individuals, and there is a clear public expectation that personal information, when given to agencies in confidence, is used only for the purposes for which it was provided and is properly secured to prevent unauthorised disclosure.

“All agencies must strive to meet that expectation – sound public sector management requires not only that agencies adopt an ongoing, proactive approach to identifying risks and seizing opportunities for improved performance in information system security, but also that they effectively address concerns raised, be they from the public or in my previous reports.”

The audit at the Department of Agriculture is a follow-up of a 1999 examination into the commercialisation of the Cripps Pink apple variety that concluded that intellectual property aspects of the process could have been better managed.

The current audit finds that since then the Department had developed a more rigorous and formalised approach to address recognised shortcomings in its intellectual property management process for breeding, evaluating and commercialising apple varieties, particularly the new apple variety, ST23/74.

The Performance Examination evaluating the asset effectiveness of family centres owned by the Department for Community Development has a message for all government agencies that collectively have some $6 billion invested in building assets.

Using the centres as a case study, the examination highlights the need for awareness among agencies that the requirements for such assets can change over time, as population demographics and service delivery strategies change, and consequently buildings acquired in the past may not be effective in meeting the needs of the present.

In particular the case study highlights the need for all agencies to regularly review the purpose and role of their building assets and to ensure management information on asset suitability, utilisation, and operating costs is systematically collected and analysed.

Ends/.

 

Media Contact: Peter Villiers, Manager Reporting and Communications
Tel: (08) 9222 7558. Mobile: 0417 936 171 Fax: (08) 9322 5664
4th Floor Dumas House 2 Havelock Street West Perth

Home Page | About the Office | Reports To Parliament | Performance Indicators | Other Publications
Media Statements | Work in Progress | Contact OAG | Resource Links | Annual Report | Job Vacancies

Information Copyright © 1996-2008 Office of the Auditor General
Disclaimer/Copyright | Privacy Declaration