Data security cannot be guaranteed: auditor

Fears that the security of firearm owners has been compromised by the NSW police are strengthened by an Auditor-General’s report that found the state government cannot guarantee the security of sensitive personal information on its databases.

The Auditor-General reported that most government agencies failed to comply with security guidelines.

The situation was reported in 2010 and followed at least a decade of failure to properly secure information about millions of Australians, despite numerous edicts from the government.

This news will not please gun owners, who are becoming increasingly worried that police-held data is falling into criminal hands, resulting in targeted attacks by sometimes violent thieves.

The audit report implies a poor attitude to information security is endemic in the public service.

Shooters and Fishers Party MP Robert Borsak recently confirmed that firearm owners’ details were widely available on the unsecured police intranet at the behest of one of the state’s most senior police officers, Assistant Commissioner Catherine Burn.

When the SFP objected, the data was removed, but it was subsequently put back on the intranet, and it is still there while senior deny any risk or connection with robberies.

“The Mark II version currently still resident on the police intranet is in reality no more secure than the first version,” Mr Borsak said. “It takes nothing for criminals to easily break what is at best nominal Microsoft login security.”

While the Auditor-General’s report did not specifically mention data held by the NSW Firearms Registry, it’s findings appear very relevant to the current situation for gun owners.

“The government is not able to provide assurance that it is safeguarding its holdings of sensitive personal information because its policy has not been properly implemented,” the report stated.

“This is likely to remain the case until there are clear, mandatory, minimum standards that agencies sign up to, and scrutiny of performance against these standards is strengthened.”

The report recommended senior agency officials be accountable for the security of information, and it be made clear that failure to protect the data was a serious and possibly punishable matter.

Gun owners’ details have been accessible by police volunteers and were apparently even lost off the roof of one police car, but the lack of care over information security appears to be a top-down problem, not just within the police and other agencies, but in government.

“There has been an absence of clear direction and strong leadership to ensure that people’s private details are held securely by all government agencies,” the audit said.

“A fundamental re-think about electronic information security is needed.”

Mr Borsak cited three major questions about firearm owners’ data that he wanted answered: “Why was the database set up on an insecure intranet site? Who in the police hierarchy is responsible for such negligence? Who in police will be punished for gross professional breach of duty of care?

“It’s not good enough for Assistant Commissioner Alan Clarke to say they have no evidence of a breach of the data, when any idiot would know that the open database does not and cannot record who has accessed it. By definition access is not recorded.”

He accused senior police of a cover up over the issue as they tried to avoid blame for any data breach.




Like it? Share with your friends!

What's Your Reaction?

super super
fail fail
fun fun
bad bad
hate hate
lol lol
love love
omg omg
Mick Matheson

Mick grew up with guns and journalism, and has included both in his career. A life-long hunter, he has long-distant military experience and holds licence categories A, B and H. In the glory days of print media, he edited six national magazines in total, and has written about, photographed and filmed firearms and hunting for more than 15 years.