IBAC warns that misuse of personal information could amount to corrupt conduct

Local governments collect and manage a considerable range of personal information when delivering services which are so integral in our daily lives. The flipside is the potential risk of corruption when this information is then used or disclosed, in a way which breaches the laws designed to protect that information. The Independent Broad-based Anti-corruption Commission (IBAC) has released a report in November 2020 which puts the spotlight on the misuse of personal information held by local government and where these corruption risks are most likely to occur, along with providing prevention and detection strategies.

The Unauthorised access and disclosure of information held by local government report asserts misuse of personal and other information by local government employees or councillors can amount to corrupt conduct, and urges local governments to improve how they protect the information they hold. Misuse includes unauthorised access to, and/or disclosure of, information.

Potential for corrupt conduct

An analysis of IBAC’s investigations showed approximately 60 per cent of all investigations have included some form of information misuse, although this may not have been the original allegation investigated. It is suspected that such breaches are underreported. It has been further discovered that councillors are typically more likely to conduct breaches than local government employees, but this might also be because there are further motivations to report breaches by councillors, such as reports made by rival councillors.

Specific examples of areas where IBAC found corrupt conduct most likely to exist were:

• employees and councillors using their positions for financial benefit in land and planning matters
• accepting or soliciting a bribe for official information
• unauthorised disclosure to associates.

Corruption risks

As a result of extensive variation amongst local governments, corruption risks are relative to their varied working environments. IBAC’s report identified three specific risks related to information access and disclosure, which include:

• procurement of goods and services – the lack of uniform governance arrangements across individual local governments leaves the door open for information misuse; and does not allow local governments to detect where anomalies occur
• information sharing between councillors and employees – inadequate policies or guidelines are in place, or in some cases not followed, for example how employees provide information and advice to councillors
• deficiencies in information system controls – the Victorian Auditor-General’s Office found information system controls were a key area of weakness across the sector, according to an audit of local government in 2015/16. Some issues related to outdated security systems or updates, poor password policies, and the use of outdated and insecure software.

Recommendations from IBAC

To ensure local governments improve their handling of personal information, in its report, IBAC provided a number of prevention and detection strategies such as the following:

• adoption of the Victorian Protective Data Security Framework  which would assist information security by applying reasonable controls. In addition, increased reporting of information security breaches, including suspected corrupt conduct, should be implemented
• training, reporting and cultural change: an initiative to combat underreporting would be to improve awareness of how information misuse can constitute and enable corrupt conduct. Additional training in handling official and security-classified information will complement educational programs and improve understanding of data security amongst employees. These can be tailored to specific local governments.

Lessons

Key to stamping out misuse of information in local government is creating a culture of enhanced integrity. Local governments should start by reviewing internal policies and information management frameworks, creating reporting guidelines and training staff to understand where their responsibilities lie and where risks may be created.

Authors: Emily Booth & Luke Flegeltaub

Disclaimer
The information in this publication is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, we do not guarantee that the information in this newsletter is accurate at the date it is received or that it will continue to be accurate in the future.

Published by:

Emily Booth

Luke Flegeltaub

Share this