Thursday, November 14, 2019

You Don’t Really Believe You Can Trust People Who Have Access To Government Databases Of Your Personal Information To Do The Right Thing Do You?

This appeared last week:

Queensland police 'brought into disrepute' by computer system misuse, says commissioner

Exclusive: Katarina Carroll’s statement was emailed to officers across the state on Wednesday
The misuse of Queensland police computer systems by current and former officers has “brought our organisation into disrepute”, the police commissioner, Katarina Carroll, has said.
Carroll’s statement, emailed to police across the state on Wednesday night, was made ahead of hearings by the Crime and Corruption Commission into public-sector data misuse and several high-profile cases that have highlighted the extent of the problem.
The commission will begin hearing public evidence on Monday. The process is expected to lay bare the extent of a situation described by civil liberties groups as a systemic problem that had caused the public to lose trust in police.
Carroll’s email appears to be an attempt to underscore police efforts to acknowledge and manage the problem before the hearings begin.

She said two formal commissioner’s directives were issued to all members of the Queensland Police Service (QPS) in March 2016 and December 2018 in relation to use of information systems without an official purpose.
“Despite these two directives, a small number of current and former members have failed to comply with these directives,” Carroll said.
“Each of these individuals have faced criminal and/or disciplinary action for accessing and misusing information stored within QPS computer systems. The actions of these individuals have brought our organisation into disrepute and, in some respects, overshadowed the outstanding and important community work performed by members on a daily basis throughout the state.
“My message to all members is clear: accessing QPS confidential information without a purpose related to your official duties is both a criminal offence and misconduct. Every information misuse complaint will be considered for criminal charges. Curiosity or personal interest is not an acceptable reason to access QPS information.
“The community, government agencies and non-government agencies entrust all of us to responsibly and appropriately handle confidential, private and sensitive information.”
Carroll’s comments lay blame at the feet of individuals, though questions remain as to whether the police auditing practices are robust enough to detect and deter rogue police, and whether security of the QPrime data system is adequate.
Lots more here:
This sort of abuse makes one wonder if the System Operator of the #myHealthRecord is running routine scans of the audit logs of the system to detect any unauthorised authorised user access, if you see the issue. I may have missed it – but we do see lots of reporting of penetration testing and unauthorised access – but I have not seen much comment on looking for ‘friendly fire’!
Does someone know how the System Operator monitors unwarranted authorised user access?
David.

No comments:

Post a Comment