Agency's top brass so far dodge breach bullets

VERNON SMALL
Last updated 05:00 03/11/2012

Relevant offers

Opinion

Can we trust claims by Hager and Stephenson about SAS raid? Editorial: The Government is right to proceed cautiously on vaping Anne Tolley: Complete overhaul of care system starts today Karl du Fresne: Let truth and falsehood grapple over the Hager-SAS stink Replacing the Resource Management Act is a job that shouldn't wait any longer There was more than just beef on the menu for China's Premier Li Keqiang's visit Rosemary McLeod: The drive to humiliate the young - and those who go to war Editorial: Striking disagreement over SAS raid is more cause for an inquiry Joe Bennett: Every time we suffer the indignity of security searches, terrorists win Terry Bellamak: Abortion does not belong in the Crimes Act

So four lowly ranked heads are on the block over the unforgivable security lapse at the Social Development Ministry.

OPINION: As an interim step, it is a reasonable response to the "damning" Deloitte report, which found "woeful" failures at the ministry - and those are just the words of chief executive Brendan Boyle.

The legal rights of those workers - presumably middle IT management - are being handled with the required caution.

But that still begs the question of whether it is a case of "the worker wot gets the blame" while the executives escape with their salaries and bonuses intact.

That will only be answered by a second report looking into the systems and culture at the ministry. But it will be extraordinary if all the failures are left resting on the shoulders at the bottom of the pile.

Among papers released yesterday was the ministry's 2006 risk-management manual that makes clear where responsibility rests.

It is hard to see how "monthly discussions relating to risk management and mitigation" at deputy chief executive level or a rule that all risks be "documented, rated, managed and monitored in a comprehensive manner" by general managers allowed urgent risks picked up last year by Dimension Data to "drop off the radar".

How could the risk presented by 700 public terminals, linked to the main servers, not be the responsibility of a senior manager somewhere in the system?

Privacy Commissioner Marie Shroff found it "unfathomable" the Dimension Data revelations were not addressed at the highest level, and she expects the second report to "ask some penetrating questions".

Meanwhile the ministry is doing itself no favours in the way it is advising those affected by the leak. Sure, Keith Ng and Ira Bailey, who accessed the data, pledged it went no further.

But the ministry cannot be certain there were no other privacy breaches. It is unclear who was behind a similar one on October 4, the day before Mr Bailey reportedly accessed the system.

Yet Mr Boyle said only 10 people, with the most sensitive privacy issues, would be told out of the 1432 whose data was accessed.

It is out of kilter that an agency that allowed such a major lapse should then arbitrate on how serious it was and who should be told. Those not informed include some facing benefit fraud investigations.

Mr Boyle seemed to think a public apology would suffice.

He should ponder Ms Shroff's advice. "There's been far too little focus on the fact that there are real people behind the information that government agencies hold."

Ad Feedback

- Fairfax Media

Special offers

Featured Promotions

Sponsored Content