http://www.australianit.news.com.au/story/0,24897,22317999-15306,00.html By Ben Woodhead August 28, 2007 FRAUD detection systems have uncovered a rash of privacy breaches at the Australian Taxation Office as employees flout tough data protection rules despite ongoing monitoring and training. The sweeps of data access logs led to three sackings during the 2007 financial year and another nine staff resigned after the ATO detected unauthorised access to taxpayer records. The breaches came despite extensive privacy education programs at the agency and closely matched the 24 instances of tax officers inappropriately accessing client information that were uncovered in the 2006 financial year. "While no level of unauthorised access is acceptable, in an organisation of about 22,000 people it is inevitable that a very small number of people will be tempted to do the wrong thing," an ATO spokeswoman said. "Access to taxpayer records is limited to staff members who have a business need to access that information. Accessing taxpayer records, including an officer's own records, those of friends, relatives or others, is unauthorised access." The latest privacy breaches were detected during systematic checks of access to taxpayer records, which can trigger probes with powerful data mining tools if instances of inappropriate access are suspected. The systems used by the ATO, whose fraud awareness training has been taken up by international revenue collection agencies, are similar to those deployed at other federal agencies and departments including Medicare Australia and the Child Support Agency. Last week the agency and Medicare confirmed that they had uncovered dozens of instances of employees spying on client records after they upgraded computer systems used to monitor information access. The agency is considering whether to pursue criminal charges against three workers who resigned after they were found accessing customer records without proper authorisation. Medicare confirmed 49 instances of inappropriate access during the 2007 financial year and is investigating another 35 possible breaches during the period. The agency strengthened its fraud protection systems in November while Medicare introduced a new detection platform modelled on Centrelink data matching rules last financial year. A number of other federal agencies, such as the Department of Immigration and Citizenship, use software systems to monitor and track unauthorised access to client records. The tax office spokeswoman said the agency did not consider all cases of inappropriate access to records to be privacy breaches. "A breach of privacy is where records of others have been accessed without knowledge or permission," she said. "Sixteen of the cases involved a breach of privacy." The spokeswoman said the tax office pursued court action against four employees caught breaching taxpayer privacy. The employees were found guilty and received sentences ranging from good behaviour bonds to prison terms. Disciplinary action against other tax officers caught in the sweep included fines, pay cuts, demotions, counselling and a letter of caution from the Director of Public Prosecutions. Copyright 2007 News Limited. ____________________________________ Attend HITBSecConf2007 - Malaysia Taking place September 3-6 2007 featuring seven tracks of technical training and a dual-track security conference with keynote speakers Lance Spitzner and Mikko Hypponen! - Book your seats today! http://conference.hitb.org/hitbsecconf2007kl/
This archive was generated by hypermail 2.1.3 : Tue Aug 28 2007 - 22:32:02 PDT