Media release: Mitigating the risks of privacy breach through staff education
Queensland’s Office of the Information Commissioner’s audit report on mitigating the risks of privacy breach through staff education has been tabled in Parliament today (29 November 2022).
The inadvertent or deliberate disclosure of personal information can have serious consequences for the individual whose privacy was breached, the agency storing the information and the employee. Since completing the audit, Australia has seen some of the largest corporate data breaches when the personal information of millions of Australians was breached as a result of cyberattacks on Optus and Medibank Private.
All public sector agencies need to take heed of this as a reminder of the devastating impact a breach can have on the people affected and the reputation of the agency involved. One risk mitigation strategy they can adopt is to train and educate their employees about information privacy and information security. Government agencies need to make sure their employees are aware of their obligations when it comes to protecting the personal information of Queenslanders.
Our audits have helped agencies entrusted with personal information improve their practices to minimise the risk of harm and privacy breach. This audit examined the practices in place in three government agencies. It follows on from our 2018 recommendations to all agencies and incorporates some of the findings from Crime and Corruption Commission’s February 2020 report on Operation Impala into misuse of confidential information by public sector employees.
Queensland Information Commissioner Rachael Rangihaeata said, “When agencies implement all recommendations, they improve the effectiveness of their training and education on privacy and information security. This will help mitigate the risk of privacy breaches.”
The three agencies mandate periodic refresher training and have set up systems and processes to monitor and report on completed training. They have also updated their training material to better reflect policies and procedures and include practical scenarios.
“Ensuring government employees have appropriate education and training is critical, and a relatively simple risk management strategy for agencies. Human error is still a key factor in privacy breaches and security risks that can have serious consequences for everyone involved,” Ms Rangihaeata said.
The Information Commissioner reminds all Queensland government agencies to assess their own progress in implementing the four recommendations to all agencies in the 2018-19 report, and take appropriate action to protect the personal information of Queenslanders.
Media contact: Training and Stakeholder Relations
Phone: 32347373
