IBAC warns of corrupt misuse of personal information held by local government

Victorian councils need to improve how they protect the information they hold, according to a research report released today by the Independent Broad-based Anti-corruption Commission.

IBAC's report Unauthorised access and disclosure of information held by Local Government analyses risks associated with the unauthorised access and disclosure of information by local government.

The report also warns that the misuse of information by local government employees or councillors may constitute corrupt conduct.

IBAC Deputy Commissioner David Wolf, when speaking at the Local Government Freedom of Information Forum said, "Victoria's councils need to manage a wide range of official, sensitive and confidential information, including personal and business details of ratepayers, planning, development and other business information to fulfil their functions.

"Protecting this official information from misuse is critical to ensuring the safety of the community, to support the proper use of public money for local government programs and services, and helps to maintain the community’s confidence in their local council," Deputy Commissioner Wolf said.

"Any unauthorised access or misuse of information matters because it adversely affects the willingness of the public to provide information that is necessary for councils to function properly and importantly, it damages community trust and confidence in local government."

The IBAC report advises what local councils can do to address these risks.

"Given the recent council elections, the findings of this report present a timely opportunity for all councils to build their corruption resistance, including for newly elected councillors, by strengthening their systems, processes and controls," Deputy Commissioner Wolf said.

"IBAC's research and investigations show that misuse of information is a key enabler of corruption, and the increasing reliance on technology in workplaces has made it easier to misuse information, either intentionally or unintentionally.

"While there are shared corruption risks across both parts of local government - local government employees and elected councillors – the corruption risks and drivers for each of these groups differ and need to be considered separately by councils."

Councils can better prevent and detect misuse of information by adopting the Victorian Protective Data Security Framework for improving information security, increasing information security training, conducting comprehensive audit programs to identify and deter misuse, improving procurement processes, and raising employee and community awareness of risks and the importance of reporting incidents when they occur.

This report is the third in a series of IBAC reports on corruption risks associated with unauthorised access and disclosure of information. Previous reports focused on state government bodies and Victoria Police.