Electronic information security

Read the full text

PDFElectronic information security

21 October 2010The Government of New South Wales is not able to provide assurance that it is safeguarding its holdings of sensitive personal information because its policy has not been properly implemented, concludes this audit.

The public sector legitimately gathers and uses personal information about citizens, and shares it within and outside government. But personal information can be misused with potentially serious consequences. If the wrong people get access to sensitive personal information an individual can suffer financial loss or damage to their credit rating, have their medical records compromised, or suffer from threats and harassment.

The people of NSW have every right to expect their and their families’ private details are secure regardless of which government agency holds it. The Government’s current policy on Security of Electronic Information acknowledges its duty to safeguard its large information holdings and to provide credible assurance that it is doing so. Under the policy, agencies were to establish and maintain an Information Security Management System (ISMS) that complies with the international standard and covers all electronic information. They were to get and keep the main parts of their ISMS, including the parts that hold sensitive private information, certified to that standard. And the Government Chief Information Office was to survey agencies each year and report to Cabinet.

This audit assesses the extent to which the Government can provide assurance that it is safeguarding its holdings of sensitive personal information. The audit does this by examining how well the Government’s policy has been implemented.

It concludes that the NSW Government is not able to provide assurance that it is safeguarding its holdings of sensitive personal information because its policy has not been properly implemented. This is likely to remain the case until there are clear, mandatory, minimum standards that agencies sign up to, and scrutiny of performance against these standards is strengthened.

Publication typeReport
Publisher TypeGovernment or Gov agency
CoverageAustralia, New South Wales
Permanent URLhttp://apo.org.au/node/22976
Views2499

Related Topics

Information management

Privacy

State government

Technology policy

Transparency

Creative & Digital

Politics

Related content

Most viewed: This week

1
Web and Information Coordinator - Australian Policy Online (Position number: 29499)
2
Evidence-free policy making? The case of income management
3
Legal and governance models for shared services in local government
4
Smart technologies for older people
5
Can nations measure well-being?

Noticeboard

Australian Community Sector Survey
03 May 2012

Strengthen our voice - take part in the Australian Community Sector Survey

There's just under two weeks to go for Victoria's community sector organisations to help us provide an authentic snapshot of the state of demand for services in the state.

Review of Australian Contract Law
22 March 2012

The Attorney-General's Department has launched a new inquiry to explore the scope for reforming Australian contract law. There will be a three-month consultation period.

Women's Health Victoria survey now open
08 March 2012

Women's Health Victoria (WHV) is a statewide women's health promotion, information and advocacy organisation, working with policy makers and health professionals to influence and inform health policy and service delivery.

The online survey is open to anyone who has used WHV's services, resources, or websites in the past 12 months. It covers: WHV publications, professional training, The Index database of gendered statistics, WHV Clearinghouse, BreaCan Service (supporting people diagnosed with breast or gynaecological cancer), capacity building, member services, and more.

Topics

APO