This is a report of an own-motion investigation by the Integrity Commission (the Commission) into the policies, practices and procedures of Tasmania Police in relation to unauthorised access to, and misuse of, information by police officers.
As an own-motion investigation, it was not triggered by a complaint but by the Commission’s recognition, along with similar jurisdictions interstate, that significant advances in technology have increased the risk of information abuse within the public sector. The broad purpose of the investigation was to better understand how Tasmanian public sector organisations manage information and associated risks, enabling greater focus on good practice.
Tasmania Police was selected as the subject of the investigation because its work, to a greater degree than many other public sector organisations, relies on information. The abuse of information by public sector employees has the capacity to significantly erode public trust. It can also impact adversely on the work of an organisation, and in some situations may be a threat to safety. It is essential to police credibility that information is adequately protected from unauthorised access and use.
It is the also the job of police to investigate potentially criminal allegations against other public sector employees. In some respects, Tasmania Police is the gatekeeper for the appropriate management of serious information abuse by Tasmanian public sector employees more generally.
This report includes a review of options for penalising information abuse across Australia. The review indicates that in Tasmania, options for prosecuting serious information abuse by public sector employees are more limited than in other jurisdictions. The Commission has determined that it is a matter for the Parliament of Tasmania as to whether this should be changed. We have, however, made one specific recommendation for legislative review.
The report also describes good practice management of information by the public sector, and examines Tasmania Police policies, practices and procedures. It explains that organisations should have simple and clear policies and procedures, adequate information security measures, and should cultivate good organisational culture and awareness. Public sector organisations must also be prepared to enforce their policies and procedures, through either the disciplinary or legal system as appropriate.
This investigation has found that, overall, Tasmania Police policies, practices and procedures are adequate and appropriate. This is reliant on Tasmania Police maintaining its current focus on information management. Areas in which the organisation is to be particularly commended are the processes used in the ongoing audits of access to information, the newly drafted clause in the Tasmania Police Manual and the new conduct and complaints management system, ‘Abacus’.
While the investigation found that in most respects Tasmania Police meets good practice standards, we have made some specific suggestions for improvements. The most important suggestion is that the organisation should be more prepared to enforce its policies and procedures when investigating alleged information abuse.
Finally, it is important to note that while this investigation was thorough, independent and undertaken with the full cooperation of Tasmania Police, it was limited in two respects: we v did not survey all police officers and thus did not obtain a complete picture of police views on this issue; and we do not have direct and independent access to the Tasmania Police complaints database.
Related content: Media release