Note: Where available, the PDF/Word icon below is provided to view the complete and fully formatted document
 Download Current HansardDownload Current Hansard    View Or Save XMLView/Save XML

Previous Fragment    Next Fragment
Thursday, 8 February 2007
Page: 8


Mr Kelvin Thomson asked the Treasurer, in writing, on 14 September 2006:

(1)   For each financial year since 1 July 2000, on how many occasions have departmental employees accessed files or records without proper authorisation.

(2)   In each instance identified in Part (1), (a) what action was taken against the employee and (b) if the unauthorised access involved customer records, in how many instances was the customer notified.

(3)   Are employees able to access personal or customer files without (a) being detected, or (b) leaving a record of their access.

(4)   What auditing procedures exist to monitor employee access to files and records.


Mr Costello (Treasurer) —The answer to the honourable member’s question is as follows:

(1)   There have been no instances of Treasury staff accessing electronic or paper records inappropriately during the identified timeframe.

(2)  

(a)   Not applicable.

(b)   Not applicable.

(2)  

(a)   Treasury employees are unable to access personal or customer files without proper authority. The paper based records are contained in a secure room with only authorised personnel able to access the room via swipe card.

(b)   Access to the Treasury Human Management Information System (HRMIS) and Electronic Records Management System (ERMS) is controlled by user ID and password. Further restrictions are imposed by the use of security profiles that are established to grant the required access to users.

(4)   The Treasury systems have inbuilt audit trails for accessing the system and modification of records contained in the system. The HRMIS and ERMS system controls and processes are audited annually to ensure that changes to the information are completed in accordance with the requirements of the employee on a need to know basis. The audit includes a review of system access. Viewing of personal files by employees require them to make an appointment and the viewing is supervised to ensure the integrity of the records is maintained.