Just on the heels of my earlier post about UK plans to dissolve privacy protections, Australia sends a stark warning about the damage that can be done by staff entrusted with your data.
Centrelink is the federal agency for welfare and social security in Australia. Thus, their staff have access to a huge amount of information about Australians. News about privacy violations they are dealing with was reported by ABC
Hundreds of Centrelink staff have been caught inappropriately looking up the records of friends and ex-lovers.
The privacy breaches were uncovered using specially designed spyware software.
As a result of a two-year investigation, Centrelink has uncovered nearly 800 cases of what it has described as inappropriate access by staff to customer records.
Nineteen staff have been sacked and nearly 100 resigned when they were confronted with the allegations.
Administration and customer care tools carry big risks with them. On the one hand companies want to give their staff simple and easy access to customer data to ensure support is smooth, but on the other hand companies have an obligation to protect customer data from exposure.
It can be expensive to do thorough background checks, and develop specific role-based controls, so many organizations try to get around these preventive measures to save money. In this case, detective controls were able to catch the abuse, but the “friends and ex-lovers” comment gives a big hint related to personal motives that companies often overlook when they factor the safety of data from internal attacks.