During 2015–16, the Integrity Commissioner provided two reports of concluded investigations to the Minister.
Report 01/2016–Operation Galaxy–A joint investigation into the conduct of an Australian Crime Commission ICT staff member
Sensitive information is a key asset, held on trust by government agencies to achieve beneficial ends for the public good they serve. Information and Communications Technology sections within agencies that have law enforcement capabilities pose particular integrity and security challenges, because of staff members' high levels of technical expertise, wide access to sensitive information, and the privilege to modify records and systems.
In September 2014, the ACC notified the then Acting Integrity Commissioner, Mr Robert Cornall AO, of information suggesting that a person employed by the ACC had accessed and handled official information without proper authority.
The investigation–which was conducted jointly with the ACC–established that the staff member had, without authority, downloaded cloud-based software to an ACC computer and had stored some ACC information in a personal cloud-based account, rendering it less secure. No evidence was found that ACC information had been disclosed to any third parties.
Having reviewed all of the evidence, the Integrity Commissioner was persuaded that there was no corrupt motive attaching to the staff member's actions.
The ACC has since added additional security measures to assure the integrity of its ICT systems, records and staff. Accordingly, no recommendations were made as a result of this investigation.
The results of the investigation have been provided to the Attorney-General's Department and the Australian Signals Directorate to inform the further development and implementation of the Australian Government Protective Security Policy Framework.
The Operation Galaxy report is available on ACLEI's website, www.aclei.gov.au.
Report 02/2016–Operation Hadron–A joint investigation into the conduct of an Australian Crime Commission staff member concerning information security and a conflict of interest
Public officials have a general duty not to disclose official information without proper authority. In a law enforcement agency, the need to protect information is especially important. Any staff member of an agency with law enforcement functions may have access to information, contacts or decision-making capability which may be of use to criminals. To help protect against compromise, staff members of law enforcement agencies are expected to declare any relationships or associations that may lead to a conflict of interest with their duties or the functions of the agency.
This investigation, which was conducted jointly with the ACC and ACT Policing, concerned the conduct of an ACC staff member who had a non-operational role. In the course of normal duties, this staff member had incidental access to sensitive information.
The investigation established that the staff member–who was on temporary transfer from another Commonwealth Government agency–had an undeclared association with a suspected drug dealer. While under surveillance, the staff member copied a document relating to that person and took the copy from ACC premises.
No indication was found that the information had been communicated to the suspected drug dealer or that the staff member had sought employment with the ACC for an improper purpose.
During the investigation, the Integrity Commissioner disseminated relevant evidence to the ACC and the staff member's home agency. ACLEI has also provided a brief of evidence to the Commonwealth Director of Public Prosecutions.
Having regard to the prospect of court proceedings and disciplinary actions, the Integrity Commissioner decided to reserve indefinitely any findings.
The ACC has in place pre-employment screening processes that are generally effective. Despite these measures, the investigation shows the risk which arises when a staff member exposes himself or herself to the potential for compromise, and fails to disclose it.
The ACC has since strengthened the guidance it gives to new staff about their obligations to report potential conflicts of interest and has scheduled integrity refresher training for all staff. Accordingly, the Integrity Commissioner made no recommendations.
The Operation Hadron report has not been made public, pending the outcome of court proceedings.
In 2015–16, there were no recommendations from previous years that had not already been implemented.