Legislative Assembly for the ACT: 2021 Week 13 Hansard (Tuesday, 30 November 2021) . . Page.. 3868 ..
What is also concerning but, sadly, has become all too frequent with this government, is that these issues in relation to inadequate data management were raised with the government by the Auditor-General in his report last year on data security. The Auditor-General concluded in his report:
ACT Government agencies have not clearly understood the risks and requirements of securing sensitive data, and are not well placed to respond to a data breach.
In the response to the Auditor-General’s report, the government supported every single recommendation that was made and promised to take action against them. Once again, we see this Labor-Greens government doing what it does best: talk the talk and fail to walk the walk.
The ACT government has access to sensitive, personal and commercially confidential data about Canberrans. It is an enormous privilege, as the government of the day, to be entrusted with such sensitive data, and with this privilege comes responsibility. This incident has led to an enormous breach of trust and faith in this Labor-Greens government’s data management and security.
To ensure that incidents like this do not occur again, immediate and strong action must be taken. This is why it is absolutely vital that there is an independent and external review of this incident, not only so that we can determine whether ACT government data security protocols are adequate but so that we can put mechanisms in place to prevent any future gross breach of privacy.
If this Labor-Greens government has nothing to hide, it should have no problem with agreeing to an independent external review. The onus is on us, here in this place, to make sure that this does not happen again. I commend my motion to the Assembly.
MR STEEL (Murrumbidgee—Minister for Skills, Minister for Transport and City Services and Special Minister of State) (3.29): I would like to take the opportunity to set out some of the facts on this matter as the ACT government currently understands them. In 2018, de-identified information relating to historic workers compensation claims was published on the Tenders ACT website as part of an ACT government procurement process. This tender was part of the ACT government’s transition to become a self-insurer and move away from Comcare as the assessor of workers compensation claims for ACT government employees.
The tender was to estimate the costs and provide accurate quotes. It was necessary to provide tenderers with information about the number, nature and duration of the claims that would require management. The spreadsheet in question was provided for that purpose and included redacted, de-identified information about ACT government workers compensation claims.
As my amendment to Ms Lee’s motion that is now in circulation notes, I want to assure current and former ACT government public servants that the spreadsheet that was provided did not include names, dates of birth, addresses, contact details,