Transport & Infrastructure
A Data Breach Investigation
A Workplace, Conduct & Risk case study
A large state Government agency, tasked with delivering infrastructure programs, was undertaking confidential negotiations with parties regarding an infrastructure project. Confidential information from the agency made its way into the media, breaching agency Code of Conduct guidelines.
OCM has experienced and qualified personnel to undertake fact finding and root cause investigations into high profile incidents. OCM were engaged to enquire into and understand why and how the breach occurred. Our investigation focussed on:
- Assessing data from ICT log systems to understand who had access to the confidential information;
- Undertaking a root cause analysis to understand how the information was released publicly. Our root cause analysis looked at the organisational, environment and human factors that facilitated the release of the information;
- Considering whether any person at the department engaged in inappropriate conduct;
- The systems and practices of the department and whether they could improve to prevent a similar situation arising again.
Our approach commence with a forensic process involving interrogation of ICT systems holding confidential information and nominated email accounts to understand the flow of email threads. OCM then moved through a fact finding data gathering process via reviewing department information and interviewing stakeholders. In conducting the investigation, we completed the following:
- Review of department information, including confidentiality classification systems and documentation involving standards of behaviour such as the Department Code of Conduct.
- Comprehensive engagement with a number of staff over a short period of time. Due to the profile of the matter OCM responded to the work urgently and two consultants interviewed a large group of people over two days.
- Delivered a fact finding report that prioritised recommendations for critical/immediate attention, and longer term. The report also commented on whether the information indicated that persons may have failed to properly protect confidential information.
- Recommended changes in process to strengthen controls to prevent the release of unauthorised information. Specific recommendations were made in relation to emphasising confidentiality for contractors and seeking assurance from external contractors about the security of their ICT systems.
- Recommended changes in process to help detect the release of unauthorised information. Specific controls included actively monitoring ICT breaches such as unauthorised attempts to access secure documents and monitoring of emails / emails blocks on key words.
For other Workplace, Conduct & Risk case studies refer to Department of Justice Taskforce, Parramatta Square Redevelopment, Investigation into suspected employee misconduct, Investigation of a Public Interest Disclosure; Critical Incident Investigation.