The Western Australian anti-corruption agency has slammed the Department of Transport (DoT) for its reluctance to treat unlawful access to a government database as serious misconduct.
The Corruption and Crime Commission’s latest report, tabled on Thursday, looked at instances of unlawful access to the Transport Executive and Licensing Information System (TRELIS) — a system used to deliver vehicle and driver licensing and registration services in WA.
Despite TRELIS holding the most personal information about members of the public out of all the WA government databases, more than 3,000 people are authorised to use it. This includes DoT staff, agents at local government shires, community centres, federal government agencies, private organisations, and WA Police.
Unlawful access to TRELIS is a criminal offence and is defined as serious misconduct under state corruption laws. Despite this, a review conducted by the corruption watchdog found that ‘DoT is reluctant to treat unlawful access to TRELIS by authorised users as serious misconduct’, and instead treats it as a ‘mere conflict of interest’.
“DoT does not accept that accesses to TRELIS which are not in the course of a user performing official duties, are outside the scope of the authority given to the user and are therefore unlawful. DoT’s position is not correct,” the CCC said.
“It is not consistent with legislation, nor is it in the interest of the public whose personal details are potentially accessed and disclosed. Unlawful access to information in TRELIS facilitates other more serious criminal behaviours, such as organised crime or stalking. DoT should consider referring matters involving the unlawful access to TRELIS to the WA Police Force.”
The review looked at more than 100 alleged incidents of unlawful access. It found some of the reasons for improper access to the system included viewing of the user’s own driver licence details, renewing a family member’s vehicle registration, or obtaining information to share with family or friends.
In one case, a DoT employee searched, accessed and triggered TRELIS alerts 22 times over the course of 19 months, by searching their own name and vehicle registration, as well as the name of someone they shared an address and surname with. While this employee’s partner owned a transport company, the department did not check whether the employee had submitted a conflict of interest declaration for this association, which the CCC said was concerning.
The commission was also concerned that the department believed the incident ‘did not meet the requirements of serious misconduct’, as the employee ‘did not reveal any corruption or intent to deceive’.
The CCC has criticised DoT’s response — or lack thereof — to instances of unlawful access to TRELIS, deeming the department’s actions as ‘inadequate’.
“DoT’s lack of action in respect of unlawful access of information in TRELIS promotes a culture of acceptance of the use of TRELIS for personal reasons,” the commission said.
“In the absence of any findings of serious misconduct and any disciplinary action, there is no deterrent for users to refrain from accessing TRELIS for personal or other unlawful purposes.”
The commission has also identified broader concerns with DoT’s management of serious misconduct risks, including a lack of basic enquiries into alleged incidents of unlawful access and an inconsistency in the actions taken.
The report noted that DoT has made some changes to policy and procedures in response to the commission’s review, including implementing an updated TRELIS access framework in December 2020 and conducting a series of presentations to DoT employees.
However, the commission has argued that more must be done, and has made four recommendations to the department. This includes the implementation of clear policies and procedures; a consistent triage and investigation process; effective activity alerts; and defined memorandums of understanding with all external users.
The CCC said everyone in a position that allows them to access personal information about members of the WA public should take note of the report’s findings.
READ MORE:
Any feedback or news tips? Here’s where to contact the relevant team.