The Commission’s April 2020 report revealed how two auditors accessed confidential information that had not been properly protected within OAG systems.
It also made a startling discovery of sensitive audit data that had been improperly retained and stored on an OAG laptop.
The Commission recommended the OAG review its procedures to ensure that following OAG audits, data is only retained in a secure location.
In April 2021, the Commission commenced a review of the OAG's response. The OAG provided the Commission with a comprehensive and transparent response during the review process.
The OAG has assured the Commission that continued improvements will remain a focus given the cyber landscape in which they operate. The Commission commends its approach and continued commitment to reducing serious misconduct risks around data management.
The Commission continues to emphasise the importance of all public sector authorities securing private information. Access to sensitive information should remain for legitimate work-related purposes and no other.