Page 3701 - Week 12 - Thursday, 25 November 2021

Next page . . . . Previous page . . . . Speeches . . . . Contents . . . . Debates(HTML) . . . . PDF . . . . Video


Of course, led by the Chief Digital Officer there is a significant program of engagement with directorates around cyber security, and we have outlined measures in recent budget to improve cyber security in the territory. We are consistently as part of a continuous improvement approach looking at how we can improve cyber security both in terms of hardware but also the knowledge and capability of directorates. We will continue to work centrally to support directorates to do that. If there has been a breach the findings will no doubt be used in that continuous improvement process in the future, but we have yet to determine whether there has been a breach.

MR HANSON: Minister, will you be taking responsibility for this breach of Canberrans’ privacy? If not, who is responsible?

MR STEEL: I refer the member to the answer to the last question, which is that we have not determined whether there has been a breach in this particular case. We will be undertaking a review of this matter. I take responsibility for implementing any recommendations and actions that come out of that review.

MR CAIN: Minister, why would you expect the ACT community to trust you with their private information given this severe breach?

MR STEEL: Because we take any issues raised with us seriously. We are looking into that matter through a review by the privacy officer in CMTEDD to make sure we have met all ACT government policies and protocols in relation to privacy and information. It is necessary—as in this particular case—to be able to go out to the market in order to procure services, and from time to time that may involve the release of government information. An attempt was made to ensure that information was redacted so it could not identify people involved, and we will look to see whether those protocols have been met in this case and whether any actions and measures may be required in the future to improve our processes.

Health Records (Privacy and Access) Act—data security

MR PARTON: My question is to the Minister for Health. Minister, in 2018 you were the minister for industrial relations and presided over the establishment of the ACT’s workers compensation self-insurance arrangements. Now, as health minister, you administer the Health Records (Privacy and Access) Act 1997. When this Assembly debated amendments to the COVID-19 Emergency Response Act 2020 a couple of months ago, you did not support opposition proposals intended to ensure that COVID-19 check-in data could not be accessed by law enforcement agencies or misused by public servants. After the massive data breach involving nearly 30,000 workers compensation claims by ACT public servants, reported in the Canberra Times today, how can anyone trust you or the directorates that you administer with their personal health data?

MS STEPHEN-SMITH: I thank Mr Parton for the question. I think he is drawing multiple long bows there. I think the fundamental answer to the question is that the amendments that were put forward by the opposition did not actually achieve what Mr Parton has claimed they would have achieved. The amendments the government


Next page . . . . Previous page . . . . Speeches . . . . Contents . . . . Debates(HTML) . . . . PDF . . . . Video