Internal misuse of information and communications technology by public sector employees ICT may be both the target of criminal activity, as well as a tool used to facilitate criminal acts (Choo, Smith & McCusker 2007). Instances of misuse of ICT within the public sector may fall within the definition of fraud provided in the Commonwealth Fraud Control Guidelines 2011 (the Guidelines), namely ‘dishonestly obtaining a benefit, or causing a loss, by deception or other means’ (AGD 2011: 5). According to KPMG (2013), the most concerning frauds against organisations are those perpetrated by employees, as they tend to be committed for longer periods and may cause more reputational damage than external fraud. Over a three year period between 2008 and 2011, the estimated value of internal fraud against the Commonwealth has steadily increased, from $1.9m in 2008–09 (Lindley & Smith 2011) to $3m in 2010–11 (Jorna & Smith 2013). Internal misuse of ICT is an important area of concern as employees are often placed in a position of trust, which provides them with electronic access to personal information and records. Prior research has shown that in some instances, there are few checks on an employee’s access (Smith & Jorna 2011). The outcomes of internal misuse can be damaging to the organisation and in the case of the public sector, taxpayers’ confidence. There are significant implications of misuse of ICT in the public sector, particularly owing to the amount of data that are held about individuals by governments. For example, data held by different tiers of government may include: · health, income, employment and education information; · details about contact with the criminal justice system; · information such as address and date of birth; and · photographs associated with licences and passports. Data may also be collected that could track individuals’ movements and daily activities, such as public transport usage. Misuse of ICT may also ‘deplete government resources and have a negative impact on the administration of agencies’, affecting the availability of funds for service and program delivery (Lindley, Jorna & Smith 2012: ix). Where misuse of ICT results in data breaches, there can be further negative impacts arising from the loss and subsequent misuse of individuals’ personal information. Relying on policy and prosecution data to identify the extent of insider misuse of ICT does not provide a complete picture, as many matters go undetected, unreported, or may not have enough evidence or be serious enough to warrant investigation or prosecution (Lindley & Smith 2011). Not all misuse of ICT may be classified as criminal behaviour, but may instead violate the Australian Public Service Code of Conduct, organisational policies or attract civil remedies. Regardless of whether an incident involves the commission of a criminal offence, it may result in disciplinary action being taken, such as a formal warning, demotion or job loss. Question 2.1 You an employee in the public sector. You are faced with the ethical challenge of accepting a bribe for the personal and confidential information that you have access to. Analyse the five-step process that can assist you in making the right decision when confronted with the above situation.
Internal misuse of information and communications technology by public sector employees
ICT may be both the target of criminal activity, as well as a tool used to facilitate criminal acts (Choo, Smith & McCusker 2007). Instances of misuse of ICT within the public sector may fall within the definition of fraud provided in the Commonwealth Fraud Control Guidelines 2011 (the Guidelines), namely ‘dishonestly obtaining a benefit, or causing a loss, by deception or other means’ (AGD 2011: 5). According to KPMG (2013), the most concerning frauds against organisations are those perpetrated by employees, as they tend to be committed for longer periods and may cause more reputational damage than external fraud. Over a three year period between 2008 and 2011, the estimated value of internal fraud against the Commonwealth has steadily increased, from $1.9m in 2008–09 (Lindley & Smith 2011) to $3m in 2010–11 (Jorna & Smith 2013). Internal misuse of ICT is an important area of concern as employees are often placed in a position of trust, which provides them with electronic access to personal information and records. Prior research has shown that in some instances, there are few checks on an employee’s access (Smith & Jorna 2011). The outcomes of internal misuse can be damaging to the organisation and in the case of the public sector, taxpayers’ confidence.
There are significant implications of misuse of ICT in the public sector, particularly owing to the amount of data that are held about individuals by governments. For example, data held by different tiers of government may include:
· health, income, employment and education information;
· details about contact with the criminal justice system;
· information such as address and date of birth; and
· photographs associated with licences and passports.
Data may also be collected that could track individuals’ movements and daily activities, such as public transport usage. Misuse of ICT may also ‘deplete government resources and have a negative impact on the administration of agencies’, affecting the availability of funds for service and program delivery (Lindley, Jorna & Smith 2012: ix). Where misuse of ICT results in data breaches, there can be further negative impacts arising from the loss and subsequent misuse of individuals’ personal information.
Relying on policy and prosecution data to identify the extent of insider misuse of ICT does not provide a complete picture, as many matters go undetected, unreported, or may not have enough evidence or be serious enough to warrant investigation or prosecution (Lindley & Smith 2011). Not all misuse of ICT may be classified as criminal behaviour, but may instead violate the Australian Public Service Code of Conduct, organisational policies or attract civil remedies. Regardless of whether an incident involves the commission of a criminal offence, it may result in disciplinary action being taken, such as a formal warning, demotion or job loss.
Question 2.1
You an employee in the public sector. You are faced with the ethical challenge of accepting a bribe for the personal and confidential information that you have access to. Analyse the five-step process that can assist you in making the right decision when confronted with the above situation.
Step by step
Solved in 4 steps