Australian IT managers have come out in support of the use of keylogging software to monitor staff access to customer records after the Australian Department of Human Services’ Centrelink agency admitted it has been undertaking employee surveillance for the past year.
Centrelink revealed it has been tracking staff in the year-long project to identify inappropriate access to customer records which led to the sacking of some staff and the resignation of others.
During this time there were 580 incidents of inappropriate browsing of the agency’s records.
Centrelink chief executive Jeff Whalan says a further five cases have been referred to the Australian Federal Police or the Department of Public Prosecutions.
General searches by Centrelink staff included unauthorised searches for welfare cheats and as a result of the surveillance, 19 staff have been sacked, 92 resigned when accused of privacy breaches, more than 300 faced salary deductions and fines, a further 46 were reprimanded with some others demoted or issued with a warning.
Whalan did not apologise for the tough stance taken last week, but pointed out that the agency has 25,000 staff, so only 2% behaved inappropriately.
IT managers contacted by Computerworld Australia say the use of keyloggers or spyware has a relevant use in organisations.
Russell Close, head of IT at financial services firm Portfolio Partners, says ethics isn’t an issue if monitoring is conducted lawfully.
“It really depends on the situation; for monitoring of public records such as the police and government departments, keylogging could be very useful,” he says.
“There wouldn’t be ethical issues if it is conducted lawfully and the data being monitored is a matter of public concern.”
Another IT manager, who requested anonymity, says where employees are in breach of their contracts, the use of monitoring software cannot be considered unethical, especially when employees are forewarned.
“Personally I would not have a problem with using surveillance software to monitor staff.”
Hank Jongen, Centrelink general manager, says the agency isn’t using one particular type of keylogging software; it has an enhanced monitoring system developed over the last two years that includes data matching processes.
“Our monitoring system logs all access to customer records; for example, it logs the time, date and details of the staff member who searched and accessed the record. Our improved analysis techniques then establish whether the access to the customer record was inappropriate,” Jongen says.
“Inappropriate access exists when a staff member accesses a customer record without a genuine business need. For example, it is inappropriate for staff to access the records of relatives or friends, even if it’s at their request.
“Centrelink staff are well aware access to customer records is monitored and of their responsibilities when it comes to dealing with sensitive customer information. Centrelink also conducts training for staff to provide them with an awareness of ethics, privacy and fraud.”
Jongen says Centrelink’s security policy, available on the staff intranet, directly explains staff responsibilities under the Australian Public Service Code of Conduct relating to unauthorised access of customer records.
Dermot Browne, communications officer for the Community and Public Sector Union (CPSU), represents more than half the Centrelink workers affected.
He says Centrelink management has been upfront about the issue of unauthorised access to data.
He says the issue has been covered for the past three years and there was a comprehensive staff education process before the tracking software’s adoption.
“I think most Centrelink workers accept that the rules are pretty clear; as a union we have tried to make sure the guidelines are widely understood,” he says.
“In terms of representation, we will provide advice for investigations and if the investigations go off on the wrong tangent we will take it up and challenge Centrelink to get natural justice.”