❓ A WA parliamentary question on notice regarding policies and procedures for restricting unauthorised access to mobile devices and their disposal across various government departments and agencies. The responses detail security measures and disposal methods.
AnsweredQoN 3181Legislative Assembly
Asked
12 June 2018
Member
Portfolio
Tourism; Racing and Gaming; Small Business; Defence Issues; Citizenship and Multicultural Interests
QuestionView source ↗
In respect of the Minister’s portfolio responsibilities for any of their departments, agencies, government trading enterprises or boards, I ask: (a) Are there any policies or procedures in place for restricting unauthorised access to mobile devices (mobile phones, tablets and laptops): (i) If so, what are they; and (ii) If not, why not; (b) How many mobile devices have been disposed of in the following financial years and what was their disposal method (i.e. at auction): (i) 2015-16; (ii) 2016-17; and (iii) 2017-18; and (c) Were any of the mobile devices in (b)(i)-(iii) used to store sensitive or confidential information: (i) If so, what type of sensitive or confidential information; and (ii) If so, what measures are put in place to ensure this information is not retained on the hard-drive of the device upon it's disposal?
AnswerView source ↗
Answered
21 August 2018
Responded by
Minister for Tourism; Racing and Gaming; Small Business; Defence Issues; Citizenship and Multicultural Interests
Response time
12 days
Tourism Portfolio
Tourism Western Australia
(a) Yes.
(i) Access to mobile phones and tablets is controlled by applying user profiles to the devices via mobile device management software known as VMWare AirWatch. This profile requires that access controls (eg passcode, fingerprint access) are active on the devices at all times and it also links the device to a specific user’s email address. The user must enter their current password to utilise email on the device. All mobile phones and tablets purchased by Tourism WA are automatically added to this system.
Access to laptops is controlled by adding the devices to Tourism WA’s information and communication technology domain. This ensures that all laptops require user’s to enter their valid username and password to access the device. All laptops purchased by Tourism WA are automatically added to the domain.
The above procedures prevent unauthorised access to mobile devices owned by Tourism WA.
(ii) Not applicable
(b)
Year
Number disposed
Disposal method
(i)
2015-16
31
24 at auction
7 via trade-in on new devices
(ii)
2016-17
33
30 at auction
3 via transfer to another Government department
(iii)
2017-18
27
27 at auction
(c) Yes – laptops only. Mobile phones and tablets are used to access information but not to store it.
(i) Various working documents / records of Tourism WA for short-term storage only while they are worked on by staff.
Prior to laptops being disposed they are data wiped and verified by Tourism WA’s Information and Communication Technology team using enterprise-level software known as DBAN.
Rottnest Island Authority
(a) Yes.
i. Corporate Policy No. 70 - Information Security Management and Operational Procedure - Information Security Management Framework.
ii. Not applicable.
(b) Nil.
i. Not applicable.
ii. Not applicable
iii. Not applicable.
(c) Yes.
i. Personnel related, intellectual rights and commercial in confidence, legal professional privilege or security of property (physical, financial).
ii. Asset owners are required to securely transfer information from the storage media to relevant Departmental.
Racing and Gaming Portfolio
For the Racing, Gaming and Liquor Division of the Department of Local Government, Sport and Cultural Industries please refer to Legislative Assembly Question on Notice 3185
Racing and Wagering Western Australia (RWWA)
(a) (i) Mobile devices used to access email require the users RWWA Active Directory credentials. The two products made available to RWWA staff for this access will enforce a PIN is used on the mobile device and locks automatically (Exchange ActiveSync and Air Watch MDM). Mobile devices require a login and password prior to any use. RWWA’s Information Security Policy sets out the terms of use of portable computing equipment.
(ii) Not applicable
(b) (i) Nil
(ii) 16 – all were wiped and shredded
(iii) Nil
(c) Yes
(i) Email
(ii) All devices are factory wiped or shredded
Western Australian Greyhound Racing Association (WAGRA)
(a) (i) Mobile phone policy and security protocols for logins and passwords.
(ii) Not applicable
(b) (i) Nil
(ii) Nil
(iii) Nil
(c) No
Burswood Park Board (BPB)
(a) (i) Mobile devices are PIN or password protected.
(ii) Not applicable
(b) (i) 1 Laptop – Hard drive was wiped and device was destroyed and disposed of in appropriate bin.
(ii) Nil
(iii) Nil
(c) Yes
(i) Government Correspondence
(ii) Hard drive is wiped, and device is destroyed and disposed of in appropriate bin.
Small Business Portfolio
Small Business Development Corporation
(a) Yes
(i) All devices are password protected. Laptops are encrypted
(ii) Not applicable
(b)
(i) 28 devices were disposed of through a Government accredited mobile phone recycling program.
(ii) Nil
(iii) 17 devices were disposed of through a Government accredited mobile phone recycling program.
(c) Yes
(i) Corporate emails
(ii) Corporate emails are wiped from the device, followed by a device data wipe and a factory reset.
Defence Issues Portfolio
(a) (i) – (ii) Please refer to Legislative Assembly Question on Notice 3192
(b)(i) – (ii) Please refer to Legislative Assembly Question on Notice 3180
(b) (iii) Please refer to Legislative Assembly Question on Notice 3192
(c) (i) – (ii) Please refer to Legislative Assembly Question on Notice 3192
Citizenship and Multicultural Interests Portfolio
Please refer to Legislative Assembly Question on Notice 3185
Tourism Western Australia
(a) Yes.
(i) Access to mobile phones and tablets is controlled by applying user profiles to the devices via mobile device management software known as VMWare AirWatch. This profile requires that access controls (eg passcode, fingerprint access) are active on the devices at all times and it also links the device to a specific user’s email address. The user must enter their current password to utilise email on the device. All mobile phones and tablets purchased by Tourism WA are automatically added to this system.
Access to laptops is controlled by adding the devices to Tourism WA’s information and communication technology domain. This ensures that all laptops require user’s to enter their valid username and password to access the device. All laptops purchased by Tourism WA are automatically added to the domain.
The above procedures prevent unauthorised access to mobile devices owned by Tourism WA.
(ii) Not applicable
(b)
Year
Number disposed
Disposal method
(i)
2015-16
31
24 at auction
7 via trade-in on new devices
(ii)
2016-17
33
30 at auction
3 via transfer to another Government department
(iii)
2017-18
27
27 at auction
(c) Yes – laptops only. Mobile phones and tablets are used to access information but not to store it.
(i) Various working documents / records of Tourism WA for short-term storage only while they are worked on by staff.
Prior to laptops being disposed they are data wiped and verified by Tourism WA’s Information and Communication Technology team using enterprise-level software known as DBAN.
Rottnest Island Authority
(a) Yes.
i. Corporate Policy No. 70 - Information Security Management and Operational Procedure - Information Security Management Framework.
ii. Not applicable.
(b) Nil.
i. Not applicable.
ii. Not applicable
iii. Not applicable.
(c) Yes.
i. Personnel related, intellectual rights and commercial in confidence, legal professional privilege or security of property (physical, financial).
ii. Asset owners are required to securely transfer information from the storage media to relevant Departmental.
Racing and Gaming Portfolio
For the Racing, Gaming and Liquor Division of the Department of Local Government, Sport and Cultural Industries please refer to Legislative Assembly Question on Notice 3185
Racing and Wagering Western Australia (RWWA)
(a) (i) Mobile devices used to access email require the users RWWA Active Directory credentials. The two products made available to RWWA staff for this access will enforce a PIN is used on the mobile device and locks automatically (Exchange ActiveSync and Air Watch MDM). Mobile devices require a login and password prior to any use. RWWA’s Information Security Policy sets out the terms of use of portable computing equipment.
(ii) Not applicable
(b) (i) Nil
(ii) 16 – all were wiped and shredded
(iii) Nil
(c) Yes
(i) Email
(ii) All devices are factory wiped or shredded
Western Australian Greyhound Racing Association (WAGRA)
(a) (i) Mobile phone policy and security protocols for logins and passwords.
(ii) Not applicable
(b) (i) Nil
(ii) Nil
(iii) Nil
(c) No
Burswood Park Board (BPB)
(a) (i) Mobile devices are PIN or password protected.
(ii) Not applicable
(b) (i) 1 Laptop – Hard drive was wiped and device was destroyed and disposed of in appropriate bin.
(ii) Nil
(iii) Nil
(c) Yes
(i) Government Correspondence
(ii) Hard drive is wiped, and device is destroyed and disposed of in appropriate bin.
Small Business Portfolio
Small Business Development Corporation
(a) Yes
(i) All devices are password protected. Laptops are encrypted
(ii) Not applicable
(b)
(i) 28 devices were disposed of through a Government accredited mobile phone recycling program.
(ii) Nil
(iii) 17 devices were disposed of through a Government accredited mobile phone recycling program.
(c) Yes
(i) Corporate emails
(ii) Corporate emails are wiped from the device, followed by a device data wipe and a factory reset.
Defence Issues Portfolio
(a) (i) – (ii) Please refer to Legislative Assembly Question on Notice 3192
(b)(i) – (ii) Please refer to Legislative Assembly Question on Notice 3180
(b) (iii) Please refer to Legislative Assembly Question on Notice 3192
(c) (i) – (ii) Please refer to Legislative Assembly Question on Notice 3192
Citizenship and Multicultural Interests Portfolio
Please refer to Legislative Assembly Question on Notice 3185
Explore WA Government Data
Search the full archive in the free dashboard, or query programmatically via API.
Explore more
Government Gazette
Appointments, regulatory notices, planning changes.
Hansard
Debates, questions, speeches and sentiment.
Tabled Papers
Reports and documents tabled in Parliament.
Committees
Committee profiles and recent reports.
Regulations
Subsidiary legislation with filters and summaries.
Bills
Proposed laws and parliamentary progress.
Acts
Current WA legislation and summaries.
Explanatory Memoranda
Bills with EMs (text/PDF) available.
Members
MP profiles, party breakdown and rankings.
Pollie Rankings
Data-driven rankings across 19 categories.
Amendment Chains
Track how schemes and regulations evolve over time.