❓ Question on Notice regarding the security of court database systems containing sensitive information about serious criminals. The Attorney General acknowledges the issue, details the timeline of awareness, and outlines steps taken to address the identified deficiencies, including a review of security vetting procedures.
AnsweredQoN 120Legislative Assembly
QuestionView source ↗
LAW COURTS — DATABASE SYSTEMS
In its report to the Joint Standing Committee on the Corruption and Crime Commission, the Corruption and Crime Commission identified that due to the age of its computer systems, the courts are unable to properly monitor and audit the usage of database systems that contain highly sensitive information relating to the prosecution and movement of serious criminals in custody. (1) When did the Attorney General first become aware of the serious inadequacies of these systems? (2) What steps has the Attorney General taken to upgrade these systems to secure this information for the safety of the courts and the public? (3) What, if any, funding has the Attorney General obtained and when will a secure database be installed? (4) Does the Attorney General agree that a comprehensive audit tracking system is essential for any secure court information system? (5) What has the Attorney General done to implement such a system? The SPEAKER : Member, I will permit the first four questions, you might like to reserve part (5) as part of a supplementary question, which you will be entitled to. Answer the first four questions, Attorney General. Mr C.C. PORTER
In its report to the Joint Standing Committee on the Corruption and Crime Commission, the Corruption and Crime Commission identified that due to the age of its computer systems, the courts are unable to properly monitor and audit the usage of database systems that contain highly sensitive information relating to the prosecution and movement of serious criminals in custody. (1) When did the Attorney General first become aware of the serious inadequacies of these systems? (2) What steps has the Attorney General taken to upgrade these systems to secure this information for the safety of the courts and the public? (3) What, if any, funding has the Attorney General obtained and when will a secure database be installed? (4) Does the Attorney General agree that a comprehensive audit tracking system is essential for any secure court information system? (5) What has the Attorney General done to implement such a system? The SPEAKER : Member, I will permit the first four questions, you might like to reserve part (5) as part of a supplementary question, which you will be entitled to. Answer the first four questions, Attorney General. Mr C.C. PORTER
AnswerView source ↗
(1)–(4) I thank the member for his question and, of course, it relates to the Corruption and Crime Commission report that was tabled today by the Joint Standing Committee on the Corruption and Crime Commission. I will start by saying—this goes to the member’s question as to when I first became aware of this issue—that there are multiple copies of this report. There is, if I can call it this, the abridged copy of the report or what the committee has called the precis, which was tabled today. There also would have been draft reports before the final report, which were sent out to a range of people pursuant to section 86 of the Corruption and Crime Commission Act as part of the natural justice process. I understand that such a report went to the Department of the Attorney General, I do not know precisely when, but it is safe to say that the department has been aware of the investigation for some time. The department has been aware of the issues at least since the time it got the draft report and has been working on them since then, and I will come back to that in a moment. Final copies of the report were also sent to me and to the committee on 25 February 2010. That report was sent to the committee and me for the reason that under section 89 a view was taken by the CCC that the report should either not be published at all or not be published in its full form. That is the view that the committee obviously had divergence with, and no doubt there would have been discussions between the committee and the CCC as to how the final precis report came to be tabled and whether that was desirable. I will state at this point that in the letter sent to me from the CCC dated 25 February this year, the CCC put the view that one reason why the report should not be published in its full form, although it put to me that it should not be published at all, was the security risk in revealing deficiencies in sensitive computer systems. On page 3 of its report, the committee stated — In the Committee’s view it is more likely that action will be taken to remedy these deficiencies if the information pertaining to these computer systems contained in the Report is made public. That might be true to an extent, although I would gently say that it would have been nice, given that both the committee and the Attorney General had that report at the same time, if the committee had sought my views as to whether the immediate tabling of that information put the systems at risk because what the member for Mindarie is in effect saying is that there are clearly problems that need to be addressed in the computer systems. They are very large and very expensive systems, and that is obviously not something that could happen immediately. In answer, I think, to part (4) of the member’s question, it has not happened yet, although some things have happened because of the fact that the department, having been aware of the investigation and having been in receipt of the draft report, had had the benefit of seeing the deficiencies as they have been put by the CCC as existing. Substantively, the two things that the CCC report effectively raises are, first of all, security vetting for departmental—that is, DOTAG—staff and, particularly, court staff who have access to sensitive and confidential information. With respect to that issue, which is less in the nature of infrastructure and spending, the department commenced a full review of the criminal screening and suitability for employment policy, practices and procedures in November 2009. That will be concluded by 31 March this year—the end of this month. I imagine that review will put recommendations to me in the nature of considering higher levels of checking for all departmental and judicial support staff. No doubt that will also recommend the examination and potential of introducing a full vetting program for all court staff and at least some Department of the Attorney General staff, although there will be costing implications in that. Secondly, the problem that was raised was the ability of the department to monitor and audit usage of computer systems that contain sensitive and confidential information. The alternatives there it seems, ultimately, will involve infrastructure and infrastructure upgrades and spending. Mr E.S. Ripper : When is that likely to happen? Mr C.C. PORTER : The department is investigating how it can happen in a cost-effective fashion and how quickly it can happen, but it has not yet happened. Mr E.S. Ripper : It sounds to me like it might be years away. Mr C.C. PORTER : I have not yet received the report from the department on the time frames it has put on that process. Unlike the member for Forrestfield and other members, I am not a genius or computer expert in these matters. I will rely on the department’s advice on how the problems can be overcome in a cost-effective way. Mr E.S. Ripper : You are too late for this year’s budget so it could be years before the systems are in place. Mr C.C. PORTER : The Treasurer and I have a wonderful relationship that is very flexible. Several members interjected. Mr C.C. PORTER : The department will report to me on appropriate mechanisms that will allow a level of audit within the computer systems but also functionality across those computer systems that contain confidential and sensitive information. Of course, the first thing is to ensure that the staff who have access to these types of computer systems are vetted far more thoroughly than they are at the moment. Even if there is a delay in the upgrading of the computer systems at the requisite and appropriate cost, we first want to make sure that the people who will be operating those systems undergo appropriate vetting. Members should keep in mind that this problem crosses both governments. The person who was ultimately convicted in this matter was employed as an associate in November 2000 and resigned on 31 July 2009. Things are happening and have been happening for several months. I am keen to see that process through. As the Treasurer said, it is another challenge.
(1) When did the Attorney General first become aware of the serious inadequacies of these systems? (2) What steps has the Attorney General taken to upgrade these systems to secure this information for the safety of the courts and the public? (3) What, if any, funding has the Attorney General obtained and when will a secure database be installed? (4) Does the Attorney General agree that a comprehensive audit tracking system is essential for any secure court information system? (5) What has the Attorney General done to implement such a system? The SPEAKER : Member, I will permit the first four questions, you might like to reserve part (5) as part of a supplementary question, which you will be entitled to. Answer the first four questions, Attorney General. Mr C.C. PORTER replied: (1)–(4) I thank the member for his question and, of course, it relates to the Corruption and Crime Commission report that was tabled today by the Joint Standing Committee on the Corruption and Crime Commission. I will start by saying—this goes to the member’s question as to when I first became aware of this issue—that there are multiple copies of this report. There is, if I can call it this, the abridged copy of the report or what the committee has called the precis, which was tabled today. There also would have been draft reports before the final report, which were sent out to a range of people pursuant to section 86 of the Corruption and Crime Commission Act as part of the natural justice process. I understand that such a report went to the Department of the Attorney General, I do not know precisely when, but it is safe to say that the department has been aware of the investigation for some time. The department has been aware of the issues at least since the time it got the draft report and has been working on them since then, and I will come back to that in a moment. Final copies of the report were also sent to me and to the committee on 25 February 2010. That report was sent to the committee and me for the reason that under section 89 a view was taken by the CCC that the report should either not be published at all or not be published in its full form. That is the view that the committee obviously had divergence with, and no doubt there would have been discussions between the committee and the CCC as to how the final precis report came to be tabled and whether that was desirable. I will state at this point that in the letter sent to me from the CCC dated 25 February this year, the CCC put the view that one reason why the report should not be published in its full form, although it put to me that it should not be published at all, was the security risk in revealing deficiencies in sensitive computer systems. On page 3 of its report, the committee stated — In the Committee’s view it is more likely that action will be taken to remedy these deficiencies if the information pertaining to these computer systems contained in the Report is made public. That might be true to an extent, although I would gently say that it would have been nice, given that both the committee and the Attorney General had that report at the same time, if the committee had sought my views as to whether the immediate tabling of that information put the systems at risk because what the member for Mindarie is in effect saying is that there are clearly problems that need to be addressed in the computer systems. They are very large and very expensive systems, and that is obviously not something that could happen immediately. In answer, I think, to part (4) of the member’s question, it has not happened yet, although some things have happened because of the fact that the department, having been aware of the investigation and having been in receipt of the draft report, had had the benefit of seeing the deficiencies as they have been put by the CCC as existing. Substantively, the two things that the CCC report effectively raises are, first of all, security vetting for departmental—that is, DOTAG—staff and, particularly, court staff who have access to sensitive and confidential information. With respect to that issue, which is less in the nature of infrastructure and spending, the department commenced a full review of the criminal screening and suitability for employment policy, practices and procedures in November 2009. That will be concluded by 31 March this year—the end of this month. I imagine that review will put recommendations to me in the nature of considering higher levels of checking for all departmental and judicial support staff. No doubt that will also recommend the examination and potential of introducing a full vetting program for all court staff and at least some Department of the Attorney General staff, although there will be costing implications in that. Secondly, the problem that was raised was the ability of the department to monitor and audit usage of computer systems that contain sensitive and confidential information. The alternatives there it seems, ultimately, will involve infrastructure and infrastructure upgrades and spending. Mr E.S. Ripper : When is that likely to happen? Mr C.C. PORTER : The department is investigating how it can happen in a cost-effective fashion and how quickly it can happen, but it has not yet happened. Mr E.S. Ripper : It sounds to me like it might be years away. Mr C.C. PORTER : I have not yet received the report from the department on the time frames it has put on that process. Unlike the member for Forrestfield and other members, I am not a genius or computer expert in these matters. I will rely on the department’s advice on how the problems can be overcome in a cost-effective way. Mr E.S. Ripper : You are too late for this year’s budget so it could be years before the systems are in place. Mr C.C. PORTER : The Treasurer and I have a wonderful relationship that is very flexible. Several members interjected. Mr C.C. PORTER : The department will report to me on appropriate mechanisms that will allow a level of audit within the computer systems but also functionality across those computer systems that contain confidential and sensitive information. Of course, the first thing is to ensure that the staff who have access to these types of computer systems are vetted far more thoroughly than they are at the moment. Even if there is a delay in the upgrading of the computer systems at the requisite and appropriate cost, we first want to make sure that the people who will be operating those systems undergo appropriate vetting. Members should keep in mind that this problem crosses both governments. The person who was ultimately convicted in this matter was employed as an associate in November 2000 and resigned on 31 July 2009. Things are happening and have been happening for several months. I am keen to see that process through. As the Treasurer said, it is another challenge.
(2) What steps has the Attorney General taken to upgrade these systems to secure this information for the safety of the courts and the public? (3) What, if any, funding has the Attorney General obtained and when will a secure database be installed? (4) Does the Attorney General agree that a comprehensive audit tracking system is essential for any secure court information system? (5) What has the Attorney General done to implement such a system? The SPEAKER : Member, I will permit the first four questions, you might like to reserve part (5) as part of a supplementary question, which you will be entitled to. Answer the first four questions, Attorney General. Mr C.C. PORTER replied: (1)–(4) I thank the member for his question and, of course, it relates to the Corruption and Crime Commission report that was tabled today by the Joint Standing Committee on the Corruption and Crime Commission. I will start by saying—this goes to the member’s question as to when I first became aware of this issue—that there are multiple copies of this report. There is, if I can call it this, the abridged copy of the report or what the committee has called the precis, which was tabled today. There also would have been draft reports before the final report, which were sent out to a range of people pursuant to section 86 of the Corruption and Crime Commission Act as part of the natural justice process. I understand that such a report went to the Department of the Attorney General, I do not know precisely when, but it is safe to say that the department has been aware of the investigation for some time. The department has been aware of the issues at least since the time it got the draft report and has been working on them since then, and I will come back to that in a moment. Final copies of the report were also sent to me and to the committee on 25 February 2010. That report was sent to the committee and me for the reason that under section 89 a view was taken by the CCC that the report should either not be published at all or not be published in its full form. That is the view that the committee obviously had divergence with, and no doubt there would have been discussions between the committee and the CCC as to how the final precis report came to be tabled and whether that was desirable. I will state at this point that in the letter sent to me from the CCC dated 25 February this year, the CCC put the view that one reason why the report should not be published in its full form, although it put to me that it should not be published at all, was the security risk in revealing deficiencies in sensitive computer systems. On page 3 of its report, the committee stated — In the Committee’s view it is more likely that action will be taken to remedy these deficiencies if the information pertaining to these computer systems contained in the Report is made public. That might be true to an extent, although I would gently say that it would have been nice, given that both the committee and the Attorney General had that report at the same time, if the committee had sought my views as to whether the immediate tabling of that information put the systems at risk because what the member for Mindarie is in effect saying is that there are clearly problems that need to be addressed in the computer systems. They are very large and very expensive systems, and that is obviously not something that could happen immediately. In answer, I think, to part (4) of the member’s question, it has not happened yet, although some things have happened because of the fact that the department, having been aware of the investigation and having been in receipt of the draft report, had had the benefit of seeing the deficiencies as they have been put by the CCC as existing. Substantively, the two things that the CCC report effectively raises are, first of all, security vetting for departmental—that is, DOTAG—staff and, particularly, court staff who have access to sensitive and confidential information. With respect to that issue, which is less in the nature of infrastructure and spending, the department commenced a full review of the criminal screening and suitability for employment policy, practices and procedures in November 2009. That will be concluded by 31 March this year—the end of this month. I imagine that review will put recommendations to me in the nature of considering higher levels of checking for all departmental and judicial support staff. No doubt that will also recommend the examination and potential of introducing a full vetting program for all court staff and at least some Department of the Attorney General staff, although there will be costing implications in that. Secondly, the problem that was raised was the ability of the department to monitor and audit usage of computer systems that contain sensitive and confidential information. The alternatives there it seems, ultimately, will involve infrastructure and infrastructure upgrades and spending. Mr E.S. Ripper : When is that likely to happen? Mr C.C. PORTER : The department is investigating how it can happen in a cost-effective fashion and how quickly it can happen, but it has not yet happened. Mr E.S. Ripper : It sounds to me like it might be years away. Mr C.C. PORTER : I have not yet received the report from the department on the time frames it has put on that process. Unlike the member for Forrestfield and other members, I am not a genius or computer expert in these matters. I will rely on the department’s advice on how the problems can be overcome in a cost-effective way. Mr E.S. Ripper : You are too late for this year’s budget so it could be years before the systems are in place. Mr C.C. PORTER : The Treasurer and I have a wonderful relationship that is very flexible. Several members interjected. Mr C.C. PORTER : The department will report to me on appropriate mechanisms that will allow a level of audit within the computer systems but also functionality across those computer systems that contain confidential and sensitive information. Of course, the first thing is to ensure that the staff who have access to these types of computer systems are vetted far more thoroughly than they are at the moment. Even if there is a delay in the upgrading of the computer systems at the requisite and appropriate cost, we first want to make sure that the people who will be operating those systems undergo appropriate vetting. Members should keep in mind that this problem crosses both governments. The person who was ultimately convicted in this matter was employed as an associate in November 2000 and resigned on 31 July 2009. Things are happening and have been happening for several months. I am keen to see that process through. As the Treasurer said, it is another challenge.
(3) What, if any, funding has the Attorney General obtained and when will a secure database be installed? (4) Does the Attorney General agree that a comprehensive audit tracking system is essential for any secure court information system? (5) What has the Attorney General done to implement such a system? The SPEAKER : Member, I will permit the first four questions, you might like to reserve part (5) as part of a supplementary question, which you will be entitled to. Answer the first four questions, Attorney General. Mr C.C. PORTER replied: (1)–(4) I thank the member for his question and, of course, it relates to the Corruption and Crime Commission report that was tabled today by the Joint Standing Committee on the Corruption and Crime Commission. I will start by saying—this goes to the member’s question as to when I first became aware of this issue—that there are multiple copies of this report. There is, if I can call it this, the abridged copy of the report or what the committee has called the precis, which was tabled today. There also would have been draft reports before the final report, which were sent out to a range of people pursuant to section 86 of the Corruption and Crime Commission Act as part of the natural justice process. I understand that such a report went to the Department of the Attorney General, I do not know precisely when, but it is safe to say that the department has been aware of the investigation for some time. The department has been aware of the issues at least since the time it got the draft report and has been working on them since then, and I will come back to that in a moment. Final copies of the report were also sent to me and to the committee on 25 February 2010. That report was sent to the committee and me for the reason that under section 89 a view was taken by the CCC that the report should either not be published at all or not be published in its full form. That is the view that the committee obviously had divergence with, and no doubt there would have been discussions between the committee and the CCC as to how the final precis report came to be tabled and whether that was desirable. I will state at this point that in the letter sent to me from the CCC dated 25 February this year, the CCC put the view that one reason why the report should not be published in its full form, although it put to me that it should not be published at all, was the security risk in revealing deficiencies in sensitive computer systems. On page 3 of its report, the committee stated — In the Committee’s view it is more likely that action will be taken to remedy these deficiencies if the information pertaining to these computer systems contained in the Report is made public. That might be true to an extent, although I would gently say that it would have been nice, given that both the committee and the Attorney General had that report at the same time, if the committee had sought my views as to whether the immediate tabling of that information put the systems at risk because what the member for Mindarie is in effect saying is that there are clearly problems that need to be addressed in the computer systems. They are very large and very expensive systems, and that is obviously not something that could happen immediately. In answer, I think, to part (4) of the member’s question, it has not happened yet, although some things have happened because of the fact that the department, having been aware of the investigation and having been in receipt of the draft report, had had the benefit of seeing the deficiencies as they have been put by the CCC as existing. Substantively, the two things that the CCC report effectively raises are, first of all, security vetting for departmental—that is, DOTAG—staff and, particularly, court staff who have access to sensitive and confidential information. With respect to that issue, which is less in the nature of infrastructure and spending, the department commenced a full review of the criminal screening and suitability for employment policy, practices and procedures in November 2009. That will be concluded by 31 March this year—the end of this month. I imagine that review will put recommendations to me in the nature of considering higher levels of checking for all departmental and judicial support staff. No doubt that will also recommend the examination and potential of introducing a full vetting program for all court staff and at least some Department of the Attorney General staff, although there will be costing implications in that. Secondly, the problem that was raised was the ability of the department to monitor and audit usage of computer systems that contain sensitive and confidential information. The alternatives there it seems, ultimately, will involve infrastructure and infrastructure upgrades and spending. Mr E.S. Ripper : When is that likely to happen? Mr C.C. PORTER : The department is investigating how it can happen in a cost-effective fashion and how quickly it can happen, but it has not yet happened. Mr E.S. Ripper : It sounds to me like it might be years away. Mr C.C. PORTER : I have not yet received the report from the department on the time frames it has put on that process. Unlike the member for Forrestfield and other members, I am not a genius or computer expert in these matters. I will rely on the department’s advice on how the problems can be overcome in a cost-effective way. Mr E.S. Ripper : You are too late for this year’s budget so it could be years before the systems are in place. Mr C.C. PORTER : The Treasurer and I have a wonderful relationship that is very flexible. Several members interjected. Mr C.C. PORTER : The department will report to me on appropriate mechanisms that will allow a level of audit within the computer systems but also functionality across those computer systems that contain confidential and sensitive information. Of course, the first thing is to ensure that the staff who have access to these types of computer systems are vetted far more thoroughly than they are at the moment. Even if there is a delay in the upgrading of the computer systems at the requisite and appropriate cost, we first want to make sure that the people who will be operating those systems undergo appropriate vetting. Members should keep in mind that this problem crosses both governments. The person who was ultimately convicted in this matter was employed as an associate in November 2000 and resigned on 31 July 2009. Things are happening and have been happening for several months. I am keen to see that process through. As the Treasurer said, it is another challenge.
(4) Does the Attorney General agree that a comprehensive audit tracking system is essential for any secure court information system? (5) What has the Attorney General done to implement such a system? The SPEAKER : Member, I will permit the first four questions, you might like to reserve part (5) as part of a supplementary question, which you will be entitled to. Answer the first four questions, Attorney General. Mr C.C. PORTER replied: (1)–(4) I thank the member for his question and, of course, it relates to the Corruption and Crime Commission report that was tabled today by the Joint Standing Committee on the Corruption and Crime Commission. I will start by saying—this goes to the member’s question as to when I first became aware of this issue—that there are multiple copies of this report. There is, if I can call it this, the abridged copy of the report or what the committee has called the precis, which was tabled today. There also would have been draft reports before the final report, which were sent out to a range of people pursuant to section 86 of the Corruption and Crime Commission Act as part of the natural justice process. I understand that such a report went to the Department of the Attorney General, I do not know precisely when, but it is safe to say that the department has been aware of the investigation for some time. The department has been aware of the issues at least since the time it got the draft report and has been working on them since then, and I will come back to that in a moment. Final copies of the report were also sent to me and to the committee on 25 February 2010. That report was sent to the committee and me for the reason that under section 89 a view was taken by the CCC that the report should either not be published at all or not be published in its full form. That is the view that the committee obviously had divergence with, and no doubt there would have been discussions between the committee and the CCC as to how the final precis report came to be tabled and whether that was desirable. I will state at this point that in the letter sent to me from the CCC dated 25 February this year, the CCC put the view that one reason why the report should not be published in its full form, although it put to me that it should not be published at all, was the security risk in revealing deficiencies in sensitive computer systems. On page 3 of its report, the committee stated — In the Committee’s view it is more likely that action will be taken to remedy these deficiencies if the information pertaining to these computer systems contained in the Report is made public. That might be true to an extent, although I would gently say that it would have been nice, given that both the committee and the Attorney General had that report at the same time, if the committee had sought my views as to whether the immediate tabling of that information put the systems at risk because what the member for Mindarie is in effect saying is that there are clearly problems that need to be addressed in the computer systems. They are very large and very expensive systems, and that is obviously not something that could happen immediately. In answer, I think, to part (4) of the member’s question, it has not happened yet, although some things have happened because of the fact that the department, having been aware of the investigation and having been in receipt of the draft report, had had the benefit of seeing the deficiencies as they have been put by the CCC as existing. Substantively, the two things that the CCC report effectively raises are, first of all, security vetting for departmental—that is, DOTAG—staff and, particularly, court staff who have access to sensitive and confidential information. With respect to that issue, which is less in the nature of infrastructure and spending, the department commenced a full review of the criminal screening and suitability for employment policy, practices and procedures in November 2009. That will be concluded by 31 March this year—the end of this month. I imagine that review will put recommendations to me in the nature of considering higher levels of checking for all departmental and judicial support staff. No doubt that will also recommend the examination and potential of introducing a full vetting program for all court staff and at least some Department of the Attorney General staff, although there will be costing implications in that. Secondly, the problem that was raised was the ability of the department to monitor and audit usage of computer systems that contain sensitive and confidential information. The alternatives there it seems, ultimately, will involve infrastructure and infrastructure upgrades and spending. Mr E.S. Ripper : When is that likely to happen? Mr C.C. PORTER : The department is investigating how it can happen in a cost-effective fashion and how quickly it can happen, but it has not yet happened. Mr E.S. Ripper : It sounds to me like it might be years away. Mr C.C. PORTER : I have not yet received the report from the department on the time frames it has put on that process. Unlike the member for Forrestfield and other members, I am not a genius or computer expert in these matters. I will rely on the department’s advice on how the problems can be overcome in a cost-effective way. Mr E.S. Ripper : You are too late for this year’s budget so it could be years before the systems are in place. Mr C.C. PORTER : The Treasurer and I have a wonderful relationship that is very flexible. Several members interjected. Mr C.C. PORTER : The department will report to me on appropriate mechanisms that will allow a level of audit within the computer systems but also functionality across those computer systems that contain confidential and sensitive information. Of course, the first thing is to ensure that the staff who have access to these types of computer systems are vetted far more thoroughly than they are at the moment. Even if there is a delay in the upgrading of the computer systems at the requisite and appropriate cost, we first want to make sure that the people who will be operating those systems undergo appropriate vetting. Members should keep in mind that this problem crosses both governments. The person who was ultimately convicted in this matter was employed as an associate in November 2000 and resigned on 31 July 2009. Things are happening and have been happening for several months. I am keen to see that process through. As the Treasurer said, it is another challenge.
(5) What has the Attorney General done to implement such a system? The SPEAKER : Member, I will permit the first four questions, you might like to reserve part (5) as part of a supplementary question, which you will be entitled to. Answer the first four questions, Attorney General. Mr C.C. PORTER replied: (1)–(4) I thank the member for his question and, of course, it relates to the Corruption and Crime Commission report that was tabled today by the Joint Standing Committee on the Corruption and Crime Commission. I will start by saying—this goes to the member’s question as to when I first became aware of this issue—that there are multiple copies of this report. There is, if I can call it this, the abridged copy of the report or what the committee has called the precis, which was tabled today. There also would have been draft reports before the final report, which were sent out to a range of people pursuant to section 86 of the Corruption and Crime Commission Act as part of the natural justice process. I understand that such a report went to the Department of the Attorney General, I do not know precisely when, but it is safe to say that the department has been aware of the investigation for some time. The department has been aware of the issues at least since the time it got the draft report and has been working on them since then, and I will come back to that in a moment. Final copies of the report were also sent to me and to the committee on 25 February 2010. That report was sent to the committee and me for the reason that under section 89 a view was taken by the CCC that the report should either not be published at all or not be published in its full form. That is the view that the committee obviously had divergence with, and no doubt there would have been discussions between the committee and the CCC as to how the final precis report came to be tabled and whether that was desirable. I will state at this point that in the letter sent to me from the CCC dated 25 February this year, the CCC put the view that one reason why the report should not be published in its full form, although it put to me that it should not be published at all, was the security risk in revealing deficiencies in sensitive computer systems. On page 3 of its report, the committee stated — In the Committee’s view it is more likely that action will be taken to remedy these deficiencies if the information pertaining to these computer systems contained in the Report is made public. That might be true to an extent, although I would gently say that it would have been nice, given that both the committee and the Attorney General had that report at the same time, if the committee had sought my views as to whether the immediate tabling of that information put the systems at risk because what the member for Mindarie is in effect saying is that there are clearly problems that need to be addressed in the computer systems. They are very large and very expensive systems, and that is obviously not something that could happen immediately. In answer, I think, to part (4) of the member’s question, it has not happened yet, although some things have happened because of the fact that the department, having been aware of the investigation and having been in receipt of the draft report, had had the benefit of seeing the deficiencies as they have been put by the CCC as existing. Substantively, the two things that the CCC report effectively raises are, first of all, security vetting for departmental—that is, DOTAG—staff and, particularly, court staff who have access to sensitive and confidential information. With respect to that issue, which is less in the nature of infrastructure and spending, the department commenced a full review of the criminal screening and suitability for employment policy, practices and procedures in November 2009. That will be concluded by 31 March this year—the end of this month. I imagine that review will put recommendations to me in the nature of considering higher levels of checking for all departmental and judicial support staff. No doubt that will also recommend the examination and potential of introducing a full vetting program for all court staff and at least some Department of the Attorney General staff, although there will be costing implications in that. Secondly, the problem that was raised was the ability of the department to monitor and audit usage of computer systems that contain sensitive and confidential information. The alternatives there it seems, ultimately, will involve infrastructure and infrastructure upgrades and spending. Mr E.S. Ripper : When is that likely to happen? Mr C.C. PORTER : The department is investigating how it can happen in a cost-effective fashion and how quickly it can happen, but it has not yet happened. Mr E.S. Ripper : It sounds to me like it might be years away. Mr C.C. PORTER : I have not yet received the report from the department on the time frames it has put on that process. Unlike the member for Forrestfield and other members, I am not a genius or computer expert in these matters. I will rely on the department’s advice on how the problems can be overcome in a cost-effective way. Mr E.S. Ripper : You are too late for this year’s budget so it could be years before the systems are in place. Mr C.C. PORTER : The Treasurer and I have a wonderful relationship that is very flexible. Several members interjected. Mr C.C. PORTER : The department will report to me on appropriate mechanisms that will allow a level of audit within the computer systems but also functionality across those computer systems that contain confidential and sensitive information. Of course, the first thing is to ensure that the staff who have access to these types of computer systems are vetted far more thoroughly than they are at the moment. Even if there is a delay in the upgrading of the computer systems at the requisite and appropriate cost, we first want to make sure that the people who will be operating those systems undergo appropriate vetting. Members should keep in mind that this problem crosses both governments. The person who was ultimately convicted in this matter was employed as an associate in November 2000 and resigned on 31 July 2009. Things are happening and have been happening for several months. I am keen to see that process through. As the Treasurer said, it is another challenge.
The SPEAKER : Member, I will permit the first four questions, you might like to reserve part (5) as part of a supplementary question, which you will be entitled to. Answer the first four questions, Attorney General. Mr C.C. PORTER replied: (1)–(4) I thank the member for his question and, of course, it relates to the Corruption and Crime Commission report that was tabled today by the Joint Standing Committee on the Corruption and Crime Commission. I will start by saying—this goes to the member’s question as to when I first became aware of this issue—that there are multiple copies of this report. There is, if I can call it this, the abridged copy of the report or what the committee has called the precis, which was tabled today. There also would have been draft reports before the final report, which were sent out to a range of people pursuant to section 86 of the Corruption and Crime Commission Act as part of the natural justice process. I understand that such a report went to the Department of the Attorney General, I do not know precisely when, but it is safe to say that the department has been aware of the investigation for some time. The department has been aware of the issues at least since the time it got the draft report and has been working on them since then, and I will come back to that in a moment. Final copies of the report were also sent to me and to the committee on 25 February 2010. That report was sent to the committee and me for the reason that under section 89 a view was taken by the CCC that the report should either not be published at all or not be published in its full form. That is the view that the committee obviously had divergence with, and no doubt there would have been discussions between the committee and the CCC as to how the final precis report came to be tabled and whether that was desirable. I will state at this point that in the letter sent to me from the CCC dated 25 February this year, the CCC put the view that one reason why the report should not be published in its full form, although it put to me that it should not be published at all, was the security risk in revealing deficiencies in sensitive computer systems. On page 3 of its report, the committee stated — In the Committee’s view it is more likely that action will be taken to remedy these deficiencies if the information pertaining to these computer systems contained in the Report is made public. That might be true to an extent, although I would gently say that it would have been nice, given that both the committee and the Attorney General had that report at the same time, if the committee had sought my views as to whether the immediate tabling of that information put the systems at risk because what the member for Mindarie is in effect saying is that there are clearly problems that need to be addressed in the computer systems. They are very large and very expensive systems, and that is obviously not something that could happen immediately. In answer, I think, to part (4) of the member’s question, it has not happened yet, although some things have happened because of the fact that the department, having been aware of the investigation and having been in receipt of the draft report, had had the benefit of seeing the deficiencies as they have been put by the CCC as existing. Substantively, the two things that the CCC report effectively raises are, first of all, security vetting for departmental—that is, DOTAG—staff and, particularly, court staff who have access to sensitive and confidential information. With respect to that issue, which is less in the nature of infrastructure and spending, the department commenced a full review of the criminal screening and suitability for employment policy, practices and procedures in November 2009. That will be concluded by 31 March this year—the end of this month. I imagine that review will put recommendations to me in the nature of considering higher levels of checking for all departmental and judicial support staff. No doubt that will also recommend the examination and potential of introducing a full vetting program for all court staff and at least some Department of the Attorney General staff, although there will be costing implications in that. Secondly, the problem that was raised was the ability of the department to monitor and audit usage of computer systems that contain sensitive and confidential information. The alternatives there it seems, ultimately, will involve infrastructure and infrastructure upgrades and spending. Mr E.S. Ripper : When is that likely to happen? Mr C.C. PORTER : The department is investigating how it can happen in a cost-effective fashion and how quickly it can happen, but it has not yet happened. Mr E.S. Ripper : It sounds to me like it might be years away. Mr C.C. PORTER : I have not yet received the report from the department on the time frames it has put on that process. Unlike the member for Forrestfield and other members, I am not a genius or computer expert in these matters. I will rely on the department’s advice on how the problems can be overcome in a cost-effective way. Mr E.S. Ripper : You are too late for this year’s budget so it could be years before the systems are in place. Mr C.C. PORTER : The Treasurer and I have a wonderful relationship that is very flexible. Several members interjected. Mr C.C. PORTER : The department will report to me on appropriate mechanisms that will allow a level of audit within the computer systems but also functionality across those computer systems that contain confidential and sensitive information. Of course, the first thing is to ensure that the staff who have access to these types of computer systems are vetted far more thoroughly than they are at the moment. Even if there is a delay in the upgrading of the computer systems at the requisite and appropriate cost, we first want to make sure that the people who will be operating those systems undergo appropriate vetting. Members should keep in mind that this problem crosses both governments. The person who was ultimately convicted in this matter was employed as an associate in November 2000 and resigned on 31 July 2009. Things are happening and have been happening for several months. I am keen to see that process through. As the Treasurer said, it is another challenge.
Mr C.C. PORTER replied: (1)–(4) I thank the member for his question and, of course, it relates to the Corruption and Crime Commission report that was tabled today by the Joint Standing Committee on the Corruption and Crime Commission. I will start by saying—this goes to the member’s question as to when I first became aware of this issue—that there are multiple copies of this report. There is, if I can call it this, the abridged copy of the report or what the committee has called the precis, which was tabled today. There also would have been draft reports before the final report, which were sent out to a range of people pursuant to section 86 of the Corruption and Crime Commission Act as part of the natural justice process. I understand that such a report went to the Department of the Attorney General, I do not know precisely when, but it is safe to say that the department has been aware of the investigation for some time. The department has been aware of the issues at least since the time it got the draft report and has been working on them since then, and I will come back to that in a moment. Final copies of the report were also sent to me and to the committee on 25 February 2010. That report was sent to the committee and me for the reason that under section 89 a view was taken by the CCC that the report should either not be published at all or not be published in its full form. That is the view that the committee obviously had divergence with, and no doubt there would have been discussions between the committee and the CCC as to how the final precis report came to be tabled and whether that was desirable. I will state at this point that in the letter sent to me from the CCC dated 25 February this year, the CCC put the view that one reason why the report should not be published in its full form, although it put to me that it should not be published at all, was the security risk in revealing deficiencies in sensitive computer systems. On page 3 of its report, the committee stated — In the Committee’s view it is more likely that action will be taken to remedy these deficiencies if the information pertaining to these computer systems contained in the Report is made public. That might be true to an extent, although I would gently say that it would have been nice, given that both the committee and the Attorney General had that report at the same time, if the committee had sought my views as to whether the immediate tabling of that information put the systems at risk because what the member for Mindarie is in effect saying is that there are clearly problems that need to be addressed in the computer systems. They are very large and very expensive systems, and that is obviously not something that could happen immediately. In answer, I think, to part (4) of the member’s question, it has not happened yet, although some things have happened because of the fact that the department, having been aware of the investigation and having been in receipt of the draft report, had had the benefit of seeing the deficiencies as they have been put by the CCC as existing. Substantively, the two things that the CCC report effectively raises are, first of all, security vetting for departmental—that is, DOTAG—staff and, particularly, court staff who have access to sensitive and confidential information. With respect to that issue, which is less in the nature of infrastructure and spending, the department commenced a full review of the criminal screening and suitability for employment policy, practices and procedures in November 2009. That will be concluded by 31 March this year—the end of this month. I imagine that review will put recommendations to me in the nature of considering higher levels of checking for all departmental and judicial support staff. No doubt that will also recommend the examination and potential of introducing a full vetting program for all court staff and at least some Department of the Attorney General staff, although there will be costing implications in that. Secondly, the problem that was raised was the ability of the department to monitor and audit usage of computer systems that contain sensitive and confidential information. The alternatives there it seems, ultimately, will involve infrastructure and infrastructure upgrades and spending. Mr E.S. Ripper : When is that likely to happen? Mr C.C. PORTER : The department is investigating how it can happen in a cost-effective fashion and how quickly it can happen, but it has not yet happened. Mr E.S. Ripper : It sounds to me like it might be years away. Mr C.C. PORTER : I have not yet received the report from the department on the time frames it has put on that process. Unlike the member for Forrestfield and other members, I am not a genius or computer expert in these matters. I will rely on the department’s advice on how the problems can be overcome in a cost-effective way. Mr E.S. Ripper : You are too late for this year’s budget so it could be years before the systems are in place. Mr C.C. PORTER : The Treasurer and I have a wonderful relationship that is very flexible. Several members interjected. Mr C.C. PORTER : The department will report to me on appropriate mechanisms that will allow a level of audit within the computer systems but also functionality across those computer systems that contain confidential and sensitive information. Of course, the first thing is to ensure that the staff who have access to these types of computer systems are vetted far more thoroughly than they are at the moment. Even if there is a delay in the upgrading of the computer systems at the requisite and appropriate cost, we first want to make sure that the people who will be operating those systems undergo appropriate vetting. Members should keep in mind that this problem crosses both governments. The person who was ultimately convicted in this matter was employed as an associate in November 2000 and resigned on 31 July 2009. Things are happening and have been happening for several months. I am keen to see that process through. As the Treasurer said, it is another challenge.
(1)–(4) I thank the member for his question and, of course, it relates to the Corruption and Crime Commission report that was tabled today by the Joint Standing Committee on the Corruption and Crime Commission. I will start by saying—this goes to the member’s question as to when I first became aware of this issue—that there are multiple copies of this report. There is, if I can call it this, the abridged copy of the report or what the committee has called the precis, which was tabled today. There also would have been draft reports before the final report, which were sent out to a range of people pursuant to section 86 of the Corruption and Crime Commission Act as part of the natural justice process. I understand that such a report went to the Department of the Attorney General, I do not know precisely when, but it is safe to say that the department has been aware of the investigation for some time. The department has been aware of the issues at least since the time it got the draft report and has been working on them since then, and I will come back to that in a moment. Final copies of the report were also sent to me and to the committee on 25 February 2010. That report was sent to the committee and me for the reason that under section 89 a view was taken by the CCC that the report should either not be published at all or not be published in its full form. That is the view that the committee obviously had divergence with, and no doubt there would have been discussions between the committee and the CCC as to how the final precis report came to be tabled and whether that was desirable. I will state at this point that in the letter sent to me from the CCC dated 25 February this year, the CCC put the view that one reason why the report should not be published in its full form, although it put to me that it should not be published at all, was the security risk in revealing deficiencies in sensitive computer systems. On page 3 of its report, the committee stated — In the Committee’s view it is more likely that action will be taken to remedy these deficiencies if the information pertaining to these computer systems contained in the Report is made public. That might be true to an extent, although I would gently say that it would have been nice, given that both the committee and the Attorney General had that report at the same time, if the committee had sought my views as to whether the immediate tabling of that information put the systems at risk because what the member for Mindarie is in effect saying is that there are clearly problems that need to be addressed in the computer systems. They are very large and very expensive systems, and that is obviously not something that could happen immediately. In answer, I think, to part (4) of the member’s question, it has not happened yet, although some things have happened because of the fact that the department, having been aware of the investigation and having been in receipt of the draft report, had had the benefit of seeing the deficiencies as they have been put by the CCC as existing. Substantively, the two things that the CCC report effectively raises are, first of all, security vetting for departmental—that is, DOTAG—staff and, particularly, court staff who have access to sensitive and confidential information. With respect to that issue, which is less in the nature of infrastructure and spending, the department commenced a full review of the criminal screening and suitability for employment policy, practices and procedures in November 2009. That will be concluded by 31 March this year—the end of this month. I imagine that review will put recommendations to me in the nature of considering higher levels of checking for all departmental and judicial support staff. No doubt that will also recommend the examination and potential of introducing a full vetting program for all court staff and at least some Department of the Attorney General staff, although there will be costing implications in that. Secondly, the problem that was raised was the ability of the department to monitor and audit usage of computer systems that contain sensitive and confidential information. The alternatives there it seems, ultimately, will involve infrastructure and infrastructure upgrades and spending. Mr E.S. Ripper : When is that likely to happen? Mr C.C. PORTER : The department is investigating how it can happen in a cost-effective fashion and how quickly it can happen, but it has not yet happened. Mr E.S. Ripper : It sounds to me like it might be years away. Mr C.C. PORTER : I have not yet received the report from the department on the time frames it has put on that process. Unlike the member for Forrestfield and other members, I am not a genius or computer expert in these matters. I will rely on the department’s advice on how the problems can be overcome in a cost-effective way. Mr E.S. Ripper : You are too late for this year’s budget so it could be years before the systems are in place. Mr C.C. PORTER : The Treasurer and I have a wonderful relationship that is very flexible. Several members interjected. Mr C.C. PORTER : The department will report to me on appropriate mechanisms that will allow a level of audit within the computer systems but also functionality across those computer systems that contain confidential and sensitive information. Of course, the first thing is to ensure that the staff who have access to these types of computer systems are vetted far more thoroughly than they are at the moment. Even if there is a delay in the upgrading of the computer systems at the requisite and appropriate cost, we first want to make sure that the people who will be operating those systems undergo appropriate vetting. Members should keep in mind that this problem crosses both governments. The person who was ultimately convicted in this matter was employed as an associate in November 2000 and resigned on 31 July 2009. Things are happening and have been happening for several months. I am keen to see that process through. As the Treasurer said, it is another challenge.
In answer, I think, to part (4) of the member’s question, it has not happened yet, although some things have happened because of the fact that the department, having been aware of the investigation and having been in receipt of the draft report, had had the benefit of seeing the deficiencies as they have been put by the CCC as existing. Substantively, the two things that the CCC report effectively raises are, first of all, security vetting for departmental—that is, DOTAG—staff and, particularly, court staff who have access to sensitive and confidential information. With respect to that issue, which is less in the nature of infrastructure and spending, the department commenced a full review of the criminal screening and suitability for employment policy, practices and procedures in November 2009. That will be concluded by 31 March this year—the end of this month. I imagine that review will put recommendations to me in the nature of considering higher levels of checking for all departmental and judicial support staff. No doubt that will also recommend the examination and potential of introducing a full vetting program for all court staff and at least some Department of the Attorney General staff, although there will be costing implications in that. Secondly, the problem that was raised was the ability of the department to monitor and audit usage of computer systems that contain sensitive and confidential information. The alternatives there it seems, ultimately, will involve infrastructure and infrastructure upgrades and spending.
Mr C.C. PORTER : The department is investigating how it can happen in a cost-effective fashion and how quickly it can happen, but it has not yet happened. Mr E.S. Ripper : It sounds to me like it might be years away. Mr C.C. PORTER : I have not yet received the report from the department on the time frames it has put on that process. Unlike the member for Forrestfield and other members, I am not a genius or computer expert in these matters. I will rely on the department’s advice on how the problems can be overcome in a cost-effective way. Mr E.S. Ripper : You are too late for this year’s budget so it could be years before the systems are in place. Mr C.C. PORTER : The Treasurer and I have a wonderful relationship that is very flexible. Several members interjected. Mr C.C. PORTER : The department will report to me on appropriate mechanisms that will allow a level of audit within the computer systems but also functionality across those computer systems that contain confidential and sensitive information. Of course, the first thing is to ensure that the staff who have access to these types of computer systems are vetted far more thoroughly than they are at the moment. Even if there is a delay in the upgrading of the computer systems at the requisite and appropriate cost, we first want to make sure that the people who will be operating those systems undergo appropriate vetting. Members should keep in mind that this problem crosses both governments. The person who was ultimately convicted in this matter was employed as an associate in November 2000 and resigned on 31 July 2009. Things are happening and have been happening for several months. I am keen to see that process through. As the Treasurer said, it is another challenge.
Mr E.S. Ripper : It sounds to me like it might be years away. Mr C.C. PORTER : I have not yet received the report from the department on the time frames it has put on that process. Unlike the member for Forrestfield and other members, I am not a genius or computer expert in these matters. I will rely on the department’s advice on how the problems can be overcome in a cost-effective way. Mr E.S. Ripper : You are too late for this year’s budget so it could be years before the systems are in place. Mr C.C. PORTER : The Treasurer and I have a wonderful relationship that is very flexible. Several members interjected. Mr C.C. PORTER : The department will report to me on appropriate mechanisms that will allow a level of audit within the computer systems but also functionality across those computer systems that contain confidential and sensitive information. Of course, the first thing is to ensure that the staff who have access to these types of computer systems are vetted far more thoroughly than they are at the moment. Even if there is a delay in the upgrading of the computer systems at the requisite and appropriate cost, we first want to make sure that the people who will be operating those systems undergo appropriate vetting. Members should keep in mind that this problem crosses both governments. The person who was ultimately convicted in this matter was employed as an associate in November 2000 and resigned on 31 July 2009. Things are happening and have been happening for several months. I am keen to see that process through. As the Treasurer said, it is another challenge.
Mr C.C. PORTER : I have not yet received the report from the department on the time frames it has put on that process. Unlike the member for Forrestfield and other members, I am not a genius or computer expert in these matters. I will rely on the department’s advice on how the problems can be overcome in a cost-effective way. Mr E.S. Ripper : You are too late for this year’s budget so it could be years before the systems are in place. Mr C.C. PORTER : The Treasurer and I have a wonderful relationship that is very flexible. Several members interjected. Mr C.C. PORTER : The department will report to me on appropriate mechanisms that will allow a level of audit within the computer systems but also functionality across those computer systems that contain confidential and sensitive information. Of course, the first thing is to ensure that the staff who have access to these types of computer systems are vetted far more thoroughly than they are at the moment. Even if there is a delay in the upgrading of the computer systems at the requisite and appropriate cost, we first want to make sure that the people who will be operating those systems undergo appropriate vetting. Members should keep in mind that this problem crosses both governments. The person who was ultimately convicted in this matter was employed as an associate in November 2000 and resigned on 31 July 2009. Things are happening and have been happening for several months. I am keen to see that process through. As the Treasurer said, it is another challenge.
Mr E.S. Ripper : You are too late for this year’s budget so it could be years before the systems are in place. Mr C.C. PORTER : The Treasurer and I have a wonderful relationship that is very flexible. Several members interjected. Mr C.C. PORTER : The department will report to me on appropriate mechanisms that will allow a level of audit within the computer systems but also functionality across those computer systems that contain confidential and sensitive information. Of course, the first thing is to ensure that the staff who have access to these types of computer systems are vetted far more thoroughly than they are at the moment. Even if there is a delay in the upgrading of the computer systems at the requisite and appropriate cost, we first want to make sure that the people who will be operating those systems undergo appropriate vetting. Members should keep in mind that this problem crosses both governments. The person who was ultimately convicted in this matter was employed as an associate in November 2000 and resigned on 31 July 2009. Things are happening and have been happening for several months. I am keen to see that process through. As the Treasurer said, it is another challenge.
Mr C.C. PORTER : The Treasurer and I have a wonderful relationship that is very flexible. Several members interjected. Mr C.C. PORTER : The department will report to me on appropriate mechanisms that will allow a level of audit within the computer systems but also functionality across those computer systems that contain confidential and sensitive information. Of course, the first thing is to ensure that the staff who have access to these types of computer systems are vetted far more thoroughly than they are at the moment. Even if there is a delay in the upgrading of the computer systems at the requisite and appropriate cost, we first want to make sure that the people who will be operating those systems undergo appropriate vetting. Members should keep in mind that this problem crosses both governments. The person who was ultimately convicted in this matter was employed as an associate in November 2000 and resigned on 31 July 2009. Things are happening and have been happening for several months. I am keen to see that process through. As the Treasurer said, it is another challenge.
Several members interjected. Mr C.C. PORTER : The department will report to me on appropriate mechanisms that will allow a level of audit within the computer systems but also functionality across those computer systems that contain confidential and sensitive information. Of course, the first thing is to ensure that the staff who have access to these types of computer systems are vetted far more thoroughly than they are at the moment. Even if there is a delay in the upgrading of the computer systems at the requisite and appropriate cost, we first want to make sure that the people who will be operating those systems undergo appropriate vetting. Members should keep in mind that this problem crosses both governments. The person who was ultimately convicted in this matter was employed as an associate in November 2000 and resigned on 31 July 2009. Things are happening and have been happening for several months. I am keen to see that process through. As the Treasurer said, it is another challenge.
Mr C.C. PORTER : The department will report to me on appropriate mechanisms that will allow a level of audit within the computer systems but also functionality across those computer systems that contain confidential and sensitive information. Of course, the first thing is to ensure that the staff who have access to these types of computer systems are vetted far more thoroughly than they are at the moment. Even if there is a delay in the upgrading of the computer systems at the requisite and appropriate cost, we first want to make sure that the people who will be operating those systems undergo appropriate vetting. Members should keep in mind that this problem crosses both governments. The person who was ultimately convicted in this matter was employed as an associate in November 2000 and resigned on 31 July 2009. Things are happening and have been happening for several months. I am keen to see that process through. As the Treasurer said, it is another challenge.
(1) When did the Attorney General first become aware of the serious inadequacies of these systems? (2) What steps has the Attorney General taken to upgrade these systems to secure this information for the safety of the courts and the public? (3) What, if any, funding has the Attorney General obtained and when will a secure database be installed? (4) Does the Attorney General agree that a comprehensive audit tracking system is essential for any secure court information system? (5) What has the Attorney General done to implement such a system? The SPEAKER : Member, I will permit the first four questions, you might like to reserve part (5) as part of a supplementary question, which you will be entitled to. Answer the first four questions, Attorney General. Mr C.C. PORTER replied: (1)–(4) I thank the member for his question and, of course, it relates to the Corruption and Crime Commission report that was tabled today by the Joint Standing Committee on the Corruption and Crime Commission. I will start by saying—this goes to the member’s question as to when I first became aware of this issue—that there are multiple copies of this report. There is, if I can call it this, the abridged copy of the report or what the committee has called the precis, which was tabled today. There also would have been draft reports before the final report, which were sent out to a range of people pursuant to section 86 of the Corruption and Crime Commission Act as part of the natural justice process. I understand that such a report went to the Department of the Attorney General, I do not know precisely when, but it is safe to say that the department has been aware of the investigation for some time. The department has been aware of the issues at least since the time it got the draft report and has been working on them since then, and I will come back to that in a moment. Final copies of the report were also sent to me and to the committee on 25 February 2010. That report was sent to the committee and me for the reason that under section 89 a view was taken by the CCC that the report should either not be published at all or not be published in its full form. That is the view that the committee obviously had divergence with, and no doubt there would have been discussions between the committee and the CCC as to how the final precis report came to be tabled and whether that was desirable. I will state at this point that in the letter sent to me from the CCC dated 25 February this year, the CCC put the view that one reason why the report should not be published in its full form, although it put to me that it should not be published at all, was the security risk in revealing deficiencies in sensitive computer systems. On page 3 of its report, the committee stated — In the Committee’s view it is more likely that action will be taken to remedy these deficiencies if the information pertaining to these computer systems contained in the Report is made public. That might be true to an extent, although I would gently say that it would have been nice, given that both the committee and the Attorney General had that report at the same time, if the committee had sought my views as to whether the immediate tabling of that information put the systems at risk because what the member for Mindarie is in effect saying is that there are clearly problems that need to be addressed in the computer systems. They are very large and very expensive systems, and that is obviously not something that could happen immediately. In answer, I think, to part (4) of the member’s question, it has not happened yet, although some things have happened because of the fact that the department, having been aware of the investigation and having been in receipt of the draft report, had had the benefit of seeing the deficiencies as they have been put by the CCC as existing. Substantively, the two things that the CCC report effectively raises are, first of all, security vetting for departmental—that is, DOTAG—staff and, particularly, court staff who have access to sensitive and confidential information. With respect to that issue, which is less in the nature of infrastructure and spending, the department commenced a full review of the criminal screening and suitability for employment policy, practices and procedures in November 2009. That will be concluded by 31 March this year—the end of this month. I imagine that review will put recommendations to me in the nature of considering higher levels of checking for all departmental and judicial support staff. No doubt that will also recommend the examination and potential of introducing a full vetting program for all court staff and at least some Department of the Attorney General staff, although there will be costing implications in that. Secondly, the problem that was raised was the ability of the department to monitor and audit usage of computer systems that contain sensitive and confidential information. The alternatives there it seems, ultimately, will involve infrastructure and infrastructure upgrades and spending. Mr E.S. Ripper : When is that likely to happen? Mr C.C. PORTER : The department is investigating how it can happen in a cost-effective fashion and how quickly it can happen, but it has not yet happened. Mr E.S. Ripper : It sounds to me like it might be years away. Mr C.C. PORTER : I have not yet received the report from the department on the time frames it has put on that process. Unlike the member for Forrestfield and other members, I am not a genius or computer expert in these matters. I will rely on the department’s advice on how the problems can be overcome in a cost-effective way. Mr E.S. Ripper : You are too late for this year’s budget so it could be years before the systems are in place. Mr C.C. PORTER : The Treasurer and I have a wonderful relationship that is very flexible. Several members interjected. Mr C.C. PORTER : The department will report to me on appropriate mechanisms that will allow a level of audit within the computer systems but also functionality across those computer systems that contain confidential and sensitive information. Of course, the first thing is to ensure that the staff who have access to these types of computer systems are vetted far more thoroughly than they are at the moment. Even if there is a delay in the upgrading of the computer systems at the requisite and appropriate cost, we first want to make sure that the people who will be operating those systems undergo appropriate vetting. Members should keep in mind that this problem crosses both governments. The person who was ultimately convicted in this matter was employed as an associate in November 2000 and resigned on 31 July 2009. Things are happening and have been happening for several months. I am keen to see that process through. As the Treasurer said, it is another challenge.
(2) What steps has the Attorney General taken to upgrade these systems to secure this information for the safety of the courts and the public? (3) What, if any, funding has the Attorney General obtained and when will a secure database be installed? (4) Does the Attorney General agree that a comprehensive audit tracking system is essential for any secure court information system? (5) What has the Attorney General done to implement such a system? The SPEAKER : Member, I will permit the first four questions, you might like to reserve part (5) as part of a supplementary question, which you will be entitled to. Answer the first four questions, Attorney General. Mr C.C. PORTER replied: (1)–(4) I thank the member for his question and, of course, it relates to the Corruption and Crime Commission report that was tabled today by the Joint Standing Committee on the Corruption and Crime Commission. I will start by saying—this goes to the member’s question as to when I first became aware of this issue—that there are multiple copies of this report. There is, if I can call it this, the abridged copy of the report or what the committee has called the precis, which was tabled today. There also would have been draft reports before the final report, which were sent out to a range of people pursuant to section 86 of the Corruption and Crime Commission Act as part of the natural justice process. I understand that such a report went to the Department of the Attorney General, I do not know precisely when, but it is safe to say that the department has been aware of the investigation for some time. The department has been aware of the issues at least since the time it got the draft report and has been working on them since then, and I will come back to that in a moment. Final copies of the report were also sent to me and to the committee on 25 February 2010. That report was sent to the committee and me for the reason that under section 89 a view was taken by the CCC that the report should either not be published at all or not be published in its full form. That is the view that the committee obviously had divergence with, and no doubt there would have been discussions between the committee and the CCC as to how the final precis report came to be tabled and whether that was desirable. I will state at this point that in the letter sent to me from the CCC dated 25 February this year, the CCC put the view that one reason why the report should not be published in its full form, although it put to me that it should not be published at all, was the security risk in revealing deficiencies in sensitive computer systems. On page 3 of its report, the committee stated — In the Committee’s view it is more likely that action will be taken to remedy these deficiencies if the information pertaining to these computer systems contained in the Report is made public. That might be true to an extent, although I would gently say that it would have been nice, given that both the committee and the Attorney General had that report at the same time, if the committee had sought my views as to whether the immediate tabling of that information put the systems at risk because what the member for Mindarie is in effect saying is that there are clearly problems that need to be addressed in the computer systems. They are very large and very expensive systems, and that is obviously not something that could happen immediately. In answer, I think, to part (4) of the member’s question, it has not happened yet, although some things have happened because of the fact that the department, having been aware of the investigation and having been in receipt of the draft report, had had the benefit of seeing the deficiencies as they have been put by the CCC as existing. Substantively, the two things that the CCC report effectively raises are, first of all, security vetting for departmental—that is, DOTAG—staff and, particularly, court staff who have access to sensitive and confidential information. With respect to that issue, which is less in the nature of infrastructure and spending, the department commenced a full review of the criminal screening and suitability for employment policy, practices and procedures in November 2009. That will be concluded by 31 March this year—the end of this month. I imagine that review will put recommendations to me in the nature of considering higher levels of checking for all departmental and judicial support staff. No doubt that will also recommend the examination and potential of introducing a full vetting program for all court staff and at least some Department of the Attorney General staff, although there will be costing implications in that. Secondly, the problem that was raised was the ability of the department to monitor and audit usage of computer systems that contain sensitive and confidential information. The alternatives there it seems, ultimately, will involve infrastructure and infrastructure upgrades and spending. Mr E.S. Ripper : When is that likely to happen? Mr C.C. PORTER : The department is investigating how it can happen in a cost-effective fashion and how quickly it can happen, but it has not yet happened. Mr E.S. Ripper : It sounds to me like it might be years away. Mr C.C. PORTER : I have not yet received the report from the department on the time frames it has put on that process. Unlike the member for Forrestfield and other members, I am not a genius or computer expert in these matters. I will rely on the department’s advice on how the problems can be overcome in a cost-effective way. Mr E.S. Ripper : You are too late for this year’s budget so it could be years before the systems are in place. Mr C.C. PORTER : The Treasurer and I have a wonderful relationship that is very flexible. Several members interjected. Mr C.C. PORTER : The department will report to me on appropriate mechanisms that will allow a level of audit within the computer systems but also functionality across those computer systems that contain confidential and sensitive information. Of course, the first thing is to ensure that the staff who have access to these types of computer systems are vetted far more thoroughly than they are at the moment. Even if there is a delay in the upgrading of the computer systems at the requisite and appropriate cost, we first want to make sure that the people who will be operating those systems undergo appropriate vetting. Members should keep in mind that this problem crosses both governments. The person who was ultimately convicted in this matter was employed as an associate in November 2000 and resigned on 31 July 2009. Things are happening and have been happening for several months. I am keen to see that process through. As the Treasurer said, it is another challenge.
(3) What, if any, funding has the Attorney General obtained and when will a secure database be installed? (4) Does the Attorney General agree that a comprehensive audit tracking system is essential for any secure court information system? (5) What has the Attorney General done to implement such a system? The SPEAKER : Member, I will permit the first four questions, you might like to reserve part (5) as part of a supplementary question, which you will be entitled to. Answer the first four questions, Attorney General. Mr C.C. PORTER replied: (1)–(4) I thank the member for his question and, of course, it relates to the Corruption and Crime Commission report that was tabled today by the Joint Standing Committee on the Corruption and Crime Commission. I will start by saying—this goes to the member’s question as to when I first became aware of this issue—that there are multiple copies of this report. There is, if I can call it this, the abridged copy of the report or what the committee has called the precis, which was tabled today. There also would have been draft reports before the final report, which were sent out to a range of people pursuant to section 86 of the Corruption and Crime Commission Act as part of the natural justice process. I understand that such a report went to the Department of the Attorney General, I do not know precisely when, but it is safe to say that the department has been aware of the investigation for some time. The department has been aware of the issues at least since the time it got the draft report and has been working on them since then, and I will come back to that in a moment. Final copies of the report were also sent to me and to the committee on 25 February 2010. That report was sent to the committee and me for the reason that under section 89 a view was taken by the CCC that the report should either not be published at all or not be published in its full form. That is the view that the committee obviously had divergence with, and no doubt there would have been discussions between the committee and the CCC as to how the final precis report came to be tabled and whether that was desirable. I will state at this point that in the letter sent to me from the CCC dated 25 February this year, the CCC put the view that one reason why the report should not be published in its full form, although it put to me that it should not be published at all, was the security risk in revealing deficiencies in sensitive computer systems. On page 3 of its report, the committee stated — In the Committee’s view it is more likely that action will be taken to remedy these deficiencies if the information pertaining to these computer systems contained in the Report is made public. That might be true to an extent, although I would gently say that it would have been nice, given that both the committee and the Attorney General had that report at the same time, if the committee had sought my views as to whether the immediate tabling of that information put the systems at risk because what the member for Mindarie is in effect saying is that there are clearly problems that need to be addressed in the computer systems. They are very large and very expensive systems, and that is obviously not something that could happen immediately. In answer, I think, to part (4) of the member’s question, it has not happened yet, although some things have happened because of the fact that the department, having been aware of the investigation and having been in receipt of the draft report, had had the benefit of seeing the deficiencies as they have been put by the CCC as existing. Substantively, the two things that the CCC report effectively raises are, first of all, security vetting for departmental—that is, DOTAG—staff and, particularly, court staff who have access to sensitive and confidential information. With respect to that issue, which is less in the nature of infrastructure and spending, the department commenced a full review of the criminal screening and suitability for employment policy, practices and procedures in November 2009. That will be concluded by 31 March this year—the end of this month. I imagine that review will put recommendations to me in the nature of considering higher levels of checking for all departmental and judicial support staff. No doubt that will also recommend the examination and potential of introducing a full vetting program for all court staff and at least some Department of the Attorney General staff, although there will be costing implications in that. Secondly, the problem that was raised was the ability of the department to monitor and audit usage of computer systems that contain sensitive and confidential information. The alternatives there it seems, ultimately, will involve infrastructure and infrastructure upgrades and spending. Mr E.S. Ripper : When is that likely to happen? Mr C.C. PORTER : The department is investigating how it can happen in a cost-effective fashion and how quickly it can happen, but it has not yet happened. Mr E.S. Ripper : It sounds to me like it might be years away. Mr C.C. PORTER : I have not yet received the report from the department on the time frames it has put on that process. Unlike the member for Forrestfield and other members, I am not a genius or computer expert in these matters. I will rely on the department’s advice on how the problems can be overcome in a cost-effective way. Mr E.S. Ripper : You are too late for this year’s budget so it could be years before the systems are in place. Mr C.C. PORTER : The Treasurer and I have a wonderful relationship that is very flexible. Several members interjected. Mr C.C. PORTER : The department will report to me on appropriate mechanisms that will allow a level of audit within the computer systems but also functionality across those computer systems that contain confidential and sensitive information. Of course, the first thing is to ensure that the staff who have access to these types of computer systems are vetted far more thoroughly than they are at the moment. Even if there is a delay in the upgrading of the computer systems at the requisite and appropriate cost, we first want to make sure that the people who will be operating those systems undergo appropriate vetting. Members should keep in mind that this problem crosses both governments. The person who was ultimately convicted in this matter was employed as an associate in November 2000 and resigned on 31 July 2009. Things are happening and have been happening for several months. I am keen to see that process through. As the Treasurer said, it is another challenge.
(4) Does the Attorney General agree that a comprehensive audit tracking system is essential for any secure court information system? (5) What has the Attorney General done to implement such a system? The SPEAKER : Member, I will permit the first four questions, you might like to reserve part (5) as part of a supplementary question, which you will be entitled to. Answer the first four questions, Attorney General. Mr C.C. PORTER replied: (1)–(4) I thank the member for his question and, of course, it relates to the Corruption and Crime Commission report that was tabled today by the Joint Standing Committee on the Corruption and Crime Commission. I will start by saying—this goes to the member’s question as to when I first became aware of this issue—that there are multiple copies of this report. There is, if I can call it this, the abridged copy of the report or what the committee has called the precis, which was tabled today. There also would have been draft reports before the final report, which were sent out to a range of people pursuant to section 86 of the Corruption and Crime Commission Act as part of the natural justice process. I understand that such a report went to the Department of the Attorney General, I do not know precisely when, but it is safe to say that the department has been aware of the investigation for some time. The department has been aware of the issues at least since the time it got the draft report and has been working on them since then, and I will come back to that in a moment. Final copies of the report were also sent to me and to the committee on 25 February 2010. That report was sent to the committee and me for the reason that under section 89 a view was taken by the CCC that the report should either not be published at all or not be published in its full form. That is the view that the committee obviously had divergence with, and no doubt there would have been discussions between the committee and the CCC as to how the final precis report came to be tabled and whether that was desirable. I will state at this point that in the letter sent to me from the CCC dated 25 February this year, the CCC put the view that one reason why the report should not be published in its full form, although it put to me that it should not be published at all, was the security risk in revealing deficiencies in sensitive computer systems. On page 3 of its report, the committee stated — In the Committee’s view it is more likely that action will be taken to remedy these deficiencies if the information pertaining to these computer systems contained in the Report is made public. That might be true to an extent, although I would gently say that it would have been nice, given that both the committee and the Attorney General had that report at the same time, if the committee had sought my views as to whether the immediate tabling of that information put the systems at risk because what the member for Mindarie is in effect saying is that there are clearly problems that need to be addressed in the computer systems. They are very large and very expensive systems, and that is obviously not something that could happen immediately. In answer, I think, to part (4) of the member’s question, it has not happened yet, although some things have happened because of the fact that the department, having been aware of the investigation and having been in receipt of the draft report, had had the benefit of seeing the deficiencies as they have been put by the CCC as existing. Substantively, the two things that the CCC report effectively raises are, first of all, security vetting for departmental—that is, DOTAG—staff and, particularly, court staff who have access to sensitive and confidential information. With respect to that issue, which is less in the nature of infrastructure and spending, the department commenced a full review of the criminal screening and suitability for employment policy, practices and procedures in November 2009. That will be concluded by 31 March this year—the end of this month. I imagine that review will put recommendations to me in the nature of considering higher levels of checking for all departmental and judicial support staff. No doubt that will also recommend the examination and potential of introducing a full vetting program for all court staff and at least some Department of the Attorney General staff, although there will be costing implications in that. Secondly, the problem that was raised was the ability of the department to monitor and audit usage of computer systems that contain sensitive and confidential information. The alternatives there it seems, ultimately, will involve infrastructure and infrastructure upgrades and spending. Mr E.S. Ripper : When is that likely to happen? Mr C.C. PORTER : The department is investigating how it can happen in a cost-effective fashion and how quickly it can happen, but it has not yet happened. Mr E.S. Ripper : It sounds to me like it might be years away. Mr C.C. PORTER : I have not yet received the report from the department on the time frames it has put on that process. Unlike the member for Forrestfield and other members, I am not a genius or computer expert in these matters. I will rely on the department’s advice on how the problems can be overcome in a cost-effective way. Mr E.S. Ripper : You are too late for this year’s budget so it could be years before the systems are in place. Mr C.C. PORTER : The Treasurer and I have a wonderful relationship that is very flexible. Several members interjected. Mr C.C. PORTER : The department will report to me on appropriate mechanisms that will allow a level of audit within the computer systems but also functionality across those computer systems that contain confidential and sensitive information. Of course, the first thing is to ensure that the staff who have access to these types of computer systems are vetted far more thoroughly than they are at the moment. Even if there is a delay in the upgrading of the computer systems at the requisite and appropriate cost, we first want to make sure that the people who will be operating those systems undergo appropriate vetting. Members should keep in mind that this problem crosses both governments. The person who was ultimately convicted in this matter was employed as an associate in November 2000 and resigned on 31 July 2009. Things are happening and have been happening for several months. I am keen to see that process through. As the Treasurer said, it is another challenge.
(5) What has the Attorney General done to implement such a system? The SPEAKER : Member, I will permit the first four questions, you might like to reserve part (5) as part of a supplementary question, which you will be entitled to. Answer the first four questions, Attorney General. Mr C.C. PORTER replied: (1)–(4) I thank the member for his question and, of course, it relates to the Corruption and Crime Commission report that was tabled today by the Joint Standing Committee on the Corruption and Crime Commission. I will start by saying—this goes to the member’s question as to when I first became aware of this issue—that there are multiple copies of this report. There is, if I can call it this, the abridged copy of the report or what the committee has called the precis, which was tabled today. There also would have been draft reports before the final report, which were sent out to a range of people pursuant to section 86 of the Corruption and Crime Commission Act as part of the natural justice process. I understand that such a report went to the Department of the Attorney General, I do not know precisely when, but it is safe to say that the department has been aware of the investigation for some time. The department has been aware of the issues at least since the time it got the draft report and has been working on them since then, and I will come back to that in a moment. Final copies of the report were also sent to me and to the committee on 25 February 2010. That report was sent to the committee and me for the reason that under section 89 a view was taken by the CCC that the report should either not be published at all or not be published in its full form. That is the view that the committee obviously had divergence with, and no doubt there would have been discussions between the committee and the CCC as to how the final precis report came to be tabled and whether that was desirable. I will state at this point that in the letter sent to me from the CCC dated 25 February this year, the CCC put the view that one reason why the report should not be published in its full form, although it put to me that it should not be published at all, was the security risk in revealing deficiencies in sensitive computer systems. On page 3 of its report, the committee stated — In the Committee’s view it is more likely that action will be taken to remedy these deficiencies if the information pertaining to these computer systems contained in the Report is made public. That might be true to an extent, although I would gently say that it would have been nice, given that both the committee and the Attorney General had that report at the same time, if the committee had sought my views as to whether the immediate tabling of that information put the systems at risk because what the member for Mindarie is in effect saying is that there are clearly problems that need to be addressed in the computer systems. They are very large and very expensive systems, and that is obviously not something that could happen immediately. In answer, I think, to part (4) of the member’s question, it has not happened yet, although some things have happened because of the fact that the department, having been aware of the investigation and having been in receipt of the draft report, had had the benefit of seeing the deficiencies as they have been put by the CCC as existing. Substantively, the two things that the CCC report effectively raises are, first of all, security vetting for departmental—that is, DOTAG—staff and, particularly, court staff who have access to sensitive and confidential information. With respect to that issue, which is less in the nature of infrastructure and spending, the department commenced a full review of the criminal screening and suitability for employment policy, practices and procedures in November 2009. That will be concluded by 31 March this year—the end of this month. I imagine that review will put recommendations to me in the nature of considering higher levels of checking for all departmental and judicial support staff. No doubt that will also recommend the examination and potential of introducing a full vetting program for all court staff and at least some Department of the Attorney General staff, although there will be costing implications in that. Secondly, the problem that was raised was the ability of the department to monitor and audit usage of computer systems that contain sensitive and confidential information. The alternatives there it seems, ultimately, will involve infrastructure and infrastructure upgrades and spending. Mr E.S. Ripper : When is that likely to happen? Mr C.C. PORTER : The department is investigating how it can happen in a cost-effective fashion and how quickly it can happen, but it has not yet happened. Mr E.S. Ripper : It sounds to me like it might be years away. Mr C.C. PORTER : I have not yet received the report from the department on the time frames it has put on that process. Unlike the member for Forrestfield and other members, I am not a genius or computer expert in these matters. I will rely on the department’s advice on how the problems can be overcome in a cost-effective way. Mr E.S. Ripper : You are too late for this year’s budget so it could be years before the systems are in place. Mr C.C. PORTER : The Treasurer and I have a wonderful relationship that is very flexible. Several members interjected. Mr C.C. PORTER : The department will report to me on appropriate mechanisms that will allow a level of audit within the computer systems but also functionality across those computer systems that contain confidential and sensitive information. Of course, the first thing is to ensure that the staff who have access to these types of computer systems are vetted far more thoroughly than they are at the moment. Even if there is a delay in the upgrading of the computer systems at the requisite and appropriate cost, we first want to make sure that the people who will be operating those systems undergo appropriate vetting. Members should keep in mind that this problem crosses both governments. The person who was ultimately convicted in this matter was employed as an associate in November 2000 and resigned on 31 July 2009. Things are happening and have been happening for several months. I am keen to see that process through. As the Treasurer said, it is another challenge.
The SPEAKER : Member, I will permit the first four questions, you might like to reserve part (5) as part of a supplementary question, which you will be entitled to. Answer the first four questions, Attorney General. Mr C.C. PORTER replied: (1)–(4) I thank the member for his question and, of course, it relates to the Corruption and Crime Commission report that was tabled today by the Joint Standing Committee on the Corruption and Crime Commission. I will start by saying—this goes to the member’s question as to when I first became aware of this issue—that there are multiple copies of this report. There is, if I can call it this, the abridged copy of the report or what the committee has called the precis, which was tabled today. There also would have been draft reports before the final report, which were sent out to a range of people pursuant to section 86 of the Corruption and Crime Commission Act as part of the natural justice process. I understand that such a report went to the Department of the Attorney General, I do not know precisely when, but it is safe to say that the department has been aware of the investigation for some time. The department has been aware of the issues at least since the time it got the draft report and has been working on them since then, and I will come back to that in a moment. Final copies of the report were also sent to me and to the committee on 25 February 2010. That report was sent to the committee and me for the reason that under section 89 a view was taken by the CCC that the report should either not be published at all or not be published in its full form. That is the view that the committee obviously had divergence with, and no doubt there would have been discussions between the committee and the CCC as to how the final precis report came to be tabled and whether that was desirable. I will state at this point that in the letter sent to me from the CCC dated 25 February this year, the CCC put the view that one reason why the report should not be published in its full form, although it put to me that it should not be published at all, was the security risk in revealing deficiencies in sensitive computer systems. On page 3 of its report, the committee stated — In the Committee’s view it is more likely that action will be taken to remedy these deficiencies if the information pertaining to these computer systems contained in the Report is made public. That might be true to an extent, although I would gently say that it would have been nice, given that both the committee and the Attorney General had that report at the same time, if the committee had sought my views as to whether the immediate tabling of that information put the systems at risk because what the member for Mindarie is in effect saying is that there are clearly problems that need to be addressed in the computer systems. They are very large and very expensive systems, and that is obviously not something that could happen immediately. In answer, I think, to part (4) of the member’s question, it has not happened yet, although some things have happened because of the fact that the department, having been aware of the investigation and having been in receipt of the draft report, had had the benefit of seeing the deficiencies as they have been put by the CCC as existing. Substantively, the two things that the CCC report effectively raises are, first of all, security vetting for departmental—that is, DOTAG—staff and, particularly, court staff who have access to sensitive and confidential information. With respect to that issue, which is less in the nature of infrastructure and spending, the department commenced a full review of the criminal screening and suitability for employment policy, practices and procedures in November 2009. That will be concluded by 31 March this year—the end of this month. I imagine that review will put recommendations to me in the nature of considering higher levels of checking for all departmental and judicial support staff. No doubt that will also recommend the examination and potential of introducing a full vetting program for all court staff and at least some Department of the Attorney General staff, although there will be costing implications in that. Secondly, the problem that was raised was the ability of the department to monitor and audit usage of computer systems that contain sensitive and confidential information. The alternatives there it seems, ultimately, will involve infrastructure and infrastructure upgrades and spending. Mr E.S. Ripper : When is that likely to happen? Mr C.C. PORTER : The department is investigating how it can happen in a cost-effective fashion and how quickly it can happen, but it has not yet happened. Mr E.S. Ripper : It sounds to me like it might be years away. Mr C.C. PORTER : I have not yet received the report from the department on the time frames it has put on that process. Unlike the member for Forrestfield and other members, I am not a genius or computer expert in these matters. I will rely on the department’s advice on how the problems can be overcome in a cost-effective way. Mr E.S. Ripper : You are too late for this year’s budget so it could be years before the systems are in place. Mr C.C. PORTER : The Treasurer and I have a wonderful relationship that is very flexible. Several members interjected. Mr C.C. PORTER : The department will report to me on appropriate mechanisms that will allow a level of audit within the computer systems but also functionality across those computer systems that contain confidential and sensitive information. Of course, the first thing is to ensure that the staff who have access to these types of computer systems are vetted far more thoroughly than they are at the moment. Even if there is a delay in the upgrading of the computer systems at the requisite and appropriate cost, we first want to make sure that the people who will be operating those systems undergo appropriate vetting. Members should keep in mind that this problem crosses both governments. The person who was ultimately convicted in this matter was employed as an associate in November 2000 and resigned on 31 July 2009. Things are happening and have been happening for several months. I am keen to see that process through. As the Treasurer said, it is another challenge.
Mr C.C. PORTER replied: (1)–(4) I thank the member for his question and, of course, it relates to the Corruption and Crime Commission report that was tabled today by the Joint Standing Committee on the Corruption and Crime Commission. I will start by saying—this goes to the member’s question as to when I first became aware of this issue—that there are multiple copies of this report. There is, if I can call it this, the abridged copy of the report or what the committee has called the precis, which was tabled today. There also would have been draft reports before the final report, which were sent out to a range of people pursuant to section 86 of the Corruption and Crime Commission Act as part of the natural justice process. I understand that such a report went to the Department of the Attorney General, I do not know precisely when, but it is safe to say that the department has been aware of the investigation for some time. The department has been aware of the issues at least since the time it got the draft report and has been working on them since then, and I will come back to that in a moment. Final copies of the report were also sent to me and to the committee on 25 February 2010. That report was sent to the committee and me for the reason that under section 89 a view was taken by the CCC that the report should either not be published at all or not be published in its full form. That is the view that the committee obviously had divergence with, and no doubt there would have been discussions between the committee and the CCC as to how the final precis report came to be tabled and whether that was desirable. I will state at this point that in the letter sent to me from the CCC dated 25 February this year, the CCC put the view that one reason why the report should not be published in its full form, although it put to me that it should not be published at all, was the security risk in revealing deficiencies in sensitive computer systems. On page 3 of its report, the committee stated — In the Committee’s view it is more likely that action will be taken to remedy these deficiencies if the information pertaining to these computer systems contained in the Report is made public. That might be true to an extent, although I would gently say that it would have been nice, given that both the committee and the Attorney General had that report at the same time, if the committee had sought my views as to whether the immediate tabling of that information put the systems at risk because what the member for Mindarie is in effect saying is that there are clearly problems that need to be addressed in the computer systems. They are very large and very expensive systems, and that is obviously not something that could happen immediately. In answer, I think, to part (4) of the member’s question, it has not happened yet, although some things have happened because of the fact that the department, having been aware of the investigation and having been in receipt of the draft report, had had the benefit of seeing the deficiencies as they have been put by the CCC as existing. Substantively, the two things that the CCC report effectively raises are, first of all, security vetting for departmental—that is, DOTAG—staff and, particularly, court staff who have access to sensitive and confidential information. With respect to that issue, which is less in the nature of infrastructure and spending, the department commenced a full review of the criminal screening and suitability for employment policy, practices and procedures in November 2009. That will be concluded by 31 March this year—the end of this month. I imagine that review will put recommendations to me in the nature of considering higher levels of checking for all departmental and judicial support staff. No doubt that will also recommend the examination and potential of introducing a full vetting program for all court staff and at least some Department of the Attorney General staff, although there will be costing implications in that. Secondly, the problem that was raised was the ability of the department to monitor and audit usage of computer systems that contain sensitive and confidential information. The alternatives there it seems, ultimately, will involve infrastructure and infrastructure upgrades and spending. Mr E.S. Ripper : When is that likely to happen? Mr C.C. PORTER : The department is investigating how it can happen in a cost-effective fashion and how quickly it can happen, but it has not yet happened. Mr E.S. Ripper : It sounds to me like it might be years away. Mr C.C. PORTER : I have not yet received the report from the department on the time frames it has put on that process. Unlike the member for Forrestfield and other members, I am not a genius or computer expert in these matters. I will rely on the department’s advice on how the problems can be overcome in a cost-effective way. Mr E.S. Ripper : You are too late for this year’s budget so it could be years before the systems are in place. Mr C.C. PORTER : The Treasurer and I have a wonderful relationship that is very flexible. Several members interjected. Mr C.C. PORTER : The department will report to me on appropriate mechanisms that will allow a level of audit within the computer systems but also functionality across those computer systems that contain confidential and sensitive information. Of course, the first thing is to ensure that the staff who have access to these types of computer systems are vetted far more thoroughly than they are at the moment. Even if there is a delay in the upgrading of the computer systems at the requisite and appropriate cost, we first want to make sure that the people who will be operating those systems undergo appropriate vetting. Members should keep in mind that this problem crosses both governments. The person who was ultimately convicted in this matter was employed as an associate in November 2000 and resigned on 31 July 2009. Things are happening and have been happening for several months. I am keen to see that process through. As the Treasurer said, it is another challenge.
(1)–(4) I thank the member for his question and, of course, it relates to the Corruption and Crime Commission report that was tabled today by the Joint Standing Committee on the Corruption and Crime Commission. I will start by saying—this goes to the member’s question as to when I first became aware of this issue—that there are multiple copies of this report. There is, if I can call it this, the abridged copy of the report or what the committee has called the precis, which was tabled today. There also would have been draft reports before the final report, which were sent out to a range of people pursuant to section 86 of the Corruption and Crime Commission Act as part of the natural justice process. I understand that such a report went to the Department of the Attorney General, I do not know precisely when, but it is safe to say that the department has been aware of the investigation for some time. The department has been aware of the issues at least since the time it got the draft report and has been working on them since then, and I will come back to that in a moment. Final copies of the report were also sent to me and to the committee on 25 February 2010. That report was sent to the committee and me for the reason that under section 89 a view was taken by the CCC that the report should either not be published at all or not be published in its full form. That is the view that the committee obviously had divergence with, and no doubt there would have been discussions between the committee and the CCC as to how the final precis report came to be tabled and whether that was desirable. I will state at this point that in the letter sent to me from the CCC dated 25 February this year, the CCC put the view that one reason why the report should not be published in its full form, although it put to me that it should not be published at all, was the security risk in revealing deficiencies in sensitive computer systems. On page 3 of its report, the committee stated — In the Committee’s view it is more likely that action will be taken to remedy these deficiencies if the information pertaining to these computer systems contained in the Report is made public. That might be true to an extent, although I would gently say that it would have been nice, given that both the committee and the Attorney General had that report at the same time, if the committee had sought my views as to whether the immediate tabling of that information put the systems at risk because what the member for Mindarie is in effect saying is that there are clearly problems that need to be addressed in the computer systems. They are very large and very expensive systems, and that is obviously not something that could happen immediately. In answer, I think, to part (4) of the member’s question, it has not happened yet, although some things have happened because of the fact that the department, having been aware of the investigation and having been in receipt of the draft report, had had the benefit of seeing the deficiencies as they have been put by the CCC as existing. Substantively, the two things that the CCC report effectively raises are, first of all, security vetting for departmental—that is, DOTAG—staff and, particularly, court staff who have access to sensitive and confidential information. With respect to that issue, which is less in the nature of infrastructure and spending, the department commenced a full review of the criminal screening and suitability for employment policy, practices and procedures in November 2009. That will be concluded by 31 March this year—the end of this month. I imagine that review will put recommendations to me in the nature of considering higher levels of checking for all departmental and judicial support staff. No doubt that will also recommend the examination and potential of introducing a full vetting program for all court staff and at least some Department of the Attorney General staff, although there will be costing implications in that. Secondly, the problem that was raised was the ability of the department to monitor and audit usage of computer systems that contain sensitive and confidential information. The alternatives there it seems, ultimately, will involve infrastructure and infrastructure upgrades and spending. Mr E.S. Ripper : When is that likely to happen? Mr C.C. PORTER : The department is investigating how it can happen in a cost-effective fashion and how quickly it can happen, but it has not yet happened. Mr E.S. Ripper : It sounds to me like it might be years away. Mr C.C. PORTER : I have not yet received the report from the department on the time frames it has put on that process. Unlike the member for Forrestfield and other members, I am not a genius or computer expert in these matters. I will rely on the department’s advice on how the problems can be overcome in a cost-effective way. Mr E.S. Ripper : You are too late for this year’s budget so it could be years before the systems are in place. Mr C.C. PORTER : The Treasurer and I have a wonderful relationship that is very flexible. Several members interjected. Mr C.C. PORTER : The department will report to me on appropriate mechanisms that will allow a level of audit within the computer systems but also functionality across those computer systems that contain confidential and sensitive information. Of course, the first thing is to ensure that the staff who have access to these types of computer systems are vetted far more thoroughly than they are at the moment. Even if there is a delay in the upgrading of the computer systems at the requisite and appropriate cost, we first want to make sure that the people who will be operating those systems undergo appropriate vetting. Members should keep in mind that this problem crosses both governments. The person who was ultimately convicted in this matter was employed as an associate in November 2000 and resigned on 31 July 2009. Things are happening and have been happening for several months. I am keen to see that process through. As the Treasurer said, it is another challenge.
In answer, I think, to part (4) of the member’s question, it has not happened yet, although some things have happened because of the fact that the department, having been aware of the investigation and having been in receipt of the draft report, had had the benefit of seeing the deficiencies as they have been put by the CCC as existing. Substantively, the two things that the CCC report effectively raises are, first of all, security vetting for departmental—that is, DOTAG—staff and, particularly, court staff who have access to sensitive and confidential information. With respect to that issue, which is less in the nature of infrastructure and spending, the department commenced a full review of the criminal screening and suitability for employment policy, practices and procedures in November 2009. That will be concluded by 31 March this year—the end of this month. I imagine that review will put recommendations to me in the nature of considering higher levels of checking for all departmental and judicial support staff. No doubt that will also recommend the examination and potential of introducing a full vetting program for all court staff and at least some Department of the Attorney General staff, although there will be costing implications in that. Secondly, the problem that was raised was the ability of the department to monitor and audit usage of computer systems that contain sensitive and confidential information. The alternatives there it seems, ultimately, will involve infrastructure and infrastructure upgrades and spending.
Mr C.C. PORTER : The department is investigating how it can happen in a cost-effective fashion and how quickly it can happen, but it has not yet happened. Mr E.S. Ripper : It sounds to me like it might be years away. Mr C.C. PORTER : I have not yet received the report from the department on the time frames it has put on that process. Unlike the member for Forrestfield and other members, I am not a genius or computer expert in these matters. I will rely on the department’s advice on how the problems can be overcome in a cost-effective way. Mr E.S. Ripper : You are too late for this year’s budget so it could be years before the systems are in place. Mr C.C. PORTER : The Treasurer and I have a wonderful relationship that is very flexible. Several members interjected. Mr C.C. PORTER : The department will report to me on appropriate mechanisms that will allow a level of audit within the computer systems but also functionality across those computer systems that contain confidential and sensitive information. Of course, the first thing is to ensure that the staff who have access to these types of computer systems are vetted far more thoroughly than they are at the moment. Even if there is a delay in the upgrading of the computer systems at the requisite and appropriate cost, we first want to make sure that the people who will be operating those systems undergo appropriate vetting. Members should keep in mind that this problem crosses both governments. The person who was ultimately convicted in this matter was employed as an associate in November 2000 and resigned on 31 July 2009. Things are happening and have been happening for several months. I am keen to see that process through. As the Treasurer said, it is another challenge.
Mr E.S. Ripper : It sounds to me like it might be years away. Mr C.C. PORTER : I have not yet received the report from the department on the time frames it has put on that process. Unlike the member for Forrestfield and other members, I am not a genius or computer expert in these matters. I will rely on the department’s advice on how the problems can be overcome in a cost-effective way. Mr E.S. Ripper : You are too late for this year’s budget so it could be years before the systems are in place. Mr C.C. PORTER : The Treasurer and I have a wonderful relationship that is very flexible. Several members interjected. Mr C.C. PORTER : The department will report to me on appropriate mechanisms that will allow a level of audit within the computer systems but also functionality across those computer systems that contain confidential and sensitive information. Of course, the first thing is to ensure that the staff who have access to these types of computer systems are vetted far more thoroughly than they are at the moment. Even if there is a delay in the upgrading of the computer systems at the requisite and appropriate cost, we first want to make sure that the people who will be operating those systems undergo appropriate vetting. Members should keep in mind that this problem crosses both governments. The person who was ultimately convicted in this matter was employed as an associate in November 2000 and resigned on 31 July 2009. Things are happening and have been happening for several months. I am keen to see that process through. As the Treasurer said, it is another challenge.
Mr C.C. PORTER : I have not yet received the report from the department on the time frames it has put on that process. Unlike the member for Forrestfield and other members, I am not a genius or computer expert in these matters. I will rely on the department’s advice on how the problems can be overcome in a cost-effective way. Mr E.S. Ripper : You are too late for this year’s budget so it could be years before the systems are in place. Mr C.C. PORTER : The Treasurer and I have a wonderful relationship that is very flexible. Several members interjected. Mr C.C. PORTER : The department will report to me on appropriate mechanisms that will allow a level of audit within the computer systems but also functionality across those computer systems that contain confidential and sensitive information. Of course, the first thing is to ensure that the staff who have access to these types of computer systems are vetted far more thoroughly than they are at the moment. Even if there is a delay in the upgrading of the computer systems at the requisite and appropriate cost, we first want to make sure that the people who will be operating those systems undergo appropriate vetting. Members should keep in mind that this problem crosses both governments. The person who was ultimately convicted in this matter was employed as an associate in November 2000 and resigned on 31 July 2009. Things are happening and have been happening for several months. I am keen to see that process through. As the Treasurer said, it is another challenge.
Mr E.S. Ripper : You are too late for this year’s budget so it could be years before the systems are in place. Mr C.C. PORTER : The Treasurer and I have a wonderful relationship that is very flexible. Several members interjected. Mr C.C. PORTER : The department will report to me on appropriate mechanisms that will allow a level of audit within the computer systems but also functionality across those computer systems that contain confidential and sensitive information. Of course, the first thing is to ensure that the staff who have access to these types of computer systems are vetted far more thoroughly than they are at the moment. Even if there is a delay in the upgrading of the computer systems at the requisite and appropriate cost, we first want to make sure that the people who will be operating those systems undergo appropriate vetting. Members should keep in mind that this problem crosses both governments. The person who was ultimately convicted in this matter was employed as an associate in November 2000 and resigned on 31 July 2009. Things are happening and have been happening for several months. I am keen to see that process through. As the Treasurer said, it is another challenge.
Mr C.C. PORTER : The Treasurer and I have a wonderful relationship that is very flexible. Several members interjected. Mr C.C. PORTER : The department will report to me on appropriate mechanisms that will allow a level of audit within the computer systems but also functionality across those computer systems that contain confidential and sensitive information. Of course, the first thing is to ensure that the staff who have access to these types of computer systems are vetted far more thoroughly than they are at the moment. Even if there is a delay in the upgrading of the computer systems at the requisite and appropriate cost, we first want to make sure that the people who will be operating those systems undergo appropriate vetting. Members should keep in mind that this problem crosses both governments. The person who was ultimately convicted in this matter was employed as an associate in November 2000 and resigned on 31 July 2009. Things are happening and have been happening for several months. I am keen to see that process through. As the Treasurer said, it is another challenge.
Several members interjected. Mr C.C. PORTER : The department will report to me on appropriate mechanisms that will allow a level of audit within the computer systems but also functionality across those computer systems that contain confidential and sensitive information. Of course, the first thing is to ensure that the staff who have access to these types of computer systems are vetted far more thoroughly than they are at the moment. Even if there is a delay in the upgrading of the computer systems at the requisite and appropriate cost, we first want to make sure that the people who will be operating those systems undergo appropriate vetting. Members should keep in mind that this problem crosses both governments. The person who was ultimately convicted in this matter was employed as an associate in November 2000 and resigned on 31 July 2009. Things are happening and have been happening for several months. I am keen to see that process through. As the Treasurer said, it is another challenge.
Mr C.C. PORTER : The department will report to me on appropriate mechanisms that will allow a level of audit within the computer systems but also functionality across those computer systems that contain confidential and sensitive information. Of course, the first thing is to ensure that the staff who have access to these types of computer systems are vetted far more thoroughly than they are at the moment. Even if there is a delay in the upgrading of the computer systems at the requisite and appropriate cost, we first want to make sure that the people who will be operating those systems undergo appropriate vetting. Members should keep in mind that this problem crosses both governments. The person who was ultimately convicted in this matter was employed as an associate in November 2000 and resigned on 31 July 2009. Things are happening and have been happening for several months. I am keen to see that process through. As the Treasurer said, it is another challenge.
Explore WA Government Data
Search the full archive in the free dashboard, or query programmatically via API.
Explore more
Government Gazette
Appointments, regulatory notices, planning changes.
Hansard
Debates, questions, speeches and sentiment.
Tabled Papers
Reports and documents tabled in Parliament.
Committees
Committee profiles and recent reports.
Regulations
Subsidiary legislation with filters and summaries.
Bills
Proposed laws and parliamentary progress.
Acts
Current WA legislation and summaries.
Explanatory Memoranda
Bills with EMs (text/PDF) available.
Members
MP profiles, party breakdown and rankings.
Pollie Rankings
Data-driven rankings across 19 categories.
Amendment Chains
Track how schemes and regulations evolve over time.