❓ A WA parliamentary question on notice regarding policies and procedures for restricting unauthorised access to mobile devices, disposal methods, and handling of sensitive information within the Department of Fire and Emergency Services, the Office of the Inspector of Custodial Services, and the Department of Justice.
AnsweredQoN 3186Legislative Assembly
QuestionView source ↗
In respect of the Minister’s portfolio responsibilities for any of their departments, agencies, government trading enterprises or boards, I ask: (a) Are there any policies or procedures in place for restricting unauthorised access to mobile devices (mobile phones, tablets and laptops): (i) If so, what are they; and (ii) If not, why not; (b) How many mobile devices have been disposed of in the following financial years and what was their disposal method (i.e. at auction): (i) 2015-16; (ii) 2016-17; and (iii) 2017-18; and (c) Were any of the mobile devices in (b)(i)-(iii) used to store sensitive or confidential information: (i) If so, what type of sensitive or confidential information; and (ii) If so, what measures are put in place to ensure this information is not retained on the hard-drive of the device upon it's disposal?
AnswerView source ↗
Answered
13 September 2018
Responded by
Minister for Emergency Services; Corrective Services
Response time
17 days
The Department of Fire and Emergency Services (DFES) advises:
(a) Yes
(i) DFES personnel use PINs or other security methods (e.g. fingerprint/face ID) to restrict unauthorised access to mobile devices. Laptops and tablets have an automatic screen lock policy implemented. DFES also has an Acceptable Use Policy in place to provide information on the unauthorised access to mobile devices to protect the confidentiality of information.
(ii) NA
(b) Disposal is via a mobile recycling program. DFES ensures any accounts are de-associated with the device, and the phone factory reset before being stored for disposal. ICT equipment (including laptops/tablets) are disposed of under the CUAWAS2016 which includes provision for sanitisation and destruction of storage media in ICT devices. Device hard drives are formatted prior to being sent for disposal, the wiping of the hard drives complies with the government guidelines for disposal. Once the drives have been wiped the devices are sent to the CUA Disposal Service.
(i) 2015-16; nil data available
(ii) 2016-17 - 57 devices
(iii) 2017-18 - 80 devices
(c) DFES’ Acceptable Use Policy requires users to store data on network drives or other authorised services and not on the local device, however it is recognised that there will be occasions where users do store data locally (e.g. when travelling). It is not possible to determine what type of sensitive or confidential information may have been stored on devices that have been disposed of.
(i) Refer response above at (c).
(ii) DFES’ policy is to wipe the smartphone devices prior to disposal. Disposal is via a mobile recycling program. DFES ensures any accounts are de-associated with the device, and the phone factory reset before being stored for disposal. ICT equipment (including laptops/tablets) are disposed of under the CUAWAS2016 which includes provision for sanitisation and destruction of storage media in ICT devices. Device hard drives are formatted prior to being sent for disposal, the wiping of the hard drives complies with the government guidelines for disposal. Once the drives have been wiped the devices are sent to the CUA Disposal Service.
The Office of the Inspector of Custodial Services advises:
(a) Yes.
(i) Code of Conduct and Guidelines for entry and equipment taken into prisons.
(ii) Not applicable.
(b)
(i) 1, staff action
(ii) 0
(iii) 2, Senior Management Team approved sale to staff upon retirement at an arms lengh price.
(c) Yes.
(i) Personal phone numbers.
(ii) Each mobile phone is reset to factory settings prior to disposal.
The Department of Justice advises:
Please see Legislative Assembly Question on Notice number 3184
(a) Yes
(i) DFES personnel use PINs or other security methods (e.g. fingerprint/face ID) to restrict unauthorised access to mobile devices. Laptops and tablets have an automatic screen lock policy implemented. DFES also has an Acceptable Use Policy in place to provide information on the unauthorised access to mobile devices to protect the confidentiality of information.
(ii) NA
(b) Disposal is via a mobile recycling program. DFES ensures any accounts are de-associated with the device, and the phone factory reset before being stored for disposal. ICT equipment (including laptops/tablets) are disposed of under the CUAWAS2016 which includes provision for sanitisation and destruction of storage media in ICT devices. Device hard drives are formatted prior to being sent for disposal, the wiping of the hard drives complies with the government guidelines for disposal. Once the drives have been wiped the devices are sent to the CUA Disposal Service.
(i) 2015-16; nil data available
(ii) 2016-17 - 57 devices
(iii) 2017-18 - 80 devices
(c) DFES’ Acceptable Use Policy requires users to store data on network drives or other authorised services and not on the local device, however it is recognised that there will be occasions where users do store data locally (e.g. when travelling). It is not possible to determine what type of sensitive or confidential information may have been stored on devices that have been disposed of.
(i) Refer response above at (c).
(ii) DFES’ policy is to wipe the smartphone devices prior to disposal. Disposal is via a mobile recycling program. DFES ensures any accounts are de-associated with the device, and the phone factory reset before being stored for disposal. ICT equipment (including laptops/tablets) are disposed of under the CUAWAS2016 which includes provision for sanitisation and destruction of storage media in ICT devices. Device hard drives are formatted prior to being sent for disposal, the wiping of the hard drives complies with the government guidelines for disposal. Once the drives have been wiped the devices are sent to the CUA Disposal Service.
The Office of the Inspector of Custodial Services advises:
(a) Yes.
(i) Code of Conduct and Guidelines for entry and equipment taken into prisons.
(ii) Not applicable.
(b)
(i) 1, staff action
(ii) 0
(iii) 2, Senior Management Team approved sale to staff upon retirement at an arms lengh price.
(c) Yes.
(i) Personal phone numbers.
(ii) Each mobile phone is reset to factory settings prior to disposal.
The Department of Justice advises:
Please see Legislative Assembly Question on Notice number 3184
Explore WA Government Data
Search the full archive in the free dashboard, or query programmatically via API.
Explore more
Government Gazette
Appointments, regulatory notices, planning changes.
Hansard
Debates, questions, speeches and sentiment.
Tabled Papers
Reports and documents tabled in Parliament.
Committees
Committee profiles and recent reports.
Regulations
Subsidiary legislation with filters and summaries.
Bills
Proposed laws and parliamentary progress.
Acts
Current WA legislation and summaries.
Explanatory Memoranda
Bills with EMs (text/PDF) available.
Members
MP profiles, party breakdown and rankings.
Pollie Rankings
Data-driven rankings across 19 categories.
Amendment Chains
Track how schemes and regulations evolve over time.