A former caseworker, contracted by Victoria’s Department of Health and Human Services (DHHS) between April 2016 and September 2017, had access to the sensitive data of vulnerable children for a year after leaving their job. A report filed by OVIC (Office of the Victorian Information Commissioner) found that throughout their employ at DHSS the caseworker had access to a government computer system known as CRISSP. This system stores and manages files related to disability, family and youth support services. The privileges to this system should have been revoked when the caseworker left their role, however remained in effect until October 2018. Only then did the Department of Justice and Regulation identify that the worker had been using their privileges to view information about clients.
The caseworker had performed 150 searches and used the system 260 times without authorisation. This gave them access to the personal details of 27 individuals, all minors. Liana Buchanan, Victoria’s commissioner for children and young people stated: “Information gathered to protect children simply cannot be allowed to endanger them—to allow this to happen is not only a breach of privacy, but an unacceptable breach of trust.”