Financial sanction to reflect seriousness of browsing client records
An employee was found to have breached the Code of Conduct for browsing a neighbour's records in the agency's client database. Browsing is unauthorised access to client information, usually for the purpose of satisfying personal curiosity. A number of agencies conduct regular audits of employees' access to client databases for the purposes of identifying unauthorised access.
The employee had no previous record of misconduct but the agency imposed a significant financial sanction—a reduction in salary for 12 months. The employee strenuously denied that she had browsed the records, arguing that the system record must be in error or that someone else had accessed the record using her logon-id.
The Merit Protection Commissioner noted that it was not possible for the agency to prove beyond any doubt that the employee had accessed her neighbour's records. However, the Merit Protection Commissioner considered this was the only plausible explanation for system data that showed someone with the employee's logon-id conducted searches on the neighbour's name and address. The employee's conflict with her neighbour provided a motive for the access.
The Merit Protection Commissioner considers unauthorised access of client information to be serious misconduct. Members of the public are required to provide personal information to government agencies to access payments and services. They are entitled to have their personal information protected. Government agencies have an obligation to enforce appropriate standards of conduct when protecting client information.
The Merit Protection Commissioner concluded that the employee's behaviour warranted a significant financial sanction, including to indicate more generally to employees that browsing is prohibited behaviour.