Exclusive : Katarina Carroll’s statement was emailed to officers across the state on Wednesday

This article is more than 10 months old

This article is more than 10 months old

The misuse of Queensland police computer systems by current and former officers has “brought our organisation into disrepute”, the police commissioner, Katarina Carroll, has said.

Carroll’s statement, emailed to police across the state on Wednesday night, was made ahead of hearings by the Crime and Corruption Commission into public-sector data misuse and several high-profile cases that have highlighted the extent of the problem.

The commission will begin hearing public evidence on Monday. The process is expected to lay bare the extent of a situation described by civil liberties groups as a systemic problem that had caused the public to lose trust in police.

Carroll’s email appears to be an attempt to underscore police efforts to acknowledge and manage the problem before the hearings begin.

She said two formal commissioner’s directives were issued to all members of the Queensland Police Service (QPS) in March 2016 and December 2018 in relation to use of information systems without an official purpose.

“Despite these two directives, a small number of current and former members have failed to comply with these directives,” Carroll said.

“Each of these individuals have faced criminal and/or disciplinary action for accessing and misusing information stored within QPS computer systems. The actions of these individuals have brought our organisation into disrepute and, in some respects, overshadowed the outstanding and important community work performed by members on a daily basis throughout the state.

“My message to all members is clear: accessing QPS confidential information without a purpose related to your official duties is both a criminal offence and misconduct. Every information misuse complaint will be considered for criminal charges. Curiosity or personal interest is not an acceptable reason to access QPS information.

“The community, government agencies and non-government agencies entrust all of us to responsibly and appropriately handle confidential, private and sensitive information.”

Carroll’s comments lay blame at the feet of individuals, though questions remain as to whether the police auditing practices are robust enough to detect and deter rogue police, and whether security of the QPrime data system is adequate.

This year the Queensland Civil and Administrative Tribunal found the police service was liable for breaching the privacy of a domestic violence victim, Julie*, whose details were leaked by a police officer to her former partner.

In that case, tribunal member Susan Gardiner made scathing findings about police data practices, and found that the service had breached two of the state’s information privacy principles.

Gardiner found police had no systematic auditing process for regulating how officers used or misused the data of citizens, and said she could not be satisfied the QPS took all reasonable measures to prevent the unauthorised use of the QPrime system.

“The evidence before me is the QPS had no systematic auditing procedures of access to the QPrime system – even for at-risk groups such as domestic violence victims,” the judgment said.

“It simply relied on a complaint or an incident to highlight a breach. The system of auditing after the fact allows for circumstances where catastrophic events involving [Julie] and the safety of her family could have occurred.

“[Police] did not audit in a systemic way to supervise access even to a group of people (domestic violence victims) who had orders in their favour. The service waited until there was a complaint or an incident, at a time after any further potential damage to this vulnerable group.

“In my view ... the QPS allowed the use of this information for a purpose other than the purpose for which it was obtained.”

* Name has been changed