ARTICLE
22 July 2024

NSW Police employee charged with accessing restricted data without authority

SC
Sydney Criminal Lawyers

Contributor

Sydney Criminal Lawyers logo
Sydney Criminal Lawyers® is a renowned team of expert criminal defence lawyers with multiple locations in the Sydney Metropolitan Area, such as Sydney City, Parramatta, and Newcastle. Led by Law Society-certified Accredited Criminal Law Specialists, the firm has achieved numerous accolades and awards, including "Criminal Defence Firm of the Year in Australia." With a focus on client satisfaction and proven success in criminal and traffic cases, clients are guaranteed specialized representation from experienced lawyers dedicated to achieving optimal results in court.
Explore
A civilian employee of the NSW Police is facing court over allegations he unlawfully accessed restricted data.
Australia Criminal Law
Photo of Sonia Hickey
Authors
To print this article, all you need is to be registered or login on Mondaq.com.

civilian employee of the New South Wales Police Force is facing court over allegations he unlawfully accessed restricted data contained in the police computer system. 

In May 2024, officers attached to Lake Illawarra Police District commenced investigations regarding access to restricted computer systems.

At around 8am on Monday, 15 July 2024, police arrested the 27-year old man at Shellharbour and conveyed him to Illawarra Police Station, where he was charged with unauthorised access to or modification of restricted data.

He was refused bail at the police station and brought before Port Kembla Local Court where a bail application was made on his behalf. 

The application was successful and the man was granted conditional bail.

Orders were made for the service of the police brief of evidence and the matter was adjourned for reply to brief in the same court on Wednesday, 21 August 2024.

The man's employment status is expected to be reviewed.

The COPS system

The New South Wales Police Force Computerised Operational Policing System (COPS) database holds more than 40 million records. 

The NSW Police Force has its own internal policies with regard to the management and use of the dastabse, and says it is “committed to responsibly and properly managing the personal and health information we collect, protecting the privacy of members of the public and our staff.” 

The offence of unauthorised access to or modification of restricted data 

Unauthorised access to, or modification of, restricted data held in a computer is an offence under section 308H of the Crimes Act 1900 (NSW), which carries a maximum penalty of 2 years in prison.

To establish the offence, the prosecution must prove beyond reasonable doubt that:

  1. You caused access to, or modification of, data held in a computer,
  2. You did so intentionally,
  3. You were not authorised to cause that access or modification,
  4. The data was restricted data, and
  5. You knew the data was restricted data.

‘Data held in a computer' means data that is:

  1. Entered or copied into a computer,
  2. Held in any removable storage which was in a computer for a time, or
  3. Held in any data storage device on a computer network of which a computer forms a part.

A ‘data storage device' is any thing, including a disk or file server, which contains or is designed to contain data for use by a computer.

‘Access' to data held in a computer means:

  1. The display of data by the computer or any other output of the data,
  2. The copying or moving of the data to any other place in the computer or to any data storage device, or
  3. The execution of any program.

‘Modification' of data held in a computer means the alteration or removal of data, or the addition of data.

Your actions were ‘unauthorised' if you were not entitled to cause them however, your actions are not unauthorised merely because you had an ulterior motive for them, or if:

  1. You were an ‘authorised person' such as a police or other law enforcement officer,
  2. The computer disk, credit card or other device was in your lawful custody, and
  3. Your actions were to preserve, or to prevent the concealment, fabrication, destruction or loss of, evidence of any offence.

‘Restricted data' means data held in a computer to which access is restricted by an access control system associated with a function of the computer.

Time limit for commencing proceedings

Proceedings for the offence must be commenced no later than 12 months from the date of the alleged commission of the offence.

Legal defence

The most frequently used defence to the charge is duress, which is where you acted due to threats of death or really serious harm to you or your family member, and the threats were of such a nature that a person of ordinary firmness and strength of will, of your maturity and sex and in your position, would have given in to them and committed the crime demanded of you.

If you are able to raise evidence of duress, the onus then shifts to the prosecution to prove beyond a reasonable doubt that the defence does not apply in the circumstances.

You are entitled to an acquittal if the prosecution is unable to do this.

Accessing and protecting personal information

Each of us have rights under the Government Information (Public Access) Act 2009Privacy and Personal Information Protection Act 1998 and Health Records and Information Privacy Act 2002 to access and amend personal information held by The New South Wales Police force.

The Privacy and Personal Information Protection Act mentioned above is the legislation which stipulates what an organisation must do to notify anyone affected when a data breach has occurred. 

Data breaches are not uncommon 

There have long been concerns about the amount of data that is available to all police officers in New South Wales, how the data is stored, and how it is used. 

Individual privacy concerns have been highlighted on numerous occasions, perhaps one of the most well-known cases is that Julie* who finally won her case against Queensland Police and a Queensland Police Officer who unlawfully accessed the QPrime database to get her address, and then gave it to his friend, her former abusive partner. 

Julie's case also highlighted the QLD police force's ‘weak' internal discipline system. The officer involved, Neil Punchard, finally resigned in 2021 – however he remained on the QPS payroll while the full legal case played out, despite being suspended and stood down in 2018.

Needless to say, data breaches of any kind, can have detrimental, long term effects for victims. 

In recent years many victims of police data breaches have come forward – these types of offences are not uncommon. In 2019, a New South Wales single mother became aware her ex boyfriend had received information held on a COPS file.

She suspected her ex-boyfriend's neighbour — a policeman — had some involvement in the matter. Her complaint was upheld after an internal investigation comfirmed there had been “unusual access to her file.”  The investigation determined that a false record had been created against her name. 

Complaints about invasion of privacy

If you have a concern that the privacy of your data has been compromised in any way, or if you would like to know what information the NSWPF has on file, you can contact the Privacy Manager, Communication Services Command

If you have a complaint about the way your data has been used, you can contact the Information and Privacy Commission of NSW

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Sonia Hickey
Sonia Hickey
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More