A formal disciplinary process must be established for Victoria Police Employees, Contractors and Consultants, who are considered to have been involved in a breach of law enforcement data security.

Victoria Police must ensure that Agreements with Approved Third Parties include the requirement to establish a formal disciplinary process for users who are considered to have been involved in a breach of law enforcement data security.

Statement of Objective

The establishment and implementation of formal disciplinary procedures for Victoria Police employees, contractors and consultants who are considered to have committed a security breach aims to maintain established Victoria Police standards of behaviour and complies with legislative requirements.

Protocol 6.1

Unless specifically authorised by law or direction from their supervisor, Victoria Police employees, contractors and consultants must not access or release any law enforcement data other than is legitimately required to discharge their duties.

Known or suspected misuse of law enforcement data, including the following incident types, must be reported:

a) attempts to access law enforcement data by unauthorised users;

b) attempts to access law enforcement data for an unauthorised purpose by an authorised user; and

c) unauthorised use of law enforcement data by any users that could be categorised as instances of corruption, criminality or serious misconduct.

Victoria Police must ensure that Agreements with Approved Third Parties include the requirement to report details of the following to Victoria Police:

a) attempts to access law enforcement data by unauthorised users;

b) attempts to access law enforcement data for an unauthorised purpose by an authorised user; and

c) unauthorised use of law enforcement data by any users that could be categorised as instances of corruption, criminality or serious misconduct.

Implementation Guidance

Victoria Police employees, contractors and consultants are granted authorised access to law enforcement data to help them undertake their day-to-day duties.  Such access is a privilege and those with access rights should be aware that apart from legitimate business-related purposes, there is no instance where a Victoria Police user should have access to law enforcement data relating to members of the community that is over and above that of any other citizen.

The misuse of  law enforcement data and privileges relevant to access and release may include, but is not restricted to, the following:

a) accessing or releasing any law enforcement data (or information accessible to the user as a representative of Victoria Police) for which the user does not have an authorised Victoria Police business need;

b) attempting to use previously authorised access privileges following termination of employment or contract with Victoria Police, irrespective of whether or not those access privileges have been revoked or removed;

c) attempting to modify or remove law enforcement data without proper authorisation;

d) attempting to use, or using, any other person’s User ID;

e) attempting to test, bypass or defeat any security safeguards established to protect law enforcement data without proper authorisation;

f) circumventing or attempting to circumvent assigned access limits, logon procedures or assigned privileges;

g) sending fraudulent electronic mail, breaking into another user’s mailbox or reading their electronic mail without permission;

h) sending any fraudulent electronic transmission;

i) introducing or using unauthorised, untested, unlicensed (by Victoria Police) or illegal software that may introduce unknown and/or malicious security vulnerabilities;

j) harassing or threatening other users or interfering with their access to law enforcement data;

k) taking advantage of another user’s naivety or negligence to gain access to law enforcement data for which they have not been authorised; and

l) disclosing or removing third party proprietary information.

A careless or accidental breach may involve disciplinary or remedial action, including counselling, training or both, while deliberate breaches should be classified as corruption, serious or minor misconduct or a breach of discipline and may result in disciplinary or criminal sanctions.

Victoria Police has established discipline processes and procedures managed by the Ethical Standard Department.  Details of the discipline processes and procedures are provided in the Victoria Police Manual.