This review of the information security of the Victorian Sex Offenders Register (the Register) was initially prompted by an information security review of Victoria Police's case and intelligence management system, Interpose, which was completed in the first half of 2010. The review found a number of information security flaws in the Interpose system. As Interpose holds law enforcement data that is derived from the Register and there are plans to migrate the existing Register to Interpose, our security concerns about it also raised questions about the information security of other related law enforcement data repositories such as the Register.

The purpose of this review was to assess the extent to which the Victorian Sex Offenders Register complies with the information security requirements established under the CLEDS Standards for Victoria Police law enforcement data security (CLEDS Standards).

The review was intended to be an evaluation of policy and awareness only. The review team did not undertake a detailed analysis and assessment of the effectiveness of their implementation.

Although the review had identified some information security gaps associated with the Victorian Sex Offenders Register, Victoria Police has taken substantial steps to improve its security over the last 12 months and has developed plans to make future improvements.

The main information security deficits that we have identified are:

• Shortcomings in Victoria Police's information security classification policy and guidance suitable for the particular needs of the Sex Offenders Register itself and those staff whose duties include the collection and provision of information to and from the Register.
• A lack of documented information security arrangements between Victoria Police and those to whom it provides information from the Register.