TfNSW fails to safeguard driver data
Share
An audit has revealed that Transport for NSW has not effectively minimised the risk of personal information in its driver and vehicle management systems being misused. DRIVES includes information on over 6.2 million driver licences and over seven million vehicle registrations, generating $5 billion in revenue for the state government annually.
The data includes personal details such as home addresses for the majority of adults in NSW, as well as sensitive health information and biometric data. “TfNSW has been slow to reduce the risk of misuse of personal information held in DRIVES,” auditor General Margaret Crawford says in her report released on Tuesday.
“With its delivery partner Service NSW, TfNSW has also been slow to develop and implement automatic monitoring of access.”
The report is released three years following an investigation by ICAC into the criminal misuse of information from the database.
Revamping DRIVES system
DRIVES was first launched in 1999 and is now nearing the end of its lifespan as TfNSW works on migrating it to a newer system. Nevertheless, it continues to be a crucial service for Service NSW and the NSW Police Force, as well as being utilised by Commonwealth agencies, local councils, and non-government organisations with minimal or no transport-related ties.
A total of 141 users utilise DRIVES, including commercial insurers, national regulators, and individual citizens who can access it to renew a registration or book driver knowledge tests. Ms. Crawford’s evaluation revealed that TfNSW is not effectively managing DRIVES and the transition to a new system.
TfNSW has invested $36 million in developing three business cases for a new system but has failed to learn from previous errors, according to the source.
“Too much of its planning effort has been wasted and the agency continues to operate a system which should have been replaced in the 2010s,” report concludes.
Delayed implementation of recommendations
The ICAC recently released a series of recommendations following its investigation into the criminal misuse of DRIVES data in May 2021. One key recommendation is the establishment of a risk-based system to enhance the detection of unauthorised access to personal information. An investigation revealed that a Service NSW officer was involved in significant corrupt behaviour.
“People with access to DRIVES can still misuse personal information held in the system in ways similar to those investigated by the NSW Independent Commission Against Corruption in May 2021 (Operation Mistral),” Ms Crawford says.
According to her, TfNSW and Service NSW are aiming to roll out automatic detection of suspicious access to DRIVES by March this year.
“This is nearly three years after the ICAC recommendation was made,” she notes.
“This is a slow response particularly considering the detection capability was estimated to cost only $200,000 to $300,000, and require approximately six months to implement.”
Transport Secretary Josh Murray has confirmed that all recommendations from the auditor general have been accepted. According to him, TfNSW has enhanced security measures around DRIVES in recent years.
“We at TfNSW take seriously the need to maintain privacy and security of DRIVES, to protect our digital assets generally and the information of those we serve,” he said.
Justin Lavadia is a content producer and editor at Public Spectrum with a diverse writing background spanning various niches and formats. With a wealth of experience, he brings clarity and concise communication to digital content. His expertise lies in crafting engaging content and delivering impactful narratives that resonate with readers.
Today’s Pick
11th Annual Aus Goverment Data Summit
April 1, 2025
7th Annual NZ Government Data Summit
May 7, 2025
3rd Public Sector Comms Week
May 14, 2025
Subscribe
We send emails,
but we do not spam
Join our mailing list to be on the front lines of healthcare , get exclusive content, and promos.
AI appointment Australia Australian boost boosts business businesses covid-19 cyber attack cybersecurity cyber security data data breach data management defence Digital employment enhance enhances fraud funding governance government grants Healthcare infrastructure Innovation Lockdown management new zealand NSW NZ online privacy public Public Sector queensland renewable energy scams security Social Media Technology telecommunications victoria
Last Viewed