One of Australia's largest agencies, the Department of Health and Ageing has still not developed policy guidelines to comply with the information privacy principles of the Privacy Act.
Despite the new privacy legislation coming into affect in December 2001, the findings of an Australian National Audit Office (ANAO) report tabled yesterday, found privacy requirements had been largely ignored.
While IT security policy was outstanding the report said privacy had been forgotten but a spokeswoman for the Minister for Health and Ageing, Senator Kay Patterson, said the department would act immediately and compliance would be completed within six months.
According to the report: "Application security plans indicate that information privacy requirements have not been adequately addressed as none of the plans reviewed had considered privacy issues."
As a result a sub-committee known as the Information Planning and Privacy Committee (IPPC) has been formed to address this problem and hand down a report by the end of this month.
A Health Department spokeswoman said recommendations made by ANAO to undertake a privacy review will go ahead immediately and will be in place in coming months.
With a budget of $29 billion and 3600 staff the Department of Health has significant IT projects in development outside of day to day operations outsourced to IBM GSA.
The ANOA report which reviewed all IT operations being undertaken by the Department found: "IT applications reviewed displayed a number of sound industry practices; but not consisently."
For example, the SIME project (Strategic Information Management Environment) is 18 months behind schedule and staff are working on revised implementation dates and schedules.
There were also no quality assurance processes in place and no internal benchmarking, the report said: "Management of IT or implementation did not benchmark against the IT industry generally or against similar Commonwalth agencies."
Expenditure showed the written down value of software developed and in operation at June 30, 2001 at the department was $43 million including $3.5 million of externally purchased software.
Expenditure in IT infrastructure services reached $48 million including a one-off payment to its principal service provider IBM GSA.
The ANAO also found that the department did not have a single preferred tracking system to identiy the status of all applications under development, adding: "Health conducts no internal benchmarking of its management of IT or implementaiton of IT initiatives."