Spreadsheet error slammed
A basic tech failure has prompted calls for an overhaul of the $70 billion government procurement system.
In a significant lapse at the federal Finance department, a review has unveiled that a “basic” error involving failure to remove hidden tabs in a master spreadsheet led to the exposure of confidential pricing data.
An investigation by Commonwealth Ombudsman Michael Manthorpe has revealed that in February, due to human error, sensitive pricing information for over 400 consulting vendors was mistakenly released.
This occurred when the department sent a spreadsheet to 240 suppliers without removing hidden tabs.
Geoffrey Campbell, a partner at tech accounting firm Nexia Australia, says it is a display of the department's proficiency.
“This just needed a simple mail merge... They're completely out of their depth,” he told reporters
The federal finance department, overseen by the Office of the National Data Commissioner, is responsible for data safety and sharing practices across federal agencies.
Experts question why similar data breaches at private companies including Telstra, Optus, and Medibank have led to significant repercussions, while government departments seem to face lesser scrutiny.
This is not the first instance of data mismanagement within the department.
“Finance itself appears to have twice breached the same confidentiality provisions it now asks suppliers to abide by,” Manthorpe noted.
The joint public accounts committee has endorsed the establishment of a new commercially run tendering agency, following numerous reports advocating for a significant revamp of the procurement function.
Finance secretary Jenny Wilkinson has committed to implementing all nine administrative changes and recommendations to prevent future breaches.
Among these changes, the use of PDFs to secure information and the introduction of a new GovPanel platform are anticipated by July 2025 to enhance the security management of supplier interactions.
Manthorpe stressed the importance of focusing on effective risk management within Finance's strategic contracting branch, especially after the recurrence of data breaches involving the same sensitive data due to different work process failures.