Worker fired for downloading confidential documents on personal devices

But says other employees also use personal USBs and laptops for work

Worker fired for downloading confidential documents on personal devices

A public sector worker recently filed an appeal before the Queensland Industrial Relations Commission (QIRC), arguing that his employer was wrong to accuse him of misconduct for downloading confidential files to a personal device.

The worker, Nick Corones, was employed by the State of Queensland under the Department of Regional Development, Manufacturing, and Water, our designated Employer. He was a regulatory officer for the department's Water Supply Regulation.

Before joining the employer, he was a senior program officer at the Department of Seniors, Disability Services, and Aboriginal and Torres Strait Island Partnerships (DSDSATSIP).

Six-month secondment

According to records, a pivotal sequence of events started on 18 June 2023, when the worker went on a six-month secondment to the Department of Justice and Attorney-General, leaving the DSDSATSIP.

The Acting Deputy Director-General for Water Resource Management, which was within the Department of Regional Development, Manufacturing, and Water, laid out the following allegations against the worker:

  • Between 2 June 2021, and 18 June 2021, the worker allegedly downloaded confidential government documents and Cabinet-in-Confidence documents onto a personal portable device without the appropriate authorisation.
  • During the said period, the worker also allegedly saved copies of these confidential documents onto the desktop of their departmental computer without the required authorisation.

The matter was initially brought to attention on 21 June 2021, when Ethical Standards at DSDSATSIP, received an accusation that the worker had transferred documents, from a departmental laptop, connected to the department network, onto a non-departmental USB.

Further steps were taken as the employer conducted an audit of the worker's downloading activities, which affirmed the allegations.

These allegations were assessed as reaching the threshold of corrupt conduct under the state's Crime and Corruption Act 2001 (Qld) by Ethical Standards and were subsequently forwarded to the Crime and Corruption Commission (CCC).

Worker's 'corrupt conduct'

On 6 July 2021, the CCC concluded that the allegations could be categorised as corrupt conduct if substantiated, and the matter was returned to DSDSATSIP for management.

Fast forward to June 2022, an investigation by the Ethical Standards Unit (ESU) determined that the allegations held the potential for substantiation.

In November of the same year, the former Director-General for DSDSATSIP referred the matter to the Department.

This led to the issuance of the first show cause notice, dated January 2023. The worker challenged the allegations on the following grounds:

The worker argued that the decision to substantiate the allegations was based on inadequate information and a lack of clear, specific, and pertinent evidence.

Was worker disadvantaged?

He said he was disadvantaged in analysing and responding to these allegations, because he no longer worked for DSDSATSIP, rendering him unable to reference relevant materials, including information, emails, file records, and associated correspondence relevant to the allegations.

The worker also raised several concerns, including:

  • The absence of evidence concerning the electronic files and information deleted from IT assets in his possession at the time.
  • The lack of clarification regarding the routine downloading, accessing, and storage of electronic government documents, including confidential and sensitive data, within the Microsoft Office environment.
  • The absence of local protocols and processes related to authorisations for accessing, utilising, and managing electronic files.
  • Challenges posed by the COVID-19 pandemic, including working from home, network outages, and reliance on desktops and USBs to save and access work, particularly when work-issued mobile computing devices were unavailable.
  • The acknowledgment that public sector employees commonly utilise documents and resources relevant to the allegations on their desktops or USBs.

The Commission’s decision

The QIRC noted that the worker "did not deny that he engaged in the conduct." It also found that the worker was not "provided with written approval to transfer departmental information onto a privately owned USB."

"[He was] not authorised to download over 2,000 departmental documents (which contained confidential and sensitive information) to a privately owned USB," the decision said.

"[His] conduct was without authority [and] was highly inappropriate and seriously improper," it said.

The Commission also said the worker was an experienced policy officer and had previously been engaged in roles in which he dealt with "[confidential] documents on a regular if not daily basis."

It said he should be "aware of the very strict requirements that related to the handling of [documents] to protect the confidentiality and security of the information," as well as "the interests of current and previous governments and ministers involved.”

Thus, the QIRC agreed with the employer's decision in its disciplinary process that the worker committed misconduct. Consequently, it dismissed the worker’s appeal.