Galeotti, Julie
From:
Sent:
Thursday, 11 February 2016 9:38 AM
To:
Zhu, Katy
Cc:
Subject:
RE: FOI Release - SQL Queries [SEC=UNCLASSIFIED]
Hi Katy,
I am of the opinion that the release of the SQL queries, as with the data dictionaries, even in a redacted form, would
provide information about the programmable interfaces and logic flow within our systems, and give information
about identifiers, pointers and references that would compromise the security and safety of ATO systems.
From: Zhu, Katy
Sent: Wednesday, 10 February 2016 12:00 PM
To:
Cc:
Subject: FOI Release - SQL Queries [SEC=UNCLASSIFIED]
Dear
We have received an FOI request for SQL queries from an ATO employee, via the right to know organisation.
Following my conversation with
, my understanding is that the SQL queries contain sensitive
information which raises security concerns, if released under FOI.
I have attached for you the 2 documents that fall within the scope of the applicant’s FOI request.
has
mentioned that you are able to redact all the sensitive information from those documents. Can you please advise of
a timeframe for how long that process is likely to take? Please feel free to contact me to discuss any of this.
Kind regards
Katy Zhu
Lawyer
General Counsel, ATO Corporate
Australian Taxation Office
P 03 8632 5064
Connect with us
1
File Note – Katy and
I spoke to
about the consideration of possible unauthorised accesses to ATO’s
systems if the SQL queries were released.
explained to me the various aspects of the
SQL queries which contain significant information about ATO’s internal business rules,
which gives the exact parameters of what to put in ATO’s systems. The SQL queries also
show the exact fields in our databases. As such, if released the ATO’s information systems
could be compromised. For that reason, the SQL queries should not be released.
Katy
15 February 2016