Skip to main content

Coronavirus (COVID-19) and the Attorney-General’s Department: Find out how our services are being delivered and how you can access them. For the latest COVID-19 news, updates and advice from the Australian Government, visit

Data protected from manipulation or misuse


Previous page


Next page


Protections are in place to prevent data being manipulated or misused. For example, a system's source code or audit logs cannot be altered in production environments.


Some examples of this type of countermeasure include:

  • Pre-fill data cannot be changed on forms.
  • Reports are 'read only' to prevent manipulation.
  • Data is coded directly into systems and cannot be manually altered. privileged
  • Updates to production data is restricted by system parameters.
  • A system's source code cannot be altered outside a prescribed change management process.
  • Audit logs cannot be altered.

Purpose of this countermeasure

Someone can provide false information to support a request or claim, or fail to disclose changes or information that would affect their entitlement.

Staff or contractors can also abuse their position of trust to access and manipulate information without authority.

Acting dishonestly and providing false or misleading information or forged documents to commit fraud are offences under the Criminal Code Act 1995.

Allowing customers, staff or third parties to manipulate data with impunity within systems or on forms can lead to fraudsters:

  • facilitating fraudulent payments,
  • manipulating information without authority
  • improperly influencing decisions.


This type of control is supported by:

How do I know if my countermeasures are effective?

You can apply the following methods to measure the effectiveness of these types of countermeasures:

  • Review procedures or guidance to confirm it clearly specifies how data should be protected from manipulation or misuse.
  • Confirm protections are in place to prevent data being manipulated or misused.
  • Confirm protections are always applied.
  • Review a sample of completed data requests to confirm appropriate protections and classifications were applied.
  • Undertake quantitative analysis, such as reconciling audit logs, to check data has not been manipulated.
  • Review a sample to confirm data has not been manipulated.
  • Ask staff about data protections to ensure they have a consistent and correct understanding.
  • Undertake vulnerability testing or a process walk-through to confirm that data cannot be manipulated or misused.
  • Confirm that someone cannot override or bypass protections, even when pressure or coercion is applied.
  • Check if reporting, reconciliation or change management processes exist for changes to data.


Previous page


Next page



Commonwealth Fraud Prevention Centre logo