Comcare hit with $23k privacy fine over FOI bungle

By on
Comcare hit with $23k privacy fine over FOI bungle

Personal details published online.

Government workplace compensation authority Comcare has been ordered to pay a former Defence worker $23,000 after it failed to redact her personal information from a document published under FOI laws.

Comcare published the report, which outlined the former officer’s claims she was the victim of a cancer cluster at the Department of Defence, on its FOI disclosure log in May 2011, after she had requested its findings via freedom of information laws.

But while some of the report had been redacted, many sensitive details about the Defence employee slipped through the gaps.

The document sat on the Comcare website for 12 months, revealing her name, postal address, date of birth, health details, and her unique identifier for Defence’s PMKeyS payroll system, which could provide access to her phone number and personal email address.

The woman, whose name has not been released, only realised her details were on the web when she was copied in on an email from one of her senior officers that linked to the Comcare report.

Comcare took down the document and issued an apology three days after the former staffer discovered and reported the issue in August 2012.

But Privacy Commissioner Timothy Pilgrim last week ruled that publishing the poorly redacted report amounted to a breach of the Privacy Act, albeit an unintentional one.

“I consider that it would have been reasonable for Comcare to ensure the removal or de-identification of all of the complainant’s health information from the report prior to making it publicly available on its website," Pilgrim said in his ruling.

"This could have been achieved by second and third tier reviews to ensure inadvertent mistakes such as this one were not made."

He ordered Comcare to pay the former Defence worker $20,000 to compensate for the emotional toll of the disclosure, a figure well short of the $150,000 she had originally asked for.

Pilgrim also told the agency to cover $3000 worth of her $24,000 legal bill, concluding that not all of the money had been directly related to the case or reasonably spent on it.

Comcare says it has put more staff on its FOI and privacy functions in an effort to make sure this kind of slip up isn’t repeated.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
comcare oaic privacy strategy timothy pilgrim

Most Read Articles

TPG suffers Australia-wide internet problems

TPG suffers Australia-wide internet problems
AWS suffers cloud problems in Sydney region

AWS suffers cloud problems in Sydney region
Optus breaks silence on NBN Co's enterprise behaviour

Optus breaks silence on NBN Co's enterprise behaviour
Apple pushes back against EU common charger

Apple pushes back against EU common charger
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Are you getting profitable outcomes from your IT?
Are you getting profitable outcomes from your IT?
Your Microsoft Security journey starts here
Your Microsoft Security journey starts here
Is your AWS framework well-architected?
Is your AWS framework well-architected?
Why you should reassess your cybersecurity posture
Why you should reassess your cybersecurity posture
How will you manage the cloud data deluge?
How will you manage the cloud data deluge?

Events

Log In

Username / Email:
Password:
  |  Forgot your password?