Comcare hit with $23k privacy fine over FOI bungle

By on
Comcare hit with $23k privacy fine over FOI bungle

Personal details published online.

Government workplace compensation authority Comcare has been ordered to pay a former Defence worker $23,000 after it failed to redact her personal information from a document published under FOI laws.

Comcare published the report, which outlined the former officer’s claims she was the victim of a cancer cluster at the Department of Defence, on its FOI disclosure log in May 2011, after she had requested its findings via freedom of information laws.

But while some of the report had been redacted, many sensitive details about the Defence employee slipped through the gaps.

The document sat on the Comcare website for 12 months, revealing her name, postal address, date of birth, health details, and her unique identifier for Defence’s PMKeyS payroll system, which could provide access to her phone number and personal email address.

The woman, whose name has not been released, only realised her details were on the web when she was copied in on an email from one of her senior officers that linked to the Comcare report.

Comcare took down the document and issued an apology three days after the former staffer discovered and reported the issue in August 2012.

But Privacy Commissioner Timothy Pilgrim last week ruled that publishing the poorly redacted report amounted to a breach of the Privacy Act, albeit an unintentional one.

“I consider that it would have been reasonable for Comcare to ensure the removal or de-identification of all of the complainant’s health information from the report prior to making it publicly available on its website," Pilgrim said in his ruling.

"This could have been achieved by second and third tier reviews to ensure inadvertent mistakes such as this one were not made."

He ordered Comcare to pay the former Defence worker $20,000 to compensate for the emotional toll of the disclosure, a figure well short of the $150,000 she had originally asked for.

Pilgrim also told the agency to cover $3000 worth of her $24,000 legal bill, concluding that not all of the money had been directly related to the case or reasonably spent on it.

Comcare says it has put more staff on its FOI and privacy functions in an effort to make sure this kind of slip up isn’t repeated.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
comcare oaic privacy strategy timothy pilgrim

Most Read Articles

NBN Co plots upload speed cut to fixed wireless

NBN Co plots upload speed cut to fixed wireless
Govt finally reveals how it plans to target encryption

Govt finally reveals how it plans to target encryption
Broadband tax revived as Labor backs plan

Broadband tax revived as Labor backs plan
NAB applies microservices to its team structure

NAB applies microservices to its team structure
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Report: ANZ IT Decision Makers - Top Priorities for Endpoint Security 2018
Report: ANZ IT Decision Makers - Top Priorities for Endpoint Security 2018
Managed Security Service Providers for Dummies
Managed Security Service Providers for Dummies
The Cost of Cloud Expertise report
The Cost of Cloud Expertise report
The business case for hyperconvergence
The business case for hyperconvergence
What Every CIO Should Know about DevOps & Container Guides by Puppet
What Every CIO Should Know about DevOps & Container Guides by Puppet

Events

Log In

Username / Email:
Password:
  |  Forgot your password?