Comcare hit with $23k privacy fine over FOI bungle

By on
Comcare hit with $23k privacy fine over FOI bungle

Personal details published online.

Government workplace compensation authority Comcare has been ordered to pay a former Defence worker $23,000 after it failed to redact her personal information from a document published under FOI laws.

Comcare published the report, which outlined the former officer’s claims she was the victim of a cancer cluster at the Department of Defence, on its FOI disclosure log in May 2011, after she had requested its findings via freedom of information laws.

But while some of the report had been redacted, many sensitive details about the Defence employee slipped through the gaps.

The document sat on the Comcare website for 12 months, revealing her name, postal address, date of birth, health details, and her unique identifier for Defence’s PMKeyS payroll system, which could provide access to her phone number and personal email address.

The woman, whose name has not been released, only realised her details were on the web when she was copied in on an email from one of her senior officers that linked to the Comcare report.

Comcare took down the document and issued an apology three days after the former staffer discovered and reported the issue in August 2012.

But Privacy Commissioner Timothy Pilgrim last week ruled that publishing the poorly redacted report amounted to a breach of the Privacy Act, albeit an unintentional one.

“I consider that it would have been reasonable for Comcare to ensure the removal or de-identification of all of the complainant’s health information from the report prior to making it publicly available on its website," Pilgrim said in his ruling.

"This could have been achieved by second and third tier reviews to ensure inadvertent mistakes such as this one were not made."

He ordered Comcare to pay the former Defence worker $20,000 to compensate for the emotional toll of the disclosure, a figure well short of the $150,000 she had originally asked for.

Pilgrim also told the agency to cover $3000 worth of her $24,000 legal bill, concluding that not all of the money had been directly related to the case or reasonably spent on it.

Comcare says it has put more staff on its FOI and privacy functions in an effort to make sure this kind of slip up isn’t repeated.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
comcare oaic privacy strategy timothy pilgrim

Sponsored Whitepapers

3 steps to a well-rounded cybersecurity plan
3 steps to a well-rounded cybersecurity plan
Learn IT Service Management (ITSM) best practises
Learn IT Service Management (ITSM) best practises
A Migration Guide For Businesses Switching Mobile Device Management Solutions
A Migration Guide For Businesses Switching Mobile Device Management Solutions
Plan your post-COVID security strategy
Plan your post-COVID security strategy
The Executive's Guide To The Future Of Work
The Executive's Guide To The Future Of Work

Events

Most Read Articles

Services Australia trials OCR on Centrelink claims

Services Australia trials OCR on Centrelink claims
Aussie Broadband lists on the ASX one week early

Aussie Broadband lists on the ASX one week early
ANZ works with Infosys to re-platform its internet banking

ANZ works with Infosys to re-platform its internet banking
Mastercard to deliver NSW digital Opal card trial

Mastercard to deliver NSW digital Opal card trial
You must be a registered member of iTnews to post a comment.
| Register

Log In

Username / Email:
Password:
  |  Forgot your password?