Comcare hit with $23k privacy fine over FOI bungle

By on
Comcare hit with $23k privacy fine over FOI bungle

Personal details published online.

Government workplace compensation authority Comcare has been ordered to pay a former Defence worker $23,000 after it failed to redact her personal information from a document published under FOI laws.

Comcare published the report, which outlined the former officer’s claims she was the victim of a cancer cluster at the Department of Defence, on its FOI disclosure log in May 2011, after she had requested its findings via freedom of information laws.

But while some of the report had been redacted, many sensitive details about the Defence employee slipped through the gaps.

The document sat on the Comcare website for 12 months, revealing her name, postal address, date of birth, health details, and her unique identifier for Defence’s PMKeyS payroll system, which could provide access to her phone number and personal email address.

The woman, whose name has not been released, only realised her details were on the web when she was copied in on an email from one of her senior officers that linked to the Comcare report.

Comcare took down the document and issued an apology three days after the former staffer discovered and reported the issue in August 2012.

But Privacy Commissioner Timothy Pilgrim last week ruled that publishing the poorly redacted report amounted to a breach of the Privacy Act, albeit an unintentional one.

“I consider that it would have been reasonable for Comcare to ensure the removal or de-identification of all of the complainant’s health information from the report prior to making it publicly available on its website," Pilgrim said in his ruling.

"This could have been achieved by second and third tier reviews to ensure inadvertent mistakes such as this one were not made."

He ordered Comcare to pay the former Defence worker $20,000 to compensate for the emotional toll of the disclosure, a figure well short of the $150,000 she had originally asked for.

Pilgrim also told the agency to cover $3000 worth of her $24,000 legal bill, concluding that not all of the money had been directly related to the case or reasonably spent on it.

Comcare says it has put more staff on its FOI and privacy functions in an effort to make sure this kind of slip up isn’t repeated.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
comcare oaic privacy strategy timothy pilgrim

Most Read Articles

US military weapons systems found to have vulnerabilities

US military weapons systems found to have vulnerabilities
Westpac CIO Curran warns ‘Big Tech’ is out of step

Westpac CIO Curran warns ‘Big Tech’ is out of step
Telstra says it could buy NBN when sold

Telstra says it could buy NBN when sold
Telstra CEO demands $20 a month NBN price cut

Telstra CEO demands $20 a month NBN price cut
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Intro to AI for Security Professionals
Intro to AI for Security Professionals
Digital Transformation: Hope, or Hype?
Digital Transformation: Hope, or Hype?
How to choose a trusted IT provider
How to choose a trusted IT provider
Why Business Process Modelling Matters
Why Business Process Modelling Matters
Report: ANZ IT Decision Makers - Top Priorities for Endpoint Security 2018
Report: ANZ IT Decision Makers - Top Priorities for Endpoint Security 2018

Events

Log In

Username / Email:
Password:
  |  Forgot your password?