Govt pulls dataset that jeopardised 96,000 employees

A second data breach within the federal government in a week has seen a dataset involving 96,000 public servants pulled from public view over privacy concerns.

Fairfax Media reported yesterday that the Australian Public Service Commission had decided to pull the dataset from the government's open data portal data.gov.au over concerns the information could be used to identify individual officers.

The APSC performs a massive yearly employee census to collect attitudinal data that tracks the views of staffers about management and workplace conditions.

While the data collected from the 96,000 public servants does not involve names or contact details, the APSC told iTnews that tweaks to this year's dataset had raised privacy concerns.

For the first time since it started collecting the census in 2003, the APSC this year added a numeric code for each government agency to an individual's responses.

It said agencies were not named and "at no time did the APSC publish individual identifiable information in the public domain".

But it decided to pull the dataset and review the information over concerns matching agency codes to individual responses would make it relatively easy to identify the public service worker who filled out the census.

Public servants fill in the employee survey under the condition of anonymity. They are informed that the dataset will be made available online.

"We decided that extra care should be taken to make certain that individual officers could not be identified, especially if cross referenced with a range of other publicly available data," a spokesperson said in a statement.

"A review of the dataset is underway."

The APSC told Fairfax the dataset had been downloaded 58 times before it was pulled.

The privacy scare comes just days after the federal Health department was similarly forced to pull a dataset from data.gov.au after researchers informed the agency that practitioner details could be decrypted.

The Health data breach is widely understood to be the reason behind Attorney-General George Brandis' decision to propose amendments to the Privacy Act that would make de-identifying anonymised data a criminal offence.

The Office of the Australian Information Commissioner is investigating the Health breach.

It said it was "making enquiries to determine if further action is required" in the APSC breach.