Tuesday, 4 October 2016

Australian Government Data Retention: refraining from saying told you so......

ABC News, 29 September 2016:

The Health Department has removed data from its website amid an investigation into whether personal information has been compromised.
Australian Privacy Commissioner Timothy Pilgrim has launched an investigation after academics found it was possible to decrypt some service provider ID numbers in the Medicare Benefits Schedule and Pharmaceutical Benefits Schedule datasets.
In a statement, the Department of Health said the dataset published on data.gov.au did not include names or addresses of service providers and no patient information was identified.
"However, as a result of the potential to extract some doctor and other service provider ID numbers, the Department of Health immediately removed the dataset from the website to ensure the security and integrity of the data is maintained," it stated.
"No patient information has been compromised, and no information about the health service providers has been publicly identified or released."
Further comment has been sought.

The Guardian, 24 September 2016:

The Australian Bureau of Statistics inadvertently released contact names linked to more than 5,000 Queensland businesses in what was described as a “human error”.
The breach is one of 14 the ABS has reported to the Office of the Australian Information Commissioner since 2013, and was released to Guardian Australia under freedom of information laws.
The ABS has come under scrutiny over its handling of the 2016 census, initially for the extended retention of names and addresses for a period of four years. It then faced further criticism after the census website crashed, which it attributed to a series of foreign attacks.
While none of the breaches reported to the OAIC relates to the handling of any census data, some do highlight errors in the handling of other surveys as well as failures to correctly de-identify data, which is one of the criticisms raised by privacy advocates about the increased retention of census data.

The Canberra Times, 4 October 2016:

The federal government is caught up in a second data privacy scare, this time involving a massive data-set on more then 96,000 of its public servants amid fears their confidential information might not be secure.

In the second potentially serious Commonwealth data breach to become public in less than a week, the public service's workplace authority has confirmed that it has withdrawn the data gathered in its massive annual employee census from public view.

It is feared that identification codes for departments and agencies could be used to identify the individual public servants who filled in the census, the largest workplace survey undertaken in Australia, on condition of anonymity.

The data has been taken down from official websites to be washed of any features that could be used to breach the privacy of government officials.

But the Australian Public Service Commission has confirmed the data-set was downloaded nearly 60 times before the take-down, meaning the raw information is in circulation with no way to control how it is used or distributed further......

No comments: