The confidential information of 96 000 public servants was put at risk after a recent data breach. The Australian Public Service Commission (APSC) was forced to remove the data set from public access after fears that the information would no longer be secure. It was reported to have been downloaded nearly 60 times before it was removed.

Users’ privacy on your website is vital. If you have a website and would like to create a privacy policy or have your existing privacy policy amended, contact a LawPath consultant. Alternatively you can access our ready to use and customisable Privacy Policy.

What happened?

The data set, on the government’s open data portal, contained information from the Australian Public Service (APS) Employee Census. The annual census records viewpoints from staff about management and workplace conditions. While names and contact details were not taken down, the identification codes for departments and agencies could be linked back to individual public servants who filled out the census.

This comes less than a week after the Medicare data breach, in which patients’ personal data was feared to have been made public. The data on the Medicare Benefits and Pharmaceutical Benefits Scheme was removed by the Health Department after it was found that practitioner details could be decrypted. Patient details were not recorded in the Medicare data sets, however there were links to some doctor and healthcare provider numbers. Meaning there was potential for doctors and what they prescribed to be identified.

After the health data leak, Attorney-General George Brandis announced changes to the Privacy Act, which would make re-identifying anonymised government data a criminal offence. These amendments aimed to protect government data that was open for public use. The anonymised APS Employee Census data was accessed 58 times before it was removed. This means that it will be unable to be controlled whether the information is used or further distributed.

Is public government data safe anymore?

The latest privacy scare demonstrates the tenuous relationship between rapid technological developments and the government’s ability to quickly implement effective legislation. By attaching agency identifiers to the data, it was possible for individuals to be identified in the anonymised data. It is important that all individuals are confident in the security of their information. Possible reforms in 2017 can ensure this remains a priority.

Let us know your thoughts on the latest privacy data scare by tagging us #lawpath or @lawpath.

Sydney Rae

Sydney is a Paralegal at LawPath working in our content team, which works to provide free legal guides to enhance public access to legal resources. With a keen interest in Tort and IP Law, her research focuses on small businesses, and how they can better navigate complex legal procedures.