Another week, another privacy breach
It seems every week we’re learning of a new online privacy breach. The latest (as I write this) is the ‘accidental’ release of Myki user travel data. The Victorian Department of Transport released over 18 billion records relating to travel by more than 15 million users on public transport in Victoria over a three-year period, believing that they had anonymised the data sufficiently to protect people’s privacy.
Sadly, it proved this was not the case, and researchers were not only able to identify themselves based on the data, but also a number of individuals unknown to them, including a sitting Victorian state politician. They were able to be identified by combining the data in the release with other public data — in the case of the Victorian politician, tweets he had sent whilst on public transport.
The Victorian Information Commissioner raised concerns, stating that he believes that public transport data should be well protected.
But it seems the only thing worse than a data breach is a responsible party who denies they’ve done the wrong thing. In this case, the Victorian Department of Transport believes it did nothing wrong, and that the dataset didn’t contain personal information. It seems, at best, that the concept of ‘personal information’ needs better definition, and at worst, that the Department has been negligent in their care of data.
This could, if they don’t enact required changes to their data management processes and policies, land them with a $495,000 fine from the Office of the Victorian Information Commissioner.
Whilst this is a massive breach, it’s far from the only one that has happened recently… and even small breaches can result in significant fines being issued by relevant government agencies. If you’re responsible for managing personal data, I urge you to consider attending our Privacy Breakfast Briefing in October — you’ll hear from experts in the field on what your obligations are, and how to ensure that you’re meeting them. For full details of the event, please click here.
Information Technology Professionals Association (ITPA) is a not-for-profit organisation focused on continual professional development for its 18,700 members. To learn more about becoming an ITPA member, and the range of training opportunities, mentoring programs, events and online forums available, go to www.itpa.org.au.
Some people might not think IT is in the same league as brain surgery, but that doesn't mean...
Research from Proofpoint indicates that 99% of cyber attacks require a human victim to perform an...
A vulnerability in the baseboard management controllers of Supermicro servers could allow...