Sunday, 22 December 2024 09:35

Department of Immigration vows amends after G20 data leak

Thursday, 02 April 2015

The Department of Immigration has responded to embarrassing revelations it leaked personal information of G20 officials including Barack Obama and Vladimir Putin, announcing a bolstered security regime and new task force.

The department will set up an External Accountability Task Force, as first reported by the Guardian, that will sit within its Integrity, Security and Assurance Division.

The task force, to be headed by assistant secretary Stephen Wood, will hone in on the department’s privacy measures and information management, and will liaise with the Office of the Commonwealth Ombudsman, the Human Rights Commission and the Office of the Australian Information Commissioner.

The G20 data breach occurred when an employee accidentally sent an email to the wrong person using the auto-complete function in Microsoft Outlook.

The staff member at Australia's Department of Immigration mistakenly sent the personal information including passport numbers, dates of birth and visa numbers -- to the Local Organising Committee of the Asian Cup international soccer tournament.

The department has now banned the use of auto-complete.

The incident is not an isolated one, with the immigration department also accidentally disclosing the details of almost 10,000 people in immigration detention last year in what was later deemed to be a breach of the Privacy Act.

"The department is making significant changes to its information management practices, following a number of external and internal reviews into its processes and practices,” a statement from the department read.

“All recommendations from these reviews have been adopted.”

“As outlined in the released documents, decisions on whether or not to notify individuals or groups whose information was released are based on a case-by-case risk assessment.

“This risk assessment takes into account a range of factors, including the known distribution of the material, whether it could be retrieved, deciphered or readily understood if found, and likelihood of harm being suffered as a result of the breach.”

Source: Business Spectator

Google+ Google+