Asylum data leak found in breach of Privacy Act
The Department of Immigration and Border Protection (DIBP) has been found in breach of the Privacy Act by posting the personal information of approximately 9,250 asylum seekers on a public website.
The Department has been slammed for failing to protect vital information and unlawfully disclosing personal information.
The Office of the Australian Information Commissioner has received a constant stream of privacy complaints since the breach, 1600 to date and they are still coming.
The big leak was found out during an investigation by media outlet the Guardian Australia, which discovered a database of the personal information of almost 10,000 in a report on DIBP’s website.
DIBP removed the report from its website within an hour of being notified.
The department does admit that the file was accessible for eight and a half days.
The personal information in the data breach included full names, gender, citizenship, date of birth, period of immigration detention, location, boat arrival details, and the reasons why the individual was deemed to be ‘unlawful’.
Human rights advocates say the breach is about the most serious possible, as it creates a permanent risk for anyone on the list.
“This incident was particularly concerning due to the vulnerability of the people involved,” Australian Privacy Commissioner Timothy Pilgrim says.
The Immigration Department says “statistical data” was mistakenly embedded in a Word document that was published on DIBP’s website.
The report was accessed a number of times, and even republished by the site’s automated archiving service.
Mr Pilgrim said his office’s investigation found that DIBP was aware of the privacy risks of embedding personal information in publications, but that its systems and processes failed to adequately address those risks.