500,000 address obtained by the NSW Customer Services Department through its QR code registration system have been published on a government website, in an indefensible breach.
The half a million addresses were those who registered as a COVID-Safe business, including numerous sensitive locations.
New South Wales Premier Dominic Perrottet admitted that the publication of 500,000 addresses, including crisis accommodation, domestic violence shelters, correctional facilities, power stations, Defence sites, and even a missile maintenance unit “shouldn’t have happened.”
The NSW Government have been aware of this breach since last October. It says the matter was bounced to the Privacy Commissioner who felt “the incident did not constitute a privacy breach”.
Perrottet claims he only found out about “an issue” this morning where sensitive data was “uploaded in error”.
“That was worked through Privacy Commissioner. My understanding is they were satisfied that the matter was resolved and that information was taken down. It shouldn’t have happened,” Perrottet said.
The NSW Customer Services Department, who collected the data, says it classed “less than one per cent” of the location data breached as sensitive.
A spokesperson insists the department “considers the security and privacy of customer information its highest priority”.
