Personal information was accidently disclosed through data that Council published on the data.gov.au website. Council provides various open data to the public on this website and in this instance the privacy and data breach occurred within the Graffiti Management dataset.
The personal information that was shared was; name, phone number and/or email address of the person who reported the graffiti to Council. In some instances, the property address used to identify the location of the graffiti may link the person reporting the graffiti to that address.
Council became aware of the breach on 5 October 2020 and in response conducted an internal investigation. It was determined that the data breach started in March 2020. The dataset was immediately suspended from the data.gov.au website at 8.45 am on 5 October 2020, to prevent any further views/downloads. Council has endeavoured to directly contact any persons affected by this breach via email.
The initial published Graffiti dataset was correct and did not contain any personal details. However, during work to automate the generation of the Graffiti dataset, an incorrect version was selected. The accidental error led to the unapproved publication to the data.gov.au website. As the data was open to the public, Council is not able to confirm who has accessed the data.
Please be assured that the process for publishing open data has now been updated to include peer review and sign off prior to publishing. The automated generation of data has also been updated to only include information that relates to the location of the graffiti (street number, street name, suburb, post code and date submitted).
Council sincerely apologises for the disclosure of personal information and for any distress and inconvenience this may cause. Council regards the protection of personal information to be of great importance and makes every effort to safeguard personal information under its control. Council assures that this breach is being appropriately addressed by the organisation, and all endeavours will be undertaken to ensure that future breaches of this nature do not occur.
Council has published 29 open datasets and this is the first data breach since making this data available in 2017. The data.gov.au website is intended as a resource for people who work with open data in the Australian Public Service or carry out publicly-funded research.
The following link to the Office of the Victorian Information Commissioner (OVIC) website provides a useful resource explaining what a data breach is and how you can reduce the risk of suffering harm as a result of a breach, including what actions you can take.
Should you have any questions regarding this notification, or if you would like more information, please do not hesitate to contact Council’s Privacy Officer via email at HelpPrivacy@portphillip.vic.gov.au.
Please note that under the Privacy and Data Protection Act 2014, anyone who is not satisfied with how Council has endeavoured to resolve the situation is entitled to make a complaint to the Office of the Victorian Information Commissioner. The contact details for the Office are as follows:
Office of the Victorian Information Commissioner
Privacy and Data Protection
PO Box 24274
MELBOURNE VIC 3001
Telephone: 1300 666 444
Additional information is available on the Office of the Victorian Information Commissioner’s website.