A Melbourne council has apologised for accidentally sharing personal information identifying hundreds of people who reported graffiti on a public government website.
City of Port Phillip Council CEO Peter Smith has revealed to Government News that 859 phone numbers and 764 email addresses and the names of people who had reported graffiti were published on the data.gov.au open data website over a period of seven months.
In some instances, the address used to identify the location of the graffiti could link the person reporting the graffiti to that address.
“We apologise unreservedly to those whose personal information was disclosed when the wrong version of a graffiti management dataset was inadvertently uploaded in March 2020 to a government website used by researchers,” Mr Smith said.
“The information published was a combination of personal, and publicly available, emails and phone numbers relating to graffiti reports.”
Open data
The data.gov website contains what is supposed to be anonymous data collected by federal, state and local government during the course of normal activities, including service delivery and administration.
It is intended as a resource for people who work with open data in the Australian Public Service or carry out publicly-funded research.
Mr Smith said the breach happened in March when work to automate the graffiti management dataset resulted in the wrong version being selected for publication. Council only became aware of it on October 5.
Council says the data has been taken down from the website and it is trying to contact those affected.
The data is open to the public so council is unable to say who has accessed it.
“Council regards the protection of personal information to be of great importance and makes every effort to safeguard personal information under its control,” a says in statement on its website.
“Council assures that this breach is being appropriately addressed by the organisation, and all endeavours will be undertaken to ensure that future breaches of this nature do not occur.”
Mr Smith says Council has published 29 open datasets since 2017 and this is the first time a breach has occured.
Other published data contains information about dog walking zones and car share locations.
The federal government’s public data policy statement requires all government agencies to make non-sensitive data open by default.
Comment below to have your say on this story.
If you have a news story or tip-off, get in touch at editorial@governmentnews.com.au.
Sign up to the Government News newsletter
When this breach occurs in the private sector, serious penalty applies to the offending individuals and organisation. Will the same rule of law applies in this case, or the council can exercise self regulation and dismiss this legal breach without due diligent consequences as in the private sector? The actual decision exercised will reveal the real governance culture and practice proficiency of the council involved, which may raise concerns or sustain trust in the governance performance of our LG sector.