Paxton Booth said many people had no idea personal information such as their name, address and phone number had been mistakenly or purposely released by public servants, even if it put their safety in jeopardy.

He’s told Professor Peter Coaldrake a mandatory notification scheme – like that recommended by the Crime and Corruption Commission two years ago but never legislated – would improve government transparency and accountability and better protect unsuspecting Queenslanders.

“We’d like to see mandatory data breach notifications to us and, I think more importantly, to the people that are impacted by the breach,” Mr Booth told The Courier-Mail in an interview to mark Privacy Week.

“The types of complaints we get here are mostly around breaches of a person’s contact information, so name, address, emails, phone number, which can cause harm to people.

“Some of the big risks … where someone’s a victim of DV (domestic violence) and their name and address gets leaked, that can have quite big ramifications for those individuals and they’ve got to pack up, move their life and start again.”

** Got something to tell the Coaldrake inquiry? You can make a submission here **

Breaches could occur for a range of reasons, from mistakenly attaching the wrong email attachment, to “stickybeak” searches of friends, relatives and neighbours, to public servants accessing and onselling information for personal benefit, Mr Booth said.

A commission audit revealed concerning examples of departments in which public servants had never been trained around their responsibilities in handling information.

Mr Booth said a mandatory scheme, a new offence of misuse of confidential information by public officers with a 10-year jail term and allowing regulators to proactively audit departments – all recommended by the CCC – would send a loud message to the public service to take these issues seriously.

“Even though you’ve got a log in, you’re in the system lawfully doesn’t mean that it’s open slather to go and look up whoever you want,” he said.

“Otherwise good people do silly things out of curiosity and get themselves in trouble because they lose perspective on what it is they’re accessing.”

Meanwhile, Mr Booth revealed people’s online identities weren’t protected under the state’s outdated Privacy Act.

While legislation covered standard information, like names and addresses, he said the law hadn’t kept up to date with the vast amounts of data people were now handing over during online interactions.

That included locational data and information linked to a person’s mobile phone that could be used to identify them.

“One of the things that’s also changed is agencies are asking us to transact more and more online … (and) there’s lots of data that pass through those networks now that could facilitate someone being identified,” Mr Booth said.

More Coverage

Public service integrity complaints triple as scathing review revealed

Jessica Marszalek, Domanii Cameron

Taxpayers foot $50k bill for integrity lessons

Domanii Cameron