Liverpool Council data breach over missing hard drive exposes insurance, personal information
Thousands of Liverpool Council employees and ratepayers have had their insurance claims and personal information exposed after an external hard drive went missing in a management bungle.
Liverpool
Don't miss out on the headlines from Liverpool. Followed categories will be added to My News.
Thousands of Liverpool Council employees and ratepayers have had their insurance claims and personal information exposed after an external hard drive went missing in a management bungle.
Phone numbers, addresses, names and details of public liability and workers compensation insurance claims – including the nature of the injuries and payments – were compromised, affecting 3877 individuals, after the drive disappeared on July 11.
The NSW Privacy Commissioner has been notified and a preliminary investigation launched after the council failed to find the drive despite an exhaustive search.
On Friday, a council spokesman said the data on the hard drive, which principally affected council employees, was lost after being “passed from an outgoing manager to the manager’s successor”.
“It is not our standard practice to use external hard drives for this purpose, and we now prohibit employees from doing this in the future,” the spokesman said.
External devices can no longer be used to store personal information “except with approval by council’s chief information officer”.
“Council is reinforcing this policy after this incident and will audit the use of external drives,” the spokesman said.
“We also have planned improvement measures, including technical constraints on use of external devices.”
Asked why the public was informed about the data breach five months after the hard drive was lost, a spokesman said the council began directly notifying affected individuals in September.
“Because the hard drive was lost, we had to spend considerable effort and time assessing what data was most likely to have been on it, and to then go through a risk assessment of that information,” the spokesman said.
“Council published a notification on its website in September.
“We have recently attempted to further raise awareness about the lost drive following a detailed assessment of the data that may have been contained on the drive.”
The council has since planned improvement measures, including technical constraints on use of external devices and has offered counselling and technical support to affected staff.
“We take full responsibility and are doing what we can to right this and prevent it from happening again,” the spokesman said.
Sydney man accused of sharing more than 100 child abuse files
A southwest Sydney man is facing 20 charges, including allegedly distributing more than 100 child abuse files and dealing drugs.
Man arrested over alleged ‘sex assault’ at busy shopping centre
Police were called to the Westfield shopping centre just before 10am on Tuesday where a 48-year-old man was arrested. Here’s what we know so far.