Next page . . . . Previous page . . . . Speeches . . . . Contents . . . . Sittings . . . . PDF . . . . Video

Legislative Assembly for the ACT: 2021 Week 12 Hansard (Thursday, 25 November 2021) . . Page.. 3699 ..


Major Projects Canberra—Part 1.11.

Debate interrupted in accordance with standing order 74 and the resumption of the debate made an order of the day for a later hour.

Sitting suspended from 12.02 to 2 pm.

Questions without notice

Government—data security

MRS JONES: My question is to the Treasurer. I refer to the story in the Canberra Times today about the major ACT government privacy breach that involves almost 30,000 ACT government workers compensation claims made since the commencement of self-government in 1989. This data was apparently uploaded to the public-facing Tenders ACT website by your directorate in 2018. Treasurer, were you informed at the time that this data was being made public, and if not, when did you become aware of the breach?

MR STEEL: Madam Speaker, I will take the question as the responsible minister for procurement as Special Minister of State.

I can confirm that the tender in question was seeking quotations for the administration of past and future ACT public service workers compensation claims for the period since 1989. The tender documents were placed on the Tenders ACT website in May 2018.

The tender was part of the ACT government’s move to become a self-insurer and move away from Comcare as an assessor of workers compensation claims for ACT government employees. The tenderers estimate that the cost to provide accurate quotes was necessary to provide tenderers with information about the number, nature and duration of the claims that would require management.

The spreadsheet in question was provided for that purpose and includes redacted de-identified information about ACT government workers compensation claims. The spreadsheet was heavily redacted prior to release so that the identity of workers compensation claimants could not be determined. This included removal of data fields such as claimant name, day and month of birth, address and contact details.

I only became aware of any concern in relation to this particular procurement yesterday, Madam Speaker, when I was contacted by the media.

MRS JONES: Given that the identity of the claimants has been identified, have you taken responsibility for this breach by reporting it to the Office of the Australian Information Commissioner as required under your government’s CMTEDD information privacy policy, on page 21?

MR STEEL: At this stage, we are not aware of a particular breach. That is why this has been referred to a review by the privacy officer in CMTEDD, who will be looking


Next page . . . . Previous page . . . . Speeches . . . . Contents . . . . Sittings . . . . PDF . . . . Video