Next page . . . . Previous page . . . . Speeches . . . . Contents . . . . Sittings . . . . PDF . . . . Video

Legislative Assembly for the ACT: 2021 Week 13 Hansard (Tuesday, 30 November 2021) . . Page.. 3867 ..

Vice-chair of the Australian Privacy Foundation and University of Canberra legal expert Dr Bruce Baer Arnold has also said:

The government now should be making a major commitment right across the ACT public sector to make sure that nothing like this ever happens again.

He went on to heed an alarming warning that, once the data is out there, it is not coming back.

We know that long-term public servants are worried about the breach, with one saying to the Canberra Times:

An apology would be nice and an acknowledgement that they’ve gone and done this, they need to acknowledge that they’ve caused undue stress to their own staff.

On 26 November this year the Canberra Times reported that the ACT United Firefighters Union called this a gross breach of duty of care, with the Community and Public Sector Union ACT, or the CPSU, also saying that their members were furious about the breach. CPSU regional secretary Maddy Northam said:

It is absolutely astonishing and concerning that workers’ private data has been publicly available for three years before the government was even aware of it. The data that has been available is of a highly personal nature, and it has been troubling for our members who have had a claim.

Ms Northam also said that union members were not told about the breach before reading it on the front page of the newspaper on 25 November.

Yet despite all of this concern from almost every stakeholder involved in this incident, those opposite have once again buried their heads in the sand. This government has announced an internal review, and that is simply not good enough. If we want to ensure that a breach of this nature does not happen again, a rigorous and, more importantly, independent review must be established. This is exactly what Dr Bruce Arnold called for and what the ACT United Firefighters Union called for.

I also note that the Special Minister of State did not give the Assembly a time frame for the review, which raises concerns that the review may not be completed as a matter of urgency.

The government knew about the data breach the day before the story broke and they did not contact the CPSU, nor did they did alert any of the claimants whose privacy was breached in such a way. The breach of 30,000 public sector employees’ personal health data cannot be taken lightly. This data breach contains highly personal and sensitive information: year of birth, gender, occupation, ACT government directorate, details of injuries, information about financial compensation—all made publicly available.

Next page . . . . Previous page . . . . Speeches . . . . Contents . . . . Sittings . . . . PDF . . . . Video