Next page . . . . Previous page . . . . Speeches . . . . Contents . . . . Sittings . . . . PDF . . . . Video

Legislative Assembly for the ACT: 2021 Week 13 Hansard (Tuesday, 30 November 2021) . . Page.. 3869 ..

employee identification numbers or specific roles or positions. The spreadsheet was available to registered users on the Tenders ACT website for an initial period associated with the conduct of the tender in 2018, before being removed from public display.

A systems change in 2020 inadvertently resulted in this becoming accessible to registered users again. Once it was brought to the government’s attention that this spreadsheet was still available online and concerns had been raised about its contents, we took a number of initial steps. Firstly, the spreadsheet was removed from the Tenders ACT website on the same day, and I can confirm that it is no longer accessible to users outside of government.

We established a process for individual workers who believe their claims may have been included in this dataset to contact the ACT government for further information. This process and a dedicated contact point within the Chief Minister, Treasury and Economic Development Directorate has been communicated to worker representatives.

The ACT Information Privacy Act 2014 regulates how Australian Capital Territory public sector agencies handle personal information. It includes a set of territory privacy principles which cover the collection, storage, use and disclosure of personal information. Under an arrangement between the ACT government and the Australian government, the Australian Information Commissioner exercises some of the functions of the ACT Information Privacy Commissioner. These responsibilities include conducting assessments of ACT public sector agencies’ compliance with the Information Privacy Act.

I directed the Chief Minister, Treasury and Economic Development Directorate to make a self-referral to the Office of the Australian Information Commissioner about this matter, and that referral has now been made. I present the following paper:

Access to ACT Public Sector workers compensation data—Copy of letter to the Australian Information Commissioner and Privacy Commissioner from the Executive Group Manager, Procurement ACT, dated 30 November 2021.

The referral letter seeks advice from the Australian Information Commissioner on their view of this matter and whether there are any further steps the ACT government should take in relation to it.

This external body is well placed to review the facts of this matter and determine whether a data breach has, in fact, occurred. The ACT government will cooperate fully with the OAIC in their exploration of this matter and will take any further actions as advised or recommended following that process. We agree that information security and personal privacy are extremely important. We take protecting it very seriously, as the steps we have taken to refer this matter for external review indicate.

For future reference, in the event that members of this place become aware of publicly available information which they believe is not consistent with privacy legislation or principles, the appropriate course of action would be to draw this immediately to the

Next page . . . . Previous page . . . . Speeches . . . . Contents . . . . Sittings . . . . PDF . . . . Video