This Is Really The Sort Of Security / Privacy Incident That Should Not Be Happening And Heads Should Roll!

I read this a few days ago with increasing alarm …Watchdog calls for mandatory data breach notification laws in VictoriaJoseph BrookesSenior Reporter15 September 2022Victoria ’s privacy watchdog has called for data breach notification laws in the state after a government department failed to tell people their data had been exposed in a serious breach by a man convicted of sexually assaulting a child.The former case worker, Alexander Jones, is currently serving a six-year prison sentence for sexually assaulting a 13-year-old boy, whose information he attempted to access through the government database.He had unauthorised access to the system because it was not revoked by the government department when he left one of its service providers in 2017, despite serious concerns about his behaviour at the time.When the data breach was investigated by the Office of the Victorian Information Commissioner (OVIC) in 2020, the department said it was voluntarily notifying the children whose data had been accessed by Jones.This did not occur, according to a subsequent, wider investigation of the incident by the state ’s Ombudsman released this week, prompting the call for a mandatory data breach notification scheme.OVIC ’s data breach inquiry revealedJones had unauthorised access to the personal information of dozens of vulnerable people for more than a year through the state ’s Client Relationship Information System for Service Providers or CRISSP system.Published last year, the w...
Source: Australian Health Information Technology - Category: Information Technology Authors: Source Type: blogs