The personal information that was shared was; name, phone number and/or email address of the person who reported the graffiti to Council. In some instances, the property address used to identify the location of the graffiti may link the person reporting the graffiti to that address.
Council became aware of the breach on 5 October 2020 and in response conducted an internal investigation. It was determined that the data breach started in March 2020. The dataset was immediately suspended from the data.gov.au website at 8.45 am on 5 October 2020, to prevent any further views/downloads. Council has endeavoured to directly contact any persons affected by this breach via email.
The initial published Graffiti dataset was correct and did not contain any personal details. However, during work to automate the generation of the Graffiti dataset, an incorrect version was selected. The accidental error led to the unapproved publication to the data.gov.au website. As the data was open to the public, Council is not able to confirm who has accessed the data.
Please be assured that the process for publishing open data has now been updated to include peer review and sign off prior to publishing. The automated generation of data has also been updated to only include information that relates to the location of the graffiti (street number, street name, suburb, post code and date submitted).
Council sincerely apologises for the disclosure of personal information and for any distress and inconvenience this may cause. Council regards the protection of personal information to be of great importance and makes every effort to safeguard personal information under its control. Council assures that this breach is being appropriately addressed by the organisation, and all endeavours will be undertaken to ensure that future breaches of this nature do not occur.
