I'm sure the Privacy Commissioner is set to investigate the latest home town privacy failing to hit the news, this time by Medvet, Australia's largest provider of drug and alcohol testing in the workplace.The Weekend Australian reported Medvet's online store left accessible by Google, complete home and work addresses of customers and others who ordered paternity test kits, drug and alcohol test kits and other products this year and last year. According to The Australian today the cached pages were still there 24 hours later despite the company stating on Friday that it was doing everything possible to overcome the privacy breach.
- No public or private organisation in Australia has an obligation at law to notify those affected by any breach of privacy standards. Last week the Privacy Commissioner reminded us in reporting on a Telstra breach two years before that the Australian Government was currently considering a recommendation from the Australian Law Reform Commission that the law require mandatory notification of a significant breach of privacy. It's had that recommendation since 2008.The Privacy Commissioner has said previously we need such a law. The Minister for Privacy and Freedom of Information Brendan O'Connor in May was reported as saying such a system now ''appears necessary." Perhaps those concerned take some comfort that Medvet says the "board has instructed that an independent investigation is undertaken immediately into how this has occurred, who is affected and what can be done to address it. Once we have all the facts we will contact the clients whose details have been published to the internet." So relax until we get to you! Medvet aren't alone in all this. Sony Play Station took days to admit publicly there was a problem when what appears to have been a major breach of privacy came to light in May.
- The Information Commissioner has no powers to impose or seek penalties if an own motion investigation finds a breach of privacy principles. In the Medvet case, the Sony PlayStation case, or the Vodaphone or Dell cases before them. The minister's predecessor Senator Ludwig said the Government intended to do something about this in October 2009 He repeated this in July last year telling us the Government was powerless to do much after the finding of "very serious" breaches through Google's street view cameras.
Medvet says it is "committed to observing the National Privacy Principles as set out in the Privacy Amendment (Private Sector) Act 2000" and published this apology:
"Medvet Laboratories deeply regrets that its web store security has been compromised, as a result of which some clients' delivery addresses and product order details have become available on the internet. No client names, bank account details or results of any tests have been disclosed. On becoming aware of this Medvet Laboratories immediately closed the web store and we have initiated the necessary steps to have the information removed from the internet. We sincerely apologise for this occurring and for any embarrassment this may have caused to our clients. If you have any concerns in regards to this matter please contact me on 08 8132 7410.
Greg JohansenManaging DirectorMedvet Laboratories"