Australian Minister for Families and Social Services Anne Ruston has apologised to a survivor who had their personal information breached when the details of their application to the National Redress Scheme were uploaded directly to another person's myGov account.
"I regret most sincerely that this error has occurred, and that any trauma or distress that has been caused to the person whose information has been incorrectly uploaded, I believe those sentiments were passed on to the person directly by the officer who contacted her, but yes, I deeply regret what's happened," Ruston told Senate Estimates on Thursday morning.
The National Redress Scheme provides support to people who have experienced institutional child sexual abuse.
The scheme started on 1 July 2018, and is currently planned to run for 10 years.
As first reported by 10 News Queensland, the survivor's information was uploaded to the account of another survivor. This comprised 12 pages of highly confidential information, including address, phone number, bank account details, and Centrelink number, as well as their application to the scheme outlining the sexual abuse they had suffered.
Ruston told senators she was made aware of the breach on the weekend. Department of Social Services deputy secretary Liz Hefren-Webb said she was told last Friday.
The representatives were asked if they could give an ironclad guarantee that such a breach would not occur again.
"Obviously, when you're dealing with a situation where you have a lot of people, you can never give an ironclad guarantee, but I can assure you every measure has been taken and will continue to be taken to make sure that the safety around the privacy of the information of these people is our utmost consideration," Ruston said. "I can only apologise for what's happened."
Senators pointed to funding allocated to the National Redress Scheme as part of the federal Budget, with AU$104.8 million allocated last year. Hefren-Webb clarified the incident occurred in October 2018.
"The incident we're referring to happened some time ago, before the upgrade of the systems … we are still investigating how it occurred, but it was prior to the funding," she said.
"[A] large part of that funding was for additional redress support services, so non-government support services for survivors, but there was funding for improvements and we are working to improve the system. We are working to improve training."
Such training, she said, is around privacy. The department has also added further quality checks to the system.
"But this error obviously occurred fairly early in the scheme's life and we absolutely apologise without reservation to the person who it's affected," Hefren-Webb said.
An initial investigation is underway by the department, alongside its legal team.
"We're currently looking at the systems and what led to that, the issues, so I expect that we'll have a better understanding during next week," Ruston said.
When asked if the breach could lead to many survivors not reaching out to the scheme, Ruston said privacy is of the utmost concern to the department.
"We're always concerned that we put in place the best possible measures to support survivors through what is most often a very traumatic experience. And obviously, this is a situation that we need to investigate and make sure every precaution is put in place, that the protection of the confidentiality, privacy of survivors is always utmost in everything that we do," she added.
"I regret that this has happened, but we will continue to work tirelessly to make sure that we provide a scheme that is, that reflects what survivors need and want.
"I can't reiterate enough that we take the confidentially and privacy of individuals who are seeking to gain redress through this scheme very, very seriously."
Services Australia penalised for breaching privacy of a vulnerable customer
The agency's process for updating personal information in a domestic violence situation was not only alarming, but was found to be a breach of privacy by the Information Commissioner, too.
Services Australia reported 20 security incidents to the ACSC in 2019-20
Across Social Services, the NDIS, Veteran's Affairs, and its own operations, Services Australia says no breach of Australian citizen data has occurred.
Accidental personal info disclosure hit Australians 260,000 times last quarter
85 cases of human error resulted in 269,621 instances of Australians having their personal information disclosed accidentally.