[ad_1]
When a sensitive New South Wales Police email landed in Richard McDonald’s inbox earlier this month, he couldn’t believe the irony.
The email, clearly not intended for him, contained confidential and personal information about a woman police had just fined for violating the Covid lockdown under questionable circumstances.
Officers believed the woman’s job checking grocery stock levels for a distribution company was not essential under the Covid-19 restrictions.
It was bad enough that the police sent the material to McDonald, a civilian who had nothing to do with the case, in an apparent case of mistaken identity.
Worse yet, McDonald had just won his lawsuit against NSW police months earlier, after police violated his privacy in exactly the same way.
Perhaps most ridiculous of all was the fact that the McDonald’s case prompted the Information and Privacy Commission to warn NSW police to change their systems to avoid further breaches and “call back to staff the importance… of correctly addressing e-mails ”.
It appears NSW Police were attempting to send details of the case to a lawyer by the same name as McDonald’s.
The embarrassing blunder has now prompted an apology from NSW police and a new complaint to the Privacy Commissioner.
McDonald said the fact that a forward commander of the police operations center sent him the confidential documents should pose serious questions to the Privacy Commissioner.
“They weren’t even aware of the breach until I contacted them and told them,” he said.
“Given the levels of access to personal information that the [NSW police force] Appreciate, this incident underscores precisely why privacy should be of paramount importance to the NSWPF. “
NSW Police said they had since apologized to “everyone involved.”
“The NSW Police Force is aware of an incident in which an email was sent in error to an individual and an apology was issued to everyone involved,” a spokesperson said.
“The NSW Police Force treats the privacy of personal information as strictly confidential.”
Privacy concerns have been a persistent issue for NSW Police.
Last year, more than 150 people had their personal email addresses leaked after complaining about the use of capsicum spray against protesters at a Black Lives Matter rally in Sydney.
NSW Police emailed a man, Samuel Leighton-Dore, to tell him that his complaint of excessive use of force had been dismissed. She sent him a second email, which was not intended for him, and copied it into the personal email addresses of about 150 other people who had filed complaints.
The incident sparked an internal investigation.
In the case of McDonald’s, he had submitted a request for information held by NSW Police through the State Government Information (Public Access) Act 2009.
Police mistakenly sent their decision on his claim, including his personal information, to a stranger, despite confirming the correct email address earlier.
Police attempted to tell the Information and Privacy Commissioner that the error was the result of a “typographical error”.
The IPC said there was “no evidence before me to support this conclusion.”
“The commissioner did not produce any evidence from the person who sent the email as to why the wrong email address was used,” he said. “A number of explanations suggest themselves, both innocent and otherwise.”
NSW Police have been asked to investigate the possibility of automatically populating email addresses from their case management systems and using read receipts for important emails.
The IPC also asked the police to apologize to McDonald’s. He did not receive the apology until Friday. The Guardian also understands that NSW Police only sent staff an email reminding them of the need for correct email addresses on Friday.
Source link