The Australian Federal Police (AFP) has issued an apology after it emerged that metadata related to criminal investigations was accidentally released online.
According to a report by <i>The Guardian</i>, the information included the address of a target who was under surveillance, criminal investigations and offences being investigated, names of some AFP officers and other information including the phone number of an individual.
An AFP spokesperson told Computerworld Australia that on August 27, 2014, it was informed that information relating to a Telecommunications Interception Act request for telecommunications data was “inadvertently released” as part of the answer to a parliamentary Question on Notice in 2012.
Although the information was electronically hidden within the document, a phone number and an address could, under certain circumstances, be accessed, said the AFP.
At the request of the AFP, the data was taken down from the Parliamentary Services website.
“The AFP takes this breach very seriously, and has immediately taken the appropriate steps to rectify the matter. We have self-reported this breach to the Australian Privacy Commissioner," said the spokesperson.
“The AFP has also apologised to the relevant stakeholders associated with this matter.”
Australian Privacy Commissioner Timothy Pilgrim confirmed that he received an alert from the AFP yesterday that it mistakenly disclosed personal information.related to criminal investigations.
“The OAIC is awaiting further information from the AFP and will then assess the data breach in line with its normal processes,” Pilgrim said in a statement.
He added that all government agencies and organisations covered by the Privacy Act carefully consider the importance of data security and the risk of data breach.
The accidental data breach comes after AFP deputy commissioner Andrew Colvin moved to reassure Australians about the federal government’s proposal to introduce data retention legislation.
"Our ability to access telecommunications call data not to observe minutely everyone's surfing of the Web or anything like that but our access to ability to access the what, where, when, and how of telecommunications ... is an absolutely crucial tool to the protection of Australia and the protection of Australians," said Colvin in August 2014.
"In so far as an IP address might point to a website that's been visited — a URL for instance — that is content and is not permissible under a metadata authorisation. That is content that will require a warrant," he added.
Follow Hamish Barwick on Twitter: @HamishBarwick
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.