Professor John McMillan, Australian Information Commissioner announces the release of the Australian Privacy Principles (APP) guidelines.
Telstra says it immediately disabled all public access to the data when informed of the breach in May.
In a report released on Tuesday, the Australian Privacy Commissioner, Timothy Pilgrim, found the telco had breached privacy laws by releasing the information and by failing to take reasonable steps to secure it.
However he noted that Telstra “acted appropriately in responding to the data breach”.
In a separate report released on Tuesday, the Australian Communications and Media Authority (ACMA) found Telstra had also contravened the telco consumer protection code.
At the time the breach was discovered, Telstra was already subject to a direction from the communications watchdog to improve its customer data protection following a 2011 breach involving 734,000 customers.
As a result, the ACMA issued Telstra a $10,200 infringement notice, which Telstra says it paid last week.
When the third party did this, it inadvertently turned off access controls. Google later indexed the source files, which became discoverable via an online search.
Telstra said in a statement that the customer records in question “were only visible via a complex Google search and there were no significant complaints from affected customers”.
A spokesperson said Telstra has stopped using the IT platform responsible for the breach and invested in “more stringent” controls.
The telco will engage an independent third party auditor to certify that it has implemented better controls.
The results of the two investigations were released a day before sweeping new privacy laws come into force, strengthening the powers of the Privacy Commissioner.
“This incident is a timely reminder to all organisations that they should prioritise privacy,” Mr Pilgrim said.
news.com.au 11 Mar 2014
Telstra puts Australia workers into the unemployment queue, only to rehire cheap labour from overseas.
This naturally comes at a price, as the details are traded amongst other local 'companies'.
There is literally no quality control nor privacy assurance from the temporary backyard so called 'companies'.
The $10,200 fine is an absolute joke.
Another win for Telstra and a gross breach of privacy, where the 'fine' is not nearly enough for the company to be discouraged.