NSW customer service minister Victor Dominello says he never alerted the premier about addresses of COVID-safe businesses published in error by NSW’s Department of Customer Service.
Dominello became aware of the mistake – which published the addresses of 428 premises including family violence shelters – on September 30, 2021.
The following day, the department notified NSW’s privacy commissioner, Samantha Gavel, who has since confirmed no personal information was revealed in the data sets and the incident did not involve the QR-code check-in app.
Dominello told a budget estimates hearing this week he had not seen the need to inform the premier about the issue.
“Given that there was no breach of any data set, and the immediate remediation and the satisfaction of the privacy commissioner, I did not inform the premier,” he said, later adding that “ultimately, the buck stops with me”.
Notice of the error happened as Gladys Berejiklian resigned as premier at the beginning of October. Premier Dominic Perrottet said last month he was only made aware of the issue then and the incident “shouldn’t have happened”.
William Murphy, deputy secretary of customer, delivery and transformation at the Department of Customer Service, told budget estimates the department had been in touch with technology company Accellion after the incident.
“[Our] analysis was completed by the middle of October and, immediately after that, having confirmed the shortlist of premises that were impacted, we notified them by telephone on 19 October and 20 October. There was a follow-up letter on 21 October,” he said.
In a separate incident, Transport NSW was caught up in a worldwide Accellion data breach in February 2021, where the department informed customers that “some personal information was obtained by an unauthorised person”.