Icare, a NSW government insurance agency, has issued a statement over a privacy ‘incident’ that happened on May 10, stating it was due to ‘human error’.
First reported in the Sydney Morning Herald, icare reportedly sent the private details of 193,000 injured workers to the incorrect employer. The details were sent as spreadsheets in email attachments.
In its statement, icare said it took immediate action as soon as it was aware of the incident, and was reviewing its processes to ensure a similar incident does not happen again.
“Icare takes its privacy obligations seriously and understands the important role we play in safeguarding the information we hold about injured workers. We are strengthening our controls to improve our safety measures,” the statement read.
The organisation has said it is working with both the Information and Privacy Commissioner of NSW (IPC) and third-party IDCARE, as well as notifying the State Insurance Regulatory Authority.
The IPC encouraged those affected by the breach to contact icare or contact IPC for further advice. The commissioner stated it will engage with icare to make sure the incident is investigated and those affected are remediated ‘where appropriate’.
Those that have received the incorrect information have been asked to delete the data.
It’s not the first time the state insurance agency has found itself in hot water, with a review by retired Supreme Court judge Robert McDougall last year finding icare was ‘sloppy’, but not ‘corrupt’.
Following the review, the NSW government said it was going to legislate recommendations from the review, announced by then-treasurer Dominic Perrottet. NSW minister for finance and minister for employee relations Damien Tudehope is the minister who oversees icare.
The NSW government has come under criticism earlier this month for voting to continue to award icare’s executives bonuses.