The personal information of hundreds of prisoners, corrections officers and visitors, along with sensitive operational information about Canberra’s prison has been inadvertently disclosed by the ACT Government.
The significant data breach means the ABC can reveal at least one ACT public servant attempted to bring contraband into the Alexander Maconochie Centre (AMC) — their second such attempt.
The information was accidentally released to the ABC in freedom of information (FOI) documents about drug seizures in the AMC.
The data was meant to be redacted because the justice directorate believed some of it could “expose vulnerabilities in the AMC’s security” and “in turn endanger the safety of detainees, staff and the community”.
“The consequences of releasing all documents … would undermine the security and good order of ACT Corrective Services,” it read.
According to analysis by the ABC, the data revealed the full names of at least 592 prisoners, 10 prison visitors and the surnames of 77 corrections officers.
It outlined which detainees had overdosed, where contraband was found and which people and areas had been targeted for searches.
Those disclosures may be in breach of section 27A of the Freedom of Information Act 1989, which says access must not be granted to personal information unless that person is given a reasonable chance to object.
Data released in bungled FOI response
The Government had intended to release the information to the ABC in a redacted form, removing personal and prejudicial information.
But a bungle with the Microsoft Office program Excel meant those redactions did not take place, with the data being digitally covered in black without actually being removed.
In one instance, an entire spreadsheet was provided completely unedited, exposing further details about which officers conducted each search.
The release highlights potential problems with how officers are told to redact and release information, just one month before the scheme undergoes a major overhaul.
Under new laws passed in the ACT Legislative Assembly last year, agencies must release information more proactively and apply a higher test to what information can be withheld.
‘Not in accordance with expected practice’
In a written statement, a spokesman from the Justice and Community Safety Directorate said the release of data “was not in accordance with expected practice” and confirmed the information provided to the ABC was not given to anyone else.
The spokesman said ACT Corrective Services would notify affected individuals as soon as possible and work with them to “mitigate any potential harm that could result from the unauthorised disclosure of information”.
The directorate said there had been a voluntarily notification made to the Australian Information Commissioner and it would work with that office to develop procedures to prevent similar breaches in the future.
“The matter has also been reported to the internal Audit Performance and Improvement committee”, the statement read.
“A review will be undertaken of the circumstances and processes to ensure that future processes mitigate the risk of inadvertent release of personal information.”