Information referred to investigations and their subjects

Aug 28, 2014 18:31 GMT  ·  By

Confidential information from the Australian Federal Police (AFP) has been exposed to the public for several years because the organization failed to redact documents that were published online.

The documents contained details about criminal investigations and communication interception operations, with the names of the subjects being detectable because of an improper electronic redaction process.

The leak occurred because the AFP provided the details to the Senate without obfuscating the classified text strings; the Senate then published the documents in their unaltered form on parliamentary websites, where they could be accessed for years.

According to The Guardian, the law enforcement agency along with the federal government are trying to implement a mandatory data scheme that would constrain telecommunication businesses to store personal data acquired from phone and web users.

It appears that the documents leaked online comprised not only the names of investigation targets, but also the offenses under the AFP scope and identification details like addresses and phone numbers.

The ASP reported the leak to the Australian Privacy Commissioner and the documents were taken offline. It is unclear if this information managed to tip off any of the subjects of investigations.

According to the Privacy Act, organizations holding personal information about individuals are obligated to take all the measures to protect it and avoid unauthorized access to it.