We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

NSW Privacy Commissioner investigates USB key auction

RailCorp sent a series of questions to find out what steps were taken prior to the auction

The lost property auction of more than 50 USB keys by RailCorp in Sydney has prompted an investigation by the NSW Privacy Commissioner into possible breaches of privacy laws around use and distribution of personal information.

The keys, which were acquired at the auction by security vendor Sophos, were all unencrypted with 33 of the keys containing malware. Tax deductions, photo albums and Web source codes were just some of the kinds of personal information Sophos found.

Deputy NSW Privacy Commissioner, John McAteer, told Computerworld Australia that a series of questions were sent to RailCorp on Friday, 9 December to ascertain what steps the organisation took before selling the USB keys.

McAteer's main concern was that the organisation may have breached sections of NSW privacy laws by selling keys with personal information.

"The allegation is that some of that data is what you would call personal information," he said. "For example, a contract to build a tollway is not personal information even though it might be in commercial confidence whereas a CV would be considered personal."

He added that RailCorp sold a number of laptops at the same auction but wiped the data contained on the computers.

"Our starting point would be that maybe RailCorp need to review the selling of these keys and dispose of them in some other way," he said.

"When you clean out an office and find things sometimes you throw them away because it's safer."

While McAteer's investigation has the power of a royal commission and he can make findings and recommendations, the Privacy Commissioner cannot issue fines. However, individuals who believe their privacy has been breached could obtain damages from the Administrative Decisions Tribunal.

McAteer expected to move to the second stage of the investigation before 25 December.

Got a security tip-off? Contact Hamish Barwick at hamish_barwick at idg.com.au

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU

IDG UK Sites

Best January sales 2015 UK tech deals LIVE: Best New Year bargains and savings on phones, tablets,...

IDG UK Sites

Chromebooks: ready for the prime time (but not for everybody)

IDG UK Sites

2015 visual trends: 20 leading designers & artists reveal what should be inspiring us in 2015

IDG UK Sites

Mac tips tricks & hacks: 10 things you didn't know your Mac could do