We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

NSW Privacy Commissioner investigates USB key auction

RailCorp sent a series of questions to find out what steps were taken prior to the auction

The lost property auction of more than 50 USB keys by RailCorp in Sydney has prompted an investigation by the NSW Privacy Commissioner into possible breaches of privacy laws around use and distribution of personal information.

The keys, which were acquired at the auction by security vendor Sophos, were all unencrypted with 33 of the keys containing malware. Tax deductions, photo albums and Web source codes were just some of the kinds of personal information Sophos found.

Deputy NSW Privacy Commissioner, John McAteer, told Computerworld Australia that a series of questions were sent to RailCorp on Friday, 9 December to ascertain what steps the organisation took before selling the USB keys.

McAteer's main concern was that the organisation may have breached sections of NSW privacy laws by selling keys with personal information.

"The allegation is that some of that data is what you would call personal information," he said. "For example, a contract to build a tollway is not personal information even though it might be in commercial confidence whereas a CV would be considered personal."

He added that RailCorp sold a number of laptops at the same auction but wiped the data contained on the computers.

"Our starting point would be that maybe RailCorp need to review the selling of these keys and dispose of them in some other way," he said.

"When you clean out an office and find things sometimes you throw them away because it's safer."

While McAteer's investigation has the power of a royal commission and he can make findings and recommendations, the Privacy Commissioner cannot issue fines. However, individuals who believe their privacy has been breached could obtain damages from the Administrative Decisions Tribunal.

McAteer expected to move to the second stage of the investigation before 25 December.

Got a security tip-off? Contact Hamish Barwick at hamish_barwick at idg.com.au

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU


IDG UK Sites

Where to buy iPhone 6 and iPhone 6 Plus in the UK: Launch day price, deals and contracts

IDG UK Sites

Is Apple losing confidence in itself?

IDG UK Sites

Professional photo and video techniques for perfect colours

IDG UK Sites

How (and where) to buy an iPhone 6 or iPhone 6 Plus in the UK. Plus: What to do if you pre-ordered...