Tom Joyner reports:
The disability information of nearly 7,000 current and former students of the University of Sydney “lost” in a major privacy breach in February was unencrypted and unsecured, an internal review of incident has found.
The information was lost when a software developer employed by the University left a laptop containing a student disability database on a bus while returning home from work on February 29.
The University notified NSW Police of the breach on March 2, as well as the NSW Privacy Commissioner under the state’s privacy legislation two days later.
The six-page internal review, obtained by Honi Soit, concluded there was “no evidence” of unauthorised access, use or disclosure of the disability information on the laptop.
Read more on Honi Soit. See also ITNews, whose coverage includes reference to health privacy principles implicated in the breach.