On Friday 28 October 2016 the Australian Red Cross announced that one of its IT providers had inadvertently caused the personal information of over half a million Australian blood donors to be published on a public-facing website. The extent of the damage from this data breach remains unknown. The breach is currently under investigation by the Australian Cyber Security Centre and the Office of the Australian Information Commissioner (OAIC). This is the most significant data breach reported in Australia’s cyber history. It provides a timely reminder to charities and the not-for-profit sector regarding the importance of protecting donors’ personal information – especially where sensitive information, as described below, is collected.
It’s vital that charity and not-for-profit boards and senior executives remain fully informed about their privacy obligations - and ensure that these obligations are given strong operational effect across their organisation.