Medvet board to investigate privacy breach
More faces meet palms in South Australia
Medvet, the paternity-and-drug-testing laboratory owned by the South Australian Government that allowed Google to index its customer records until last weekend, says it will investigate how the breach occurred.
According to the Australian Broadcasting Corporation’s PM radio programme on Monday evening, the breach affected more than 800 individuals who had placed online orders with the company.
The Australian, which broke the story on Saturday (July 16) has also said that the privacy breach, known to the company since April, wasn’t reported to the South Australian government until the weekend, even though a Health Department manager sits on the company’s board.
Speaking to PM, Medvet CEO David Swan said “it appears that there’s been some issue … that’s occurred with the software between Google and some software that’s being used by the company to register requests for drug tests.”
Swan said the company has requested its board to conduct “an independent investigation both from a forensic IT perspective but also from the events which have led up to this”.
What appears to be inadequate communication between the Medvet board and its owner, the South Australian Government, seems surprising considering that a sale of the company had been http://www.health.sa.gov.au/Default.aspx?tabid=792 proposed in the 2010-2011 state budget.
The government’s public budget papers didn’t put a valuation on Medvet, but a copy of internal budget documents leaked on a USB key to the ABC last year put a valuation of AU$15 million on the company.
The Australian Privacy Foundation’s health chair Juanita Fernando told PM that litigation is inevitable following the Medvet breach. ®
Bootnote: This author was taken to task yesterday for over-emphasising the role of robots.txt. That’s a fair cop: but protecting sensitive information should be part of Web 101 for an organization such as Medvet. Public humiliation should be the least of the punishments. ®
Sponsored: Network DDoS protection