Accidental data release 'not data breach' says EFC
The coordinator of the NSW container deposit scheme, Exchange for Change, has said there was no data breach in relation to the inadvertent release of invoice data for 16 drinks companies.
Exchange for Change said “no data breach has occurred” during the incident, because “a data breach which, in accordance with the Privacy Act 1988, is an event where personal information is disclosed to third parties and serious harm is likely to occur as a result”.
The organisation said that the information disclosed was limited to company names, invoice dates, invoice numbers and outstanding amounts.
“Due to the nature of the calculation of the invoice amounts including factors such as individual supplier true-ups, advance contributions, and scheme material mixes, the figures contained therein do not provide an accurate reflection of the production of any supplier,” an Exchange for Change spokesperson said.
“The information that was disclosed is therefore not capable of causing significant harm to any entity including that it cannot be used to calculate any entity’s financial position or manufacturing figures nor was any market share or volume data included.”
However affected brewers have responded saying that they consider the release of this sensitive information was a worrying ‘breach’.
“There was definitely a privacy breach on a couple of different levels,” said Dave Padden, owner of Akasha Brewing Company, which was also affected by the data release.
“The emails/letters that were incorrectly sent contained sensitive financial data outlining the monthly dollar amount that was due for that brewery,” he said.
“Whilst not direct volume data, it’s pretty basic mathematics to get a feel for the monthly volumes in NSW. The attachments also contained contact and address details.”
The issue, said brewers, was that the inadvertent release of the data opened up worrying possibilities about the use of data in other areas of the scheme.
“Is this a one-off case or is their potential for more breaches?” asked Padden.
“It really was a basic error to be honest, and does not fill me with confidence that the rest of their systems are bullet proof from a privacy perspective.
“I’m concerned from both an internal and external perspective considering the scheme is run by Asahi, CUB, CCA, Coopers and Lion.”
A spokesperson for another drinks company affected by the accidental disclosure, who asked not to be identified, said that it was “disappointing that a scheme that has already been under heavy fire and scrutiny has a data breach”.
“Even more disappointing is that not myself, nor our lead of this department internally received any communication from the scheme administrator of what happened, what the impact is, and what they are doing to close it off. Contrast this to the communication strategy of private companies that have data breaches,” the source said, despite Exchange for Change advising Brews News the issue had been ‘rectified’.
Exchange for Change did email recipients after the release apologising for the “inconvenience”.
The accidental data release comes as brewers have been advised by Exchange for Change that their fees for containers would be increasing as part of “NSW CDS summer pricing”.
Under the “new and simplified approach”, brewers were advised that pricing will be fixed per container by material type.
As an example of the changes, advance contribution pricing in November and prior was set at 10.31 cents per aluminium container. It is being increased to 16.5 cents in December 2019, then down to 15 cents in January invoices.
Glass contribution pricing will be increased from 11.8 cents per container to 16 cents in December, and 17.25 cents from January.
Exchange for Change said that compared to last year, volumes supplied for the same period were similar, however it was “experiencing higher redemption rates leading into the summer period”.
It expects ‘record’ redemptions in January and February – invoiced in advance in December and January.
“Redemption rates are expected to reach 80% overall during these months with glass and aluminium expected to be closer to 100% of the volume supplied in the same month,” a spokesperson for Exchange for Change said.
“Supplier contributions are billed in advance to cover the cost of the scheme including the management, administration and operations.
“The higher pricing is driven by the increased redemption rates relative to supply by material type. The scheme operating costs include the 10c refund paid to consumers, the network operator processing fees per unit by material type and claims paid to material recovery facility operators.
“The new supplier contribution approach is specifically designed to remove price volatility and provide certainty with fixed pricing per material type. Further details explaining the transition to the new approach will be communicated mid-November.”