AIIA executive director Rob Durie told ZDNet Australia that a couple of temporary files hadn't been deleted by its service provider following the transition to its new portal on August 8.
-It's fair to assume they've been there since then," Durie said of the files that were eventually deleted on Wednesday, October 17 -- after they were found during a random Internet search by an individual who notified the AIIA.
The files contained information including member name, company, e-mail address and AIIA portal password to the members' only component of the Web site. The leaked passwords were immediately inactivated and 3500 contacts were re-issued with new ones on Friday, October 19.
The information, communications and technology industry body, which claims on its Web site to be -committed to leading our industry on privacy issues", launched its Privacy Compliance Initiative in May this year and supplies members with an online security toolkit designed to help them understand their obligations, implementation and compliance of the new privacy laws coming into effect December 21.
Durie described the AIIA's privacy oversight as an -extremely low-level incident" and said the organisation doesn't have any evidence that personal information had been accessed. However, -it just shows we can't be too careful...we've taken it as a reminder to ourselves and our members that you have to go the extra yard to not release personal information," he added.
Durie said he was -totally confident" that the issue was isolated and said the AIIA, which has 370 member companies, had informed members of the glitch by e-mail and had briefed the Privacy Commissioner, Malcolm Crompton, of its privacy breach.
-I believe he was pretty relaxed about the level of information [released], was pleased with our prompt action and that we kept him in the loop," Durie said.
The Privacy Commissioner has been contacted for comment.
