Statement of Eligible Data Breach s 26WK Privacy Act 1988 (Cth)
Aboriginal Legal Service of Western Australia Limited (ALSWA) has formed the view that there are reasonable grounds to believe that there has been unauthorised access of information about its current and recent clients and/or any other member of the public who is or has recently been involved in a case with an ALSWA client. ALSWA believes that such unauthorised access is an ‘eligible data breach’ for the purposes of Part IIIC of the Privacy Act 1988 (Cth) (Privacy Act). This statement has been prepared in accordance with our obligations under the Privacy Act to notify, using this statement, the affected or at-risk individuals of the occurrence of an eligible data breach.
- Notification from:
Aboriginal Legal Service Western Australia
7 Aberdeen St, Perth 6000, Western Australia
- Description of the eligible data breach:
Between close of business on 31 October 2022 and opening of business on 1 November 2022, one or more persons committed a burglary on the Broome office of the ALSWA. Items stolen included a work mobile phone belonging to an ALSWA employee. We have reported the theft to the WA Police, and there is an ongoing investigation.
While the phone was not passcode protected, we promptly deactivated the phone so that it could not be used further. We have also attempted to remotely delete all of the emails from the employee’s work account, so those emails cannot be accessed by the person or persons who stole the phone.
We have no reason to believe that the person or persons who stole the phone have accessed or made use of the information.
- The kind, or kinds, of information concerned:
If you are a current or recent client of ALSWA, or any other member of the public who is or has recently been involved in a case with an ALSWA client, the person who stole the phone may have had access to the following types of information that may be of concern to you:
- basic contact details (addresses, email addresses, phone numbers);
- identity information (e.g. drivers licence numbers);
- information about an individual’s criminal record (if ALSWA was privy to that record); and/or
- information relating to an individual’s past whereabouts or activities.
- Recommendations about the steps that you should take in response to the eligible data breach:
If you think you may have been affected, we recommend being cautious with all unknown, unexpected and suspicious communications, including by:
- verifying the identity of people contacting you before providing them with any personal or sensitive information;
- avoiding providing individuals or entities with personal or sensitive information unless you are able to verify their identity; and
- contacting ALSWA if you have any questions or concerns.
Please contact the police immediately if you think that you may be at risk of harm.
The occurrence of the eligible data breach is being reported to the Office of the Australian information Commissioner as required by the Privacy Act.
If you need to speak to us, please contact us on 08 92656666 and ask to speak with Matthew Wheatley, IT Manager or by emailing firstname.lastname@example.org. Please note that ALSWA offices will be closed from 1 pm on Thursday 22 December 2022 until 8:30 am on Monday 9 January 2023.