The Department of Health has notified me of a potential vulnerability within the Medicare Benefits Schedule and Pharmaceutical Benefits Scheme datasets, published on data.gov.au.
Based on the information provided, I have opened an investigation under section 40(2) of the Australian Privacy Act 1988.
The primary purpose of the investigation is to assess whether any personal information has been compromised or is at risk of compromise, and to assess the adequacy of the Department of Health’s processes for de-identifying information for publication.
I welcome the decision of the Department of Health to immediately suspend access to the data set.
The results of my investigation will be published at its conclusion.
Timothy Pilgrim PSM
Australian Privacy Commissioner
Acting Australian Information Commissioner