G20主办方泄露各国领导人的隐私信息

G20主办方泄露各国领导人的隐私信息  

Exclusive: Obama
Putin
Merkel
Cameron
Modi and others kept in the dark after passport numbers and other details were disclosed in Australia's accidental privacy breach
Tony Abbott and Vladimir Putin cuddle koalas before the start of the first G20 meeting in November 2014. Photograph: Andrew Taylor/G20 Australia/Getty Imagess
The personal details of world leaders at the last G20 summit were accidentally disclosed by the Australian immigration department
which did not consider it necessary to inform those world leaders of the privacy breach.
曾出席刚过去的G20峯会的世界各国领导人之个人资料，被澳大利亚移民部意外地曝露了。就此私隐遭泄露一事官方没考虑需要通知这些世界领导人。
The Guardian can reveal an employee of the agency inadvertently sent the passport numbers
visa details and other personal identifiers of all world leaders attending the summit to the anisers of the Asian Cup football tournament.
The United States president
Barack Obama
the Russian president
Vladimir Putin
the German chancellor
Angela Merkel
the Chinese president
Xi Jinping
the Indian prime minister
Narendra Modi
the Japanese prime minister
Shinzo Abe
the Indonesian president
Joko Widodo
and the British prime minister
David Cameron
were among those who attended the Brisbane summit in November and whose details were exposed.
The Australian privacy missioner was contacted by the director of the visa services division of Australia's Department of Immigration and Border Protection to inform them of the data breach on 7 November 2014 and seek urgent advice.
In an email sent to the missioner's office
obtained under Australia's freedom of information laws
the breach is attributed to an employee who mistakenly emailed a member of the local anising mittee of the Asian Cup – held in Australia in January – with the personal information.
"The personal information which has been breached is the name
date of birth
title
position nationality
passport number
visa grant number and visa subclass held relating to 31 international leaders (ie prime ministers
presidents and their equivalents) attending the G20 leaders summit
" the officer wrote.
"The cause of the breach was human error. 'Redacted' failed to check that the autofill function in Microsoft Outlook had entered the correct person's details into the email ‘To' field. This led to the email being sent to the wrong person.
"The matter was brought to my attention directly by 'redacted' immediately after receiving an email from 'the recipient' informing them that they had sent the email to the wrong person.
"The risk remains only to the extent of human error
but there was nothing systemic or institutional about the breach."
The officer wrote that it was "unlikely that the information is in the public domain"
and said the absence of other personal identifiers "limits significantly" the risk of the breach. The unauthorised recipient had deleted the email and "emptied their deleted items folder".
"The Asian Cup local anising mittee do not believe the email to be accessible
recoverable or stored anywhere else in their systems
" the letter said.
The immigration officer then remended that the world leaders not be made aware of the breach of their personal information.
"Given that the risks of the breach are considered very low and the actions that have been taken to limit the further distribution of the email
I do not consider it necessary to notify the clients of the breach
" she wrote.
The remendation not to disclose the breach to the world leaders may be at odds with privacy law in some of their countries.
Britain
Germany and France all have different forms of mandatory data breach notification laws that require individuals affected by data breaches to be informed.
It is not clear whether the immigration department subsequently notified the world leaders of the breach after the initial assessment.
The office of the Australian immigration minister
Peter Dutton
did not respond to questions.
Australia's deputy opposition leader
Tanya Plibersek
called on Tony Abbott to explain why the world leaders were not notified of the breach.
"The prime minister and the immigration minister must explain this serious incident and the decision not to inform those affected
" she said.
Disclosure of the data breach is likely to embarrass the Australian government after controversial mandatory data retention laws were passed last week.
The passage of the laws – which require telemunications panies to store certain types of phone and web data for o years – has been marked by concerns about the adequacy of privacy safeguards by panies and government agencies that will handle the data.
The Greens senator Sarah Hanson-Young said: "Only last week the government was calling on the Australian people to trust them with their online data
and now we find out they have disclosed the details of our world leaders.
"This is another serious gaffe by an inpetent government."
Australia's immigration department was also responsible for the country's largest ever data breach by a government agency.
In February 2014 the Guardian revealed the agency had inadvertently disclosed the personal details of almost 10
000 people in detention – many of whom were asylum seekers – in a public file on its website.