Privacy Commissioner looking into a allegations about data leak from Cbus

July 7, 2014 |

The Age reports in Superannuation giant Cbus under the spotlight at Royal Commission into union corruption on a very serious allegation of strategic leak of personal information from Cbus to a union, the CFMEU in 2013.  The Privacy Commissioner is reportedly investigating the allegations.  Rogue behaviour by staff or officers of a company is a real security issue.  That doesn’t mean there are not ways of stopping or minimising that behaviour.  Restrictions on access to databases, restrictions on downloading data, restrictions on transferring data are all possible through programming and settings.

The article provides:

The Royal Commission into union corruption will today examine the practices of superannuation giant Cbus, after revelations in Fairfax Media that the fund was involved in large-scale leaking of workers’ personal details to the CFMEU.

Fairfax Media revealed in May that Cbus was allegedly involved in two such leaks in 2013.

Privacy commissioner Timothy Pilgrim launched an investigation earlier this year into allegations that a Cbus senior employee, Steve Gaske, leaked personal information about more than 300 employees of a company subject to a construction union industrial campaign.

Mr Gaske is also honourary president of the Queensland Construction Forestry Mining and Energy Union.

Cbus files reveal that an internal inquiry by the superannuation fund has already found Mr Gaske inappropriately sent personal details of more than 300 workers to a third party “without consent” and has been the subject of “remedial training”.

Fairfax Media also revealed in May that the NSW CFMEU secretary Brian Parker had allegedly conspired with a Cbus employee in Melbourne to leak to him the personal details of 400 mostly non-union workers, including their home addresses and private financial details.

The workers were employed by a company, Lis-Con, and Mr Parker allegedly wanted to use the information to help an industrial campaign against the company.

The alleged leak of Cbus members’ personal details involving Mr Gaske and under investigation by the privacy commissioner also involved Lis-Con.

Lis-Con, a concrete construction company, had sued the CFMEU in two states and union leaders from throughout the nation met in Sydney last year to discuss ways to campaign against the company.

Mr Parker has publicly denied his involvement in the alleged leak, despite Fairfax Media obtaining the leaked database and a statutory declaration from a union insider alleging that Mr Parker organised the information breach and told the insider “not tell anybody about it”.

Mr Parker declined to comment further, citing ongoing investigations, but has flagged he will deal with the matter at the royal commission into union corruption.

It is understood an internal Cbus inquiry into the alleged leak to Mr Parker has identified two staff members suspected of involvement.

Cbus documents reveal that one of the privacy breaches occurred in July last year after Mr Gaske was asked for information about Lis-Con’s payment of superannuation to its employees by a Queensland construction company that had subcontracted Lis-Con.

Cbus is allowed to share limited information with third parties to ensure proper payment of workers’ entitlements.

But the Cbus files show that, instead of sending the contractor basic information about the few dozen workers involved, Mr Gaske sent information about 306 Lis-Con workers, including their names, dates of births, superannuation contributions and member numbers, duration of employment and salary sacrifice details.

Mr Gaske then sent another email with the same details about 35 other workers.

There is no evidence Mr Gaske’s alleged leak was used in an industrial campaign.

But the other information allegedly leaked to Mr Parker was used to contact Lis-Con workers in an effort to pressure the firm’s managers.

Sources close to Lis-Con said the two leaks showed that the union and Cbus were party to an attempt to damage the company with no regard to the privacy rights of workers who had selected the superannuation fund in the belief their details would be kept confidential.

The Cbus fund’s board, which includes Australian Council of Trade Unions president Ged Kearney, CFMEU national secretary Dave Noonan, NSW CFMEU president Rita Mallia and is chaired by former Victorian premier Steve Bracks.

There is no suggestion the Cbus board knew of the leaking of the members’ details. 


One Response to “Privacy Commissioner looking into a allegations about data leak from Cbus”

  1. Privacy Commissioner looking into a allegations about data leak from Cbus | Australian Law Blogs

    […] Privacy Commissioner looking into a allegations about data leak from Cbus […]

Leave a Reply