Has this been referred to the privacy commissioner? I am sure it has, voluntarily by QLD Police (although it’s QLD, so who knows), however, I wonder what are the consequences? A “sorry” is not good enough when safety has been put at risk.
In situations where, for example, credit card data is stolen and there is a clear case of negligence or ignorance (i.e. company is at fault), the offending party generally (a) settles all fraudulent charges; and (b) offers free credit monitoring service to the victims of the data breach. Will this be the case in QLD, free monitored alarm service?
Stolen data has no expiration date. In a typical data breach lifecycle, the data will be hoarded for a while, until it is useful. Not uncommon to have someone sit on it for few years. Then, when it can be monetised, for example, sold to someone else with email addresses and physical addresses or surnames, this becomes a shopping list for criminals. Not to mention that a lot of email addresses contain surnames, that could be found on Facebook with photos of houses, car registration numbers, etc. Google image search could then assist with determining where a photo was taken. Not rocket science.
Will QLD Police be paying for monitored security alarm services for everyone on email recipient list for as long as the address is occupied by the LAFO?