NSW government mulls HIV-status database

Can barely build a system, let alone secure it


A state with a poor record for protecting private data, in a country that has no mandatory breach disclosure, wants to add names to a health database containing peoples' HIV status: what could possibly go wrong?

The NSW state government is currently considering a regulatory report suggesting the change. The NSW Health discussion paper describes the de-identification of HIV patient records in the state's database of notifiable diseases as an anachronism.

Unsurprisingly, gay activists are furious, and I'm inclined to agree with them.

For example: it's five days since the NSW TrainLink Website was compromised and customer data stolen. In that time, only the bare minimum of information has been released, and at the time of writing the state's transport body hasn't been able to get the booking system back online.

The same state government is overseeing a train-wreck IT implementation in its education department, and there's a police culture of misusing data access. Most recently, a magistrate slapped down an “assault police” charge and awarded all costs to the accused, because the police demanded her telephone and (as Fairfax reports) deleted photographs of an officer groping her breasts.

The state's auditor-general isn't happy with state government IT security in critical infrastructure, and worryingly for the body that reviews security, its own clue falls between a gram and a teaspoonful.

The gay community's concern is that discrimination on the basis of someone's HIV status still exists in Australia, no matter what the health department believes.

As it's put in the Sydney Star Observer:

“Those who have been failed by the state are more likely to be suspicious of it, and to be handed to the same state as a named and observed individual will lead to a reduction in testing rates and ultimately do the opposite of what this new measure is attempting – retention of PLHIV [ed: people living with HIV] in care.”

Vulture South would add that with the combined risk of a breach or malicious access, the idea should be abandoned.

A final point: the PDF of the report is dated April, and submissions close tomorrow. As you will see in the image below, NSW Health somehow neglected to issue a media release soliciting submissions.

Screen shot - NSW Health

Poor form. ®


Tech Resources

Apps are Essential, so your WAF must be effective

You can’t run a business today without applications—and because apps are critical to strategic business imperatives and commerce, they have become the prime target for attackers.

Webcast Slide Deck | How backup modernization changes the ransomware game

If the thrill of backing up your data and wondering if you will ever see it again has worn off, start the new year by getting rid of the lingering pain of legacy backup. Bipul Sinha, CEO of the Cloud Data Management Company, Rubrik, and Miguel Zatarain, Director of Global Infrastructure Technology at PACCAR, Fortune 500 manufacturer of trucks and Rubrik customer, are talking to the Reg’s Tim Phillips about how to eliminate the costly, slow and spotty performance of legacy backup, and how to modernize your implementation in 2021 to make your business more resilient.

Webcast Slide Deck | Three reasons you need a hybrid multicloud

Businesses need their IT teams to operate applications and data in a hybrid environment spanning on-premises private and public clouds. But this poses many challenges, such as managing complex networking, re-architecting applications for the cloud, and managing multiple infrastructure silos. There is a pressing need for a single platform that addresses these challenges - a hybrid multicloud built for the digital innovation era. Just this Regcast to find out: Why hybrid multicloud is the ideal path to accelerate cloud migration.

Top 20 Private Cloud Questions Answered

Download this asset for straight answers to your top private cloud questions.

Biting the hand that feeds IT © 1998–2021