A Melbourne council has apologised for accidentally sharing personal information identifying hundreds of people who reported graffiti on a public government website.

City of Port Phillip Council CEO Peter Smith has revealed to Government News that 859 phone numbers and 764 email addresses and the names of people who had reported graffiti were published on the data.gov.au open data website over a period of seven months.

In some instances, the address used to identify the location of the graffiti could link the person reporting the graffiti to that address.

“We apologise unreservedly to those whose personal information was disclosed when the wrong version of a graffiti management dataset was inadvertently uploaded in March 2020 to a government website used by researchers,” Mr Smith said.

“The information published was a combination of personal, and publicly available, emails and phone numbers relating to graffiti reports.”

Open data

The data.gov website contains what is supposed to be anonymous data collected by federal, state and local government during the course of normal activities, including service delivery and administration.

It is intended as a resource for people who work with open data in the Australian Public Service or carry out publicly-funded research.

Mr Smith said the breach happened in March when work to automate the graffiti management dataset resulted in the wrong version being selected for publication. Council only became aware of it on October 5.

Council says the data has been taken down from the website and it is trying to contact those affected.

The data is open to the public so council is unable to say who has accessed it.

“Council regards the protection of personal information to be of great importance and makes every effort to safeguard personal information under its control,” a says in statement on its website.

“Council assures that this breach is being appropriately addressed by the organisation, and all endeavours will be undertaken to ensure that future breaches of this nature do not occur.”

Mr Smith says Council has published 29 open datasets since 2017 and this is the first time a breach has occured.

Other published data contains information about dog walking zones and car share locations.

The federal government’s public data policy statement requires all government agencies to make non-sensitive data open by default.