Outcomes - Selected Case Summaries

Categories

 

Incorrect Access Controls in Utility Company’s Recruitment Software

Informal Resolution | 21 January 2020

A utility provider notified us that it had experienced a data breach involving its new recruitment software. One of its employees noticed that they were able to view job applications for positions within the company that they should not have been able to access. They informed the HR department, which reviewed the access control settings for the software to ensure that permissions were restricted as required. No other unauthorized access was discovered.

After verifying the steps undertaken to prevent a repeat of this incident, there was no evidence of prejudice to the rights of the individuals involved, and the case was closed without a formal enforcement notice.