Australian Information Security Incident Reported: January 17 2016

Australian public sector agencies have a persistent problem trying to redact PDFs: this time, the guilty party is the Medical Council of NSW.

The council breached the privacy of a doctor and her son, the Medical Tribunal found earlier this month, because it mishandled redacting their names out of a PDF it published on its Website.

Instead of completely removing the names from the document, as this decision explains, someone in the Medical Council drew a black square over the names – which anybody adept with PDF documents will know leaves the names intact.

The names in the document then got indexed by Google, so as well as deleting the document from its own site, the Medical Council’s legal director Miranda St Hill had to work through the business of getting the Chocolate Factory to de-index the names.

Source: PDF redaction is hard, NSW Medical Council finds out – the hard way • The Register