At Amatil we pride ourselves on taking the initiative, owning the outcome and always being straightforward and open. We also take the privacy of our people and their personal information very seriously.
We are deeply sorry to report that we have had a data breach involving the personal information of current and former employees and directors (from 2009 onwards). This breach was limited to 4 current Amatil employees, and has been contained. The breach was the result of human error and our legacy systems and processes, all of which are totally unacceptable.
True to our Amatil value of being straightforward and open, a Q&A is available below that details what happened, what information was involved and the corrective actions we are taking.
We would like to reassure you that:
We sincerely apologise for this incident. We are working to remove the risk of human error, automate our processes and reporting where possible and to ensure the best possible safeguards of our people data are in place.
Please direct any queries to our Privacy Officer at email@example.com.
Each month, a chart of authority report (Report) is provided to 20 Amatil employees and 3 employees of a third party service provider (Recipients) that assists them to determine, amongst other things, Amatil credit card limits, Amatil mobile device purchase orders, and setting up Amatil traveller profiles via our corporate travel management provider. The information in this Report is generated using 2 third party systems that contain personal information, however it is not intended for the Report to include any personal information.
Unfortunately, the February Report (circulated on 13 February 2019) inadvertently included a separate tab (in Microsoft Excel) containing personal information of current and former employees and directors (the former employees and directors date back to 2009, with no records for those that ceased employment prior to that date). The data tab containing personal information was viewed by 4 Coca-Cola Amatil Recipients. Our third party service provider confirmed that they did not access the file.
This matter has been subject to investigation to identify the extent and nature of the incident, the cause, corrective actions and appropriate consequence management.
Unfortunately, depending on the completeness of the record in the file used to create this Report, each individual’s date of birth, residential and contact details, remuneration and superannuation details may have been disclosed in this Report.
We have taken the following actions to minimise any possible harm:
Whilst we are confident that this incident has been contained as outlined above, we recommend that you follow these principles to safeguard your personal information: