While the data set has been taken from public view to be 'washed' of identifying features, the Commission has confirmed that it was downloaded up to 60 times before it was withdrawn.
Likewise, the Australian Red Cross Blood Service ran into trouble of its own last year, when it was discovered that one of its IT partners inadvertently published a 1.74GB MySQL database back-up with more than 1.28 million records to a publicly-facing website.
Indeed, the Government's new guide is intended to help organisations de-identify, or scrub such data sets clean of sensitive information, before it is released.
However, de-identification process is not always clear cut. Indeed, de-identified data sets can sometimes be re-identified with sensitive information to some degree.
As the guide states: "De-identifying data can help an organisation to meet its ethical responsibilities, fulfil its legal obligations, and satisfy community expectations. However, when de-identification is not carried out properly, a data release can raise privacy concerns".
This is largely why the Federal Government introduced new legislation last year aimed at making it a crime for someone to re-identify publicly-available de-identified data sets.
While this legislation did not extend into the private sphere, it highlighted the risks of re-identification of data from de-identified data sets.
(Additional reporting by Leon Spencer)
Sign up for Computerworld eNewsletters.