Published on November 1st, 2019 📆 | 5049 Views ⚑
0Brewers hit by NSW container deposit scheme data breach
Breweries were among a number of drinks companies to have their sensitive financial information released accidentally to other businesses in a data breach by the operator of the beleaguered New South Wales container deposit scheme last week.
The breach, which saw invoices containing financial data released to competitors via email, originated with Exchange for Change, the coordinator of the NSW Return and Earn container deposit scheme.
It is a joint venture between some of Australiaâs biggest beverage companies which âhave more than 40 years of experience in managing container refund schemes in Australiaâ according to the organisationâs website.
In an embarrassing error for the scheme, which has already faced implementation difficulties and backlash from the industry, a number of companies were sent documents of a sensitive financial nature, intended for individual breweries and bottled water companies whose containers fall under the initiativeâs remit.
A later email apologised for the error blaming âpatch testingâ for the breach, calling it an âinconvenienceâ.
âWeâve noticed that a reminder email and attachment has been accidentally sent to you during today. Weâre sorry to have inconvenienced you,â the email said.
âPlease be assured that our systems have not been compromised â the mistake was due to patch testing on our systems.â
When contacted for comment by Brews News, New South Walesâ Environment Protection Authority, which oversees the scheme, appeared unaware of the issue.
Ben Rylands, founder of the New England Brewing Co in Uralla, rural NSW, said that his experiences with the container deposit scheme on the whole had been negative, and the most recent data breach issue was symptomatic of wider issues relating to the execution of the scheme.
âI donât know what other emails other breweries may have seen, and it might have been even more sensitive if Tooheysâ info was sent to CUB as an example,â he said.
âIs this life threatening for a business? Not really, but it is a major credibility problem [for Exchange for Change] if you consider the issues that every small brewery has had in dealing with the scheme and the red tape, which has meant weâre spending hundred of dollars a month on back office functions.â
Exchange for Change was brought in by the NSW Environment Protection Authority (itself effectively a subsidiary of the NSW Planning and Environment state government department) to manage the finances of the container deposit initiative and ensure âthat the scheme meets its state-wide access and recovery targetsâ.
It is a joint venture between Asahi, Carlton and United Breweries, Coca Cola Amatil, Coopers and Lion.
âThe government outsourced this function and chose that industry model and now we have an issue where our major competitors [big brewers] are running this industry scheme,â explained Rylands.
âThey said from the start there was meant to be Chinese walls within the company and shareholders would never have access to information, but it makes me nervous â how can we trust that when weâve had emails sent to us like this?â
Even breweries in other parts of the country have been affected as they also attempt to navigate the NSW container deposit scheme.
Karen Golding, owner of Red Hill Brewery in Victoria, said the breach was just the latest issue they had encountered.
âIt sure is a mess. I didnât know initially that my information was shared with our competitors,â she said.
âThere has been a lack of communication throughout from Exchange for Change, and even before the data breach, weâve had issues â receiving invoices for thousands of dollars backdated for years of containers for example.
âI was shocked when we got the invoice which backdated to 2017, and they charged us for the collection for the last two years, even though we have been compliant with the system throughout.
âI think itâs quite unreasonable to backdate invoices this far, let alone share everyoneâs invoices with us and ours with them,â she said.
Rylands of New England Brewing said that the data breach was just another issue in a long line of problems with the implementation of and thinking behind the Return and Earn scheme.
âNothing will change, but this is another example of really poor implementation of a policy that didnât have a reason to be implemented,â he said.
âThere is a massive regulatory cost to breweries in and outside New South Wales to participate in this, and we donât understand the benefit.â
He said cost benefit analysis of the scheme indicated that it wasnât worth the governmentâs while, and breweries are now having to absorb the cost of the scheme or risk alienating customers by passing it onto them.
âThey have been sloppy in their calculation methodology and communicating that methodology with people. No oneâs had the time to sit down and figure out whatâs going on except the big breweries.â
He said that the impositions in conforming to the regulations, implementing the changes and understanding the system were a huge challenge for small brewers, and there seemed to be a lack of understanding at government levels of the demands for a small business.
âItâs a huge hassle for everyone, Victoria hasnât signed up to it, itâs never really going to work nationally.
âThe whole thing is absurd â thereâs more regulatory requirement to do this each month than there is to do excise.
âIt seems that no one in the government cares about the impact on small breweries.â
The container deposit scheme began rolling out across New South Wales on 1 December 2017, with a transition period ongoing until 1 December 2019.
Exchange for Change was contacted for comment on how the sensitive brewer data came to be released to competitors but did not respond.
A spokesperson for the NSW Environment Protection Agency said that Exchange for Change is responsible for all invoicing-related matters, and that âinformation security and data integrity is of the utmost importanceâ.
âThe NSW Government expects EFC to meet its obligations for information and data security and will seek a full analysis of the cause, impact and corrective actions following an issue in October,â they said.
Related
Gloss