NSW Customer Service Minister Victor Dominello never alerted the Premier of the accidental leak of hundreds of secret addresses contained in a QR check-in database.
It was revealed last month the addresses, including locations of domestic violence shelters and critical infrastructure sites, had been uploaded to a public government website.
Mr Dominello told a budget estimates hearing on Monday he was first told of the incident on September 30, 2021 and that he received updates twice in the following month.
He said he didn‘t tell Premier Dominic Perrottet because the Customer Services department had already resolved the matter by alerting the Privacy Commissioner.
“The agency did the right thing, it reported up to the Privacy Commissioner, they notified the relevant stakeholders and then contacted all those affected to the satisfaction of the Privacy Commissioner and the matter was resolved at that point,” Mr Dominello said.
“I definitely didn't (tell the Premier). And ultimately, the buck stops with me.”
The committee heard that out of the 566,000 records that had been uploaded, there were 428 addresses that were not supposed to be public.
There was no information related to individuals in the data set.
The Privacy Commissioner said in a statement last month the incident “did not involve a compromise of the QR code data set”.
“Rather, a decision had been made to make publicly available the list of businesses which had registered as Covid-safe businesses,” the statement said.
“In publishing that list of addresses, the Department of Customer Service also published in error addresses of xjmtzywbusinesses that were of a sensitive nature.”