“The breach of privacy that took place at the Earthquake Commission last Friday is a sharp reminder of the need for all government agencies to learn and apply the lessons from previous breaches and treat private information with the utmost care,” State Services Commissioner Iain Rennie said today.
“All agencies need to take notice of how this occurred, learn the lessons and take steps to improve privacy and the focus on keeping private information private,” he said.
“All state servants need to be vigilant about protecting the personal information that New Zealanders entrust to government.
“While we clearly need to work harder to guard against breaches, it will never be possible to completely eliminate the risk of human error in any system that involves people, whether it is electronic or paper based.
“Email is an essential tool in a modern office, we need to get workable solutions in place that will help protect privacy without compromising public servants’ ability to do their jobs efficiently,” Mr Rennie said.
“All government agencies need to strengthen the focus on ensuring information privacy is protected to maintain the trust and confidence of the citizen.”
The Chief Executive of each government agency is responsible for ensuring that private information is held securely and privacy is respected within their agency.
“Ensuring information privacy and security is the responsibility of the Chief Executive and is something they will be held accountable for,” Mr Rennie said.
The State Services Commission is working with the Government Chief Information Officer (GCIO) on issuing practical guidance for agencies on steps they should take to make this type of breach less likely.
Mr Rennie will be seeking assurances from all government departments and Crown Entities that they are acting on the guidance provided by the GCIO.
Following the independent investigation into last year’s privacy breach at ACC, the State Services Commission directed agencies to the investigation report which made recommendations to strengthen privacy safeguards based on best practice.
Following the subsequent information security breach in Ministry of Social Development kiosks, it was considered that publicly accessible computer systems were the area of highest risk for information privacy and security. The State Services Commissioner tasked the GCIO with conducting an urgent review of the security of all publicly accessible government computer systems.
The GCIO’s report has been completed and the response to the report’s findings and recommendations are currently being finalised. The report and the response to it will be publicly released. The aim is for this to take place in May.
Media enquiries: Tim Ingleton, Principal Communications Advisor (021) 240 7810