Injunctions – A Valuable Tool In Data Breach Toolkit
Protecting people in the middle of a fast-moving data breach must always be prioritised.
Privacy Commissioner Michael Webster says the February injunction issued by the High Court to stop people sharing and using the data that was stolen in last year’s breach of service provider Mercury IT is great evidence of that.
“It proves the value of accessing the courts quickly to protect the public’s interests.”
The High Court of New Zealand has made permanent an injunction that prevents anyone from storing, publishing, sharing, or accessing files obtained from the attack on Mercury IT systems.
An interim injunction was issued soon after the breach in December 2022.
Mr Webster says injunctions are another tool that agencies can use to protect information compromised in a cyber-attack or other form of privacy breach.
“You have to act fast. It might sound drastic but reaching out to the courts can help prevent further harm by making it clear to everyone, that no one should breach the confidences that apply to that compromised data.
“The injunction applies to everyone from individuals to the news media and bloggers.”
Anyone coming across data taken from Mercury IT’s systems should take care not to act in a way that breaches this court order.
“Do not access it. Do not spread it. Do not share it. Report it to the New Zealand Police. Do not add to the anxiety and distress to individuals impacted.”
The Office of the Privacy Commissioner’s compliance investigation into the breach continues.
A compliance investigation enables the Office to use its full information gathering powers including obliging people to provide information and summoning witnesses.
As this investigation is active no further comments will be made at this time about it.
If people would like to know more about some steps they could take to protect themselves from privacy breaches they could follow this link: https://privacy.org.nz/resources-2/protecting-yourself-from-a-privacy-breach/