Jacinda
ARDERN
Social Development Spokesperson
6 December 2012 MEDIA STATEMENT
Report reiterates slack attitudes to security
A second report into IT breaches within the Ministry of Social Development once again highlights the lax attitude to the
handling of supposedly secure personal information, Labour’s Social Development spokesperson Jacinda Ardern says.
“Deloitte’s independent review of information systems security will be cold comfort for clients who may have had their
privacy breached.
“The report found that of three issues that led to the kiosk disaster one in particular – that when problems were found
they weren’t escalated or addressed - is evident across the entire Ministry.
“So this isn’t just about the self-service kiosks (which were accessed 1.2 million times between December 2010 and
October 2012) but about the entire department’s approach to privacy and the security of information.
“We have no way of knowing exactly how many breaches have even occurred. When Paula Bennett was asked recently how many
people were ‘affected’ by breaches of privacy she pointed to the Privacy Commissioner’s annual report. MSD even admitted
that ‘privacy issues that have been identified during 2011/12 [are] not collated centrally’.
“For the report, then, to claim that there is no cultural or systemic issue around the security of information is
surprising, not least for the people who have had their privacy breached and not just through the kiosk debacle.
“Deloitte’s reached this conclusion not by looking at complaints, but instead by surveying just 105 staff members out of
a total 9500. That is hardly comprehensive, yet from that the report concludes the Ministry has ‘a strong culture that
clearly understands the importance of privacy and security’.
“The facts speak for themselves. Security issues were not addressed, adequate data hadn’t been collected and policies
and procedures were ‘often informal or [lacked] specificity’.
“Paula Bennett needs to get on top of her portfolio, stop referring to problems within her department as operational
matters, and she needs to take responsibility for the failures that have played out under her watch.