The Prime Minister’s year has ended badly with the release of the review of the Tuia250 data breach, National’s
Cybersecurity spokesperson Dr Shane Reti says.
“This is the Prime Minister’s own Ministry, she knew the report was bad and has cynically sat on it until the last week
of the year when it could not be scrutinised by Parliament.
“The independent review found three privacy breaches, out of date policies and raised a conflict of interest with staff
and the website supplier.
“The key fault was a change approved by the Deputy Chief Executive of Tuia250 that was outside of the contract and that
altered the website from being promotional to collecting personal data.
“At that time the previous security settings that allowed information to be downloaded were not changed, and all of the
personal information became searchable by web engines and downloadable.
“The website supplier was not on the approved panel of suppliers and was initially recommended by a member of staff with
whom there was a ‘connection and a professional relationship’. This relationship was known by other staff and management
but regardless the contract was initially directed to only that supplier.
“The staff member was eventually recused from further decision making but not before providing information that helped
the supplier eventually win a contestable Request for Proposal to build the site.
“Arts, Culture and Heritage Minister Jacinda Ardern has many questions to answer. This is a very serious matter, the
Prime Minister has overseen more young people having their personal data breached this year than any other Minster, and
yet her attitude in Parliament to the four breaches has been flippant and dismissive.
“Jacinda Ardern has been distracted and taken her eyes off her own Ministry, and has allowed 71 young people to have
their personal data accessed. That is completely unacceptable, and for the Minister to release this information just
before Christmas is deeply cynical.”