Media Release: Hard hitting report shows MSD breached client trust
2 November 2012
"Government agencies must treat people's information with the highest standards of respect," says Privacy Commissioner,
Marie Shroff. "But this hard-hitting report - especially since it follows hard on the heels of the ACC report - shows
just how far some of our major agencies have to go before we can be confident our information is protected.
"Basic IT security safeguards to protect personal information were missing, from the time the ‘kiosk' system was built.
And it's unfathomable that the Ministry did not address Dimension Data's revelations that sensitive personal information
was exposed on network shares. The decision about how to handle such a serious problem should have been made at the
highest levels of the business. This raises questions about the wider culture of handling information within MSD.
"Looking at IT security is only one part of the picture. Recent privacy breaches make it plain that a complete
mind-shift is needed in some quarters. There's been far too little focus on the fact that there are real people behind
the information that government agencies hold. Those agencies need to develop and embed strong leadership, governance
structures, policies and practices to manage personal information at every level of the organisation.
"We often don't have a choice about handing our personal information over to government agencies. The least we can
expect is responsible stewardship of that information.
"The problems with the MSD kiosks are now evident. Whether there have been wider failures of leadership, policies and
strategy about how personal information is handled within the Ministry is still to be seen. However, I expect the next
stage of this review to ask some penetrating questions.
"I welcome the MSD Chief Executive's acceptance that the Ministry's performance was inadequate here, and his commitment
to examine the Ministry's systems and culture in the second phase of the review."
ENDS