In the previous term of this Government we were frequently told about all manner of privacy breaches from a range of Government departments. They varied considerably in size and origin – some were a case of the wrong person receiving a large number of files; some were the result of simple administrative errors such as storage functions on electronic catalogues or failure to double check what was being handled.
A look at privacy breaches by major Government ministries and departments since 2010 shows some appalling cases:
- Ten staff sacked at Manukau office of Department of Work and Income for improper e-mail use; accessing and using files of people they knew (July 2012)
- Self service kiosks at Work and Income offices across New Zealand closed because of slack electronic security on computers (October 2012)
- Ministry of Social Development employee leaks names of numerous beneficiaries about to lose their benefits (2013)
- 6,000 Accident Compensation Corporation files sent to Bronwyn Pullar who went to the media – half the A.C.C. Board ended up losing their jobs (2012)
- The records of 600 abortion patients at Lakes District Health Board released by a junior staff member assisting a media information query (2015)
The victims are diverse. Some of the people whose files have been misused are children; others have long term illnesses or have been the victims of violent crime or major accidents. Some of the details leaked have been about medical conditions, medication people are on and so forth.
So, what have we learnt from them? Apparently nothing at all. If the latest breach is like any of the many that occurred in 2012-2013, it will very probably be called an operational issue by the Minister in charge of the department that committed the breach. An internal inquiry might happen and an obscure person will be made to take the fall for something that they might not be entirely responsible for. The Minister in charge will duck and weave through question time, answering questions from a set script.
Will anything change? Probably not. None of the breaches above resulted in any ministerial resignations. No laws regarding privacy have been updated or any special effort to educate people of their privacy rights and responsibilities obviously made. On the contrary, most seem to be meekly accepting the status quo of “crap happens – live with it”.
Should anything change? Absolutely. The first thing that should change is the resourcing of the Privacy Commissioner, whose office is understaffed, underfunded and in all likelihood under resourced. It is doing – or trying to do – things that it has a statutory responsibility to do, without the proper support. Thus those in need of its services are getting a half done deal.
And wouldn’t you know it? Another breach at the Ministry of Social Development is being investigated….