Story image

Former Deloitte consultant to head MSD privacy breach review

18 Apr 17

Former Deloitte consultant Murray Jack, along with IT and privacy specialists from Deloitte and PwC will lead a review into the Ministry of Social Development’s individual client level data IT systems following a privacy breach.

Social Development Minister Anne Tolley announced the review last week after a report on the privacy breach ‘raised more questions than answers’ about the security of the IT system and governance of the project.

The actions follow the April 05 shutdown of the MSD’s information sharing system after it was discovered that a provider could access information in another provider’s folder.

Tolley says no private information on clients were in the folder.

The independent review comes just over a week after Privacy Commissioner John Edwards called the MSD’s policy requiring social service providers to disclose information about all their clients ‘excessive and inconsistent with privacy principles’.

Only 10 providers have uploaded information so far into the government shared portal, despite 136 providers being invited to upload client level data.

Tolley says the review, which is due to report back by the end of April, will ‘consider the circumstances which lead to the technical breach, the decisions made on why the portal was used and the security steps taken, as well as the governance and management of the project’.

“It’s important clients and providers have confidence that their information is protected and that the Government has a robust IT system,” Tolley says.

The system has faced opposition from some, including the PSA, which says it is worried that NGOs working with vulnerable families are being asked to share data of such a sensitive nature.

The PSA, which welcomed the independent review, says even if the security issues are resolved it won’t overcome its objections to NGOs being required to provide data on their clients to MSD, with the organisation ‘not convinced the gains of doing so outweigh the risks’.

52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
GirlBoss wins 2018 YES Emerging Alumni of the Year Award
The people have spoken – GirlBoss CEO and founder Alexia Hilbertidou has been crowned this year’s Young Enterprise Scheme (YES) Emerging Alumni of the Year.
SingleSource scores R&D grant to explore digital identity over blockchain
Callaghan Innovation has awarded a $318,000 R&D grant to Auckland-based firm SingleSource, a company that applies risk scoring to digital identity.
IDC: Standalone VR headset shipments grow 428.6% in 3Q18
The VR headset market returned to growth in 3Q18 after four consecutive quarters of decline and now makes up 97% of the combined market.
Spark Lab launches free cybersecurity tool for SMBs
Spark Lab has launched a new tool that it hopes will help New Zealand’s small businesses understand their cybersecurity risks.
Preparing for the future of work – growing big ideas from small spaces
We’ve all seen it: our offices are changing from the traditional four walls - to no walls. A need to reduce real estate costs is a key driver, as is enabling a more diverse and agile workforce.
Bluetooth-enabled traps could spell the end for NZ's pests
A Wellington conservation tech company has come up with a way of using Bluetooth to help capture pests like rats and stoats.
CERT NZ highlights rise of unauthorised access incidents
“In one case, the attacker gained access and tracked the business’s emails for at least six months. They gathered extensive knowledge of the business’s billing cycles."