Recently, a member of the public was able to download 7 000 documents from the Ministry of Social Development’s (MSD) computer network through the Work and Income self-service kiosks. The documents included sensitive information (such as medical invoices) about children in the care of Child, Youth and Family (CYF), personal information about people receiving benefits, the names of people being investigated for benefit fraud, the name of a person who had committed suicide, and pay rates for individual contractors employed by MSD. Previous breaches in other agencies have highlighted the need for a systematic inquiry into the adequacy of information management systems in all government agencies. Various government agencies hold extremely sensitive personal information and it is absolutely imperative that the public has full confidence in the Government’s ability to manage that information without allowing unauthorised access.
This Bill establishes a Commission of Inquiry into various privacy breaches that have occurred in the past few years by and within various government agencies. The Commission will also examine the agencies’ capacity to respond to breaches in the future and how best to prevent further future unauthorised access to private information.