Novopay is to blame for the latest privacy breach after 1600 schools received personal and pay details for staff at other schools.
Acting Secretary for Education Peter Hughes has announced that human error at Talent2 today resulted in a glitch in emails advising schools of payroll changes being worked on.
A Talent2 staff member made the mistake when doing a mail merge, and 1600 schools were sent an email involving 5600 transactions.
Of those, 3400 identified an individual and about 40 had other limited personal information, such as the dollar amount of an advance or underpayment, information about a relationship with another agency or circumstances such as parental leave.
"In simple terms, the pay administrators at these schools have received the names and Ministry of Education numbers for staff at another school, instead of their own, along with the transaction number for the outstanding issue," Hughes said.
"I treat this very seriously and sincerely apologise to those schools and staff."
While it was a case of human error, Hughes said, he was disappointed that it happened and had spoken to Talent2, which had also apologised.
"Privacy requirements are set out in our contract with Talent2, and in this case they have clearly failed to meet the terms of the contract and I have taken that up with their CEO."
He asked for a full review and report to help prevent any repeats of the error.
Pay administrators who received the incorrect emails were authorised users of the Novopay payroll system and had been asked to delete the incorrect email.
"They're a respected and professional group of people who deal with personal information daily and I expect they will do the right thing," Hughes said.
The Office of the Privacy Commissioner has been advised of the breach.