FACING UP:Ministry of Social Development chief executive Brendan Boyle, left, and Social Development Minister Paula Bennett.
Relevant offers
A review of the massive security breach of Ministry of Social Development's computer system will look at how the breach occurred as well as assessing security of the department's wider information systems.
MSD chief executive Brendan Boyle called for the investigation after it was revealed public kiosks in Work and Income offices had provided a gateway to computer servers containing detailed and private information.
Terms of reference for the review, to be conducted by Deloitte, were released today.
As well as considering what happened and why in relation to the kiosks, the review team will also look at the security of MSD's wider information systems and will make recommendations about what action needs to be taken to restore public confidence.
Boyle said work had already begun.
"The security breach is being reviewed separately to determine if any individual's privacy has been interfered with. We will consult with the Privacy Commissioner.''
He understood the public had many questions and he wanted to have assurances that MSD had the best possible systems in place, he said.
"We take seriously our responsibility to protect the privacy of clients. It's unacceptable that this breach happened and I expect this investigation to get to the bottom of how it occurred.''
Deloitte chairman Murray Jack will head the review. A steering group, including representatives from the offices of the Privacy Commissioner and Government Chief Information Officer, will provide independent oversight.
Boyle said the first part of the review would look at the circumstances of the kiosk security breach, including the development of the kiosks and any testing done on them.
It will also consider MSD's response to any security issues identified.
An independent evaluation of the kiosks by IT firm Dimension Data highlight problems with the system over a year ago but no action was taken.
Issues with the kiosks were also raised by a beneficiary advocate.
The second part of the review will look at MSD's wider polices, governance and culture around information system security.
The first part will be completed within two weeks and a deadline for part two will then be established.
The reports will be made public.
Government Chief Information Officer Colin McDonald is also conducting a separate review of all state sector information systems that have a public interface.
- © Fairfax NZ News
Sponsored links
Comments
Financial Times website, Twitter hacked
Tech-savvy teachers join Google academy
Why grown men still play video games
Pack own bags, choose own shopping songs
Facebook Likes 'vital to free speech'
Cybersecurity a challenge even for experts
Apple App Store hits 50 billion downloads
Frax app explores the beauty of fractals
Facebook, Twitter apps come to Glass
Family counts blessings after superbug scare (graphic content)
'Suitcases of cash' in kiwifruit scandal
Southee spell turns test Black Caps' way
Sting busts more ghost-writers
Drug charge cop 'loved his job' says loyal wife
The Highlanders' season of woes continues
NRL boss wants to see more 'Road Warriors'
Warriors humiliated in all-time record fashion
Laws - the parents are the problem
Meet Mark, financial bounty hunter
Zombie tourism heading to Auckland
Job cuts: Can't live the dream in NZ
Warriors humiliated in all-time record fashion
Southee spell turns test Black Caps' way
Crusaders make statement with big victory
Tamahere couple drop brothel bombshell
'Suitcases of cash' in kiwifruit scandal
Family counts blessings after superbug scare (graphic content)
Paremoremo's D-Block inmates stabbed
Double chocolate and beetroot cake
Laws - the parents are the problem
Tamahere couple drop brothel bombshell
Crusaders make statement with big victory
Accidental career is now in his blood
Flush Kiwi charities failing to pay out
Legitimate ways to keep the tax man at bay
What do you think of the Government's new cyberbullying legislation?
