Work and Income terminals replaced

VERNON SMALL
Last updated 05:00 07/12/2012

Relevant offers

National

Lawyer says complainant 'created' false sex accusations about actor Bridges and Bennett both have public support for National deputy leadership as race heats up Out with the old, in with the new in 'outward looking' Coleman Government? Suspicious firearm use could be to blame for thousands of residents in Far North without power Police made error while trying to stop fleeing car, IPCA finds Counterfeit $100 notes prompt police warning in South Taranaki Mum develops online program for setting up home-based childcare business Star of Boy and Goodbye Pork Pie James Rolleston says: 'I'm lucky to be alive' New Plymouth District Council attempt to purchase website after porn problems Northland Police on the hunt for Whangarei man Kevin Stewart

The Social Development Ministry is replacing its public kiosks in Work and Income offices with a new system, after the major security breach that was identified in October.

A new report into the breach, which gave the public access to sensitive welfare case notes, found that one of the three main causes existed throughout the ministry.

The Phase 2 report, by consultants Deloitte, found there was no explicit requirement at the ministry for all risks to be "escalated" to management by staff further down the chain.

Privacy Commissioner Marie Shroff yesterday weighed into the issue, criticising the ministry's approach to security, saying leadership needed to come from the top for things to change.

Privacy and security should be structured in from the start, she said.

"It's easy to forget that the ‘data' relates to real people - and that failing to look after that data can cause harm to those people," Ms Shroff said.

Meanwhile, ministry chief executive Brendan Boyle yesterday said it was talking to a supplier about installing new "client self-service workstations that will be completely separate from the ministry's own IT systems and will replace the kiosks closed in October".

They would go online only when the ministry was satisfied they were as secure as possible.

The report found the two other main causes of the security breach that allowed access to some of the ministry's private information, disclosed by blogger Keith Ng after a tip-off, did not exist throughout the ministry.

They were the failure to adequately design security into the public kiosks, and the failure to follow up on a "penetration test" that had highlighted problems with security at the kiosks.

Mr Boyle welcomed the report, saying that while there were matters that needed to be addressed, "I am reassured that the Phase 2 Report has found those issues are not widespread across the ministry".

A new role of chief information security officer would be created, in line with the report's recommendation.

Mr Boyle said of all the items downloaded during the October security breach, invoices relating to 10 individuals contained highly sensitive information.

Another 100 people concerned about their information had contacted the ministry.

An employment investigation into four people, as a result of the security breach and the failure to heed earlier warnings, was not yet complete. Findings from the Phase 2 report would be used as part of this investigation.

Mr Boyle said the two reports into the security breach had cost $450,000. "This is a significant sum, but we had to ensure we understood what had occurred and were in a position to take every possible step to prevent it happening again."

Ad Feedback

- The Dominion Post

Special offers

Featured Promotions

Sponsored Content