MIL OSI – Source: Ministry of Social Development 2 – Release/Statement
Headline: No privacy breach says independent review
16 May 2017.
The Ministry of Social Development (MSD) today released the independent review into events surrounding the potential breach of privacy relating to the collection of individual client data.
While the report has confirmed MSD’s earlier assessment that no privacy breach of any personal data occurred, there are some useful lessons to be drawn from the report, MSD Chief Executive Brendan Boyle says.
The investigation has confirmed that the ability of other organisations to see one uploaded folder on the MSD instance of the Government Shared Workspace (SWS) was a result of human error, relating to the incorrect granting of access permissions. It also confirms that MSD did the right thing in shutting down access to the Shared workspace once the error had been identified.
While we are satisfied that no breach of privacy occurred, it is concerning that there was the potential for this to occur. We note the findings in the report relating to clear governance structures relating to the ICLD project.
The report also highlights other aspects of the project that were less than satisfactory. These include a timely Privacy Impact Assessment, and a lack of rigour in selecting SWS as an interim solution. While the timeframes for delivering this project were tight, more focus was needed in these critical project areas.
MSD and the Ministry for Vulnerable Children, Oranga Tamariki will take the lessons learned from this independent review and ensure they are applied throughout both organisations. The protection of client data is a high priority, Mr Boyle said.
Mr Boyle also confirmed that he has commenced an employment investigation based on issues identified through the report.