5 Apr 2017

MSD 'shut down' IT portal over privacy near-miss

9:47 pm on 5 April 2017

A new potential privacy breach relating to client information and the Ministry of Social Development (MSD) has been revealed.

Anne Tolley

Social Development Minister Anne Tolley Photo: RNZ / Claire Eastham-Farrelly

Last month, a Northland woman said she had received a letter from Child, Youth and Family, inviting her to a family group conference for a distant relative she barely knew.

Social Development Minister Anne Tolley acknowledged the incident as a mistake.

Now, a second breach has occurred, in which a provider for the ministry was able to view information sent in by another provider.

Mrs Tolley said a new IT solution would be developed to collect individual client data from non-governmental organisations as the current system was not up to standard.

"Last night, I was advised by MSD about a technical issue with the portal where providers submit individual client level data," she said.

"No private information on clients was available, however a provider was able to view another provider's folder.

"The system was shut down last night as a result."

Mrs Tolley asked officials for advice on the next steps, which would involve using a different, robustly-tested IT system.

"It's vital clients and providers have confidence that their information is being protected," Mrs Tolley said.

Data-for-funding report due

The second incident comes as the Privacy Commissioner prepares to release his report into community agencies seeking state funding being required to hand over clients' private details to government organisations.

The data-for-funding proposal has met opposition from different groups, including Rape Crisis.

Mrs Tolley has assured those agencies and their clients that information would be safe.