The Privacy Commissioner says the state sector must stop sitting on its hands and create better safeguards to manage the public information it holds.
This follows an incident on Friday where private information held by the Earthquake Commission on 9700 people was emailed to someone outside the organisation.
The Earthquake Commission information was sent out after a staff member using the email system, Outlook, automatically completed an email address that was not for the person it was intended for.
Privacy Commissioner Marie Shroff says it is yet another incident involving disclosure of large amounts of personal information on a spreadsheet, something that seems to be a particular weakness for state sector agencies.
She says public trust is being eroded by government sector breaches.
Ms Shroff says government agencies have huge databases of information which the public is forced to provide, and in return they need to look after that information properly.
She says they need be far more proactive in fulfilling their end of the bargain.
Ms Shroff says such breaches are preventable and computer systems can be designed in a different way.
"For example, ACC following their own disclosure of a spreadsheet have installed something that reminds people, or even prevents them, before they can send a spreadsheet externally - so if that can be done in ACC I can't see why other agencies can't do the same thing."
Ms Shroff says the agencies should be more proactive in defending their databases from accidents and hacking.