Government officials identified a security problem with the system that was going to be used to collect client data from community agencies in January, but it was not treated as seriously as it should have been.
Photo: 123rf
The Ministry of Social Development has had to put a plan to collect client data from organisations reliant on government funding on hold, because the IT system is not secure enough.
The policy had been due to kick in from July, but officials have been sent back to the drawing board to come up with a better approach.
There have been a series of setbacks including a near-miss data breach that led to the IT system being scrapped and a top government official stepping down.
Privacy Commissioner John Edwards also criticised the plan as "excessive" and said the ministry acted "prematurely" without considering privacy risks.
A first near-miss data breach was identified in April, which led to the minister Anne Tolley ordering a new system be designed.
Ministry of Social Development chief executive Brendan Boyle has now told a parliamentary committee a security problem with the system was identified in January.
"There was not data that was breached, so it wasn't considered to be of such a nature that needed such escalation... there was confusion around the permissions."
Mr Boyle told MPs it was an early warning that was not treated seriously enough.
"I accept there was a risk that had been downplayed and if it had been escalated there was a possibility the other issues may not have emerged."
The minister, Mrs Tolley, said she had only recently become aware of the January breach.
She said community agencies who already had the requirement to hand over data in existing contracts would not be required to do so until there is a new system in place everyone can have confidence in.
Mrs Tolley said she hoped that would be up and running by the end of the year.
