Junior staff blamed for WINZ privacy breach

Email
Print

Staff blamed for WINZ privacy breach

3News NZ

A report into the WINZ kiosk privacy breaches blames Ministry of Social Development staff

A report into the WINZ kiosk privacy breaches blames Ministry of Social Development staff

By Adam Ray

The Ministry of Social Development's chief executive says it was "slack and sloppy". Social Development Minister Paula Bennett says it was "atrocious".

They're talking about a privacy breach involving thousands of documents, some of them sensitive, that were downloaded from a Work and Income kiosk.

A report on the breach released today blames staff at the ministry, and says they should have told senior managers.

The WINZ information kiosks are still shut three weeks after the security flaw was made public.

“From a management point of view there seems to have been slack and sloppy internal processes and follow-up,” says ministry chief executive Brendan Boyle.

A review found ministry staff had a series of warnings about kiosk IT security, and it appears to clear senior managers of blame.

“At heart of this was the failure to determine the problem, and then escalate it to people who could make the decisions,” says Mr Boyle.

The first warning came after IT firm Dimension Data tested kiosks last April and found they should be separated from the ministry’s network.

Last November welfare advocate Kay Brereton twice told the ministry that private details could be accessed. But MSD staff didn't follow up on the warnings, and blogger Keith Ng found he could download thousands of files from a kiosk - including invoices with sensitive details of eight children and two adults.

“In the case of these people we will be working on how to best respond on a case-by-case basis,” Mr Boyle says.

Mr Ng's decision to return the files limited the impact of the breach, but he says it's not just the kiosks that need attention.

“It’s not as much the kiosks that are the problem, it’s that they didn't treat the security issue with the kiosk seriously,” Mr Ng says.

Four staff at the Ministry of Social Development are under employment investigation because of the breach, but Mr Boyle would not confirm who they were.

“They are across a range of roles within the ministry.”

Welfare advocate Chis Zack from Action Against Poverty says it shouldn't be blamed on mistakes by a few ministry staff members.

“I think the report highlights a cavalier attitude towards privacy that stems from Paula Bennett's cavalier attitude,” he says.

Ms Bennett says she'll respond to any privacy concerns and the review will lead to changes.

“I think that it shows to us that there really was an atrocious process and the process was not followed through.”

The Ministry of Development is still planning to get the kiosks working again - once it's sure they're finally safe.

3 News

Post a Comment

Before commenting, please take the time to read our moderation guide


(Won't be published)



Comments

2/04/2013 11:43:20 a.m.

baza wrote:

I just wish they'd think about us disabled a bit more, seated access at the kiosk. Also we should be entitled to use a toilet when required. Queen Street winz go through periods when clients are not permitted to use toilets. Winz say to take it up with the security company. I have contempt foe WINZ workers and security thugs.

4/01/2013 7:14:26 a.m.

mia larsen wrote:

did anyone stop to think why they were created in the first place.....shhhhh its a secret and only a few know the truth ???? that includes MSD lawyers ?

3/11/2012 2:05:13 p.m.

Jim Seaview wrote:

Now that the Minister, the CEO and all the other paid managers have found the four staff responsible for all the major information leaks, they will ALL now be able to tick the box "Problem identified and lets us re-check our PROCESSES' and all go to lunch. Unfortunately the public already know that this was a serious management problem that has existed for a long time.

3/11/2012 11:28:41 a.m.

Bin-it wrote:

If MSD can't kick a beneficiary, then they do the next best thing - kick a low level staff member. Either way the scum stays at the top.

3/11/2012 11:19:23 a.m.

the DR wrote:

what ever next this government is a total joke and not the funny kind

3/11/2012 10:32:59 a.m.

Kathy wrote:

Top level managers and politicians are pathetic in New Zealand. Instead of scapegoating the little guy they should be providing oversight and decent management and role modelling behaviour for staff. Thats what a manager is supposed to be, but since being back in New Zealand I have realised that people like Paula Bennett and Mike are on a permanent coffee break and providing none of these things for their staff. They have no work ethic, they are merely doing whatever it takes to hold onto a pay cheque that they definitely dont deserve.

3/11/2012 9:11:50 a.m.

Ruz wrote:

Surely if anybody is to blame it would be the WINZ CEO. Oh but I forgot, that CEO's are only in charge when things are going right. But when things go wrong the CEO denies all responsibility and points the finger "junior" staff.

3/11/2012 8:01:06 a.m.

@Mike wrote:

Why do you always twist the facts? The PSA are not responsible for this mess - Bennett is. The buck stops with her.

3/11/2012 6:38:22 a.m.

Mike wrote:

4 Staff under investigation.

Take the confidential information breaches, and it works out around 1 per each staff member per day worked, ie realtively small vs the size of MSD, ie the scale of the breach was small.

We also need to investigate further. Was the breach stuppidty not following procedure? Or was it deliberate? Were these 4 vocal PSA members just doing union work for union political gain?

Its obvious the data was anaylsed and pointed straight back to the 4 staff, as I expect analysing the data would point to whoever put the data there where it could be accessed.

No doubt the PSA will be saying that the 4 staff were just doing their job, so while getting paid by MSD, who were they actually working for? Its possible this was planned outside the 4 staff and it wouldn't be the first time a union has used members as pawns for political gain.

3/11/2012 3:14:39 a.m.

Brent wrote:

13 years this hole has been open, how much has been leaked over 13 years?