Press Release – Office of the Privacy Commissioner
“The Deloitte report on MSD makes it very clear that there is a need for strong leadership by senior management on the way client information is handled within MSD,” said Privacy Commissioner Marie Shroff, commenting on a report into the data breach …Report shows leadership gap in MSD client information handling
6 December 2012
“The Deloitte report on MSD makes it very clear that there is a need for strong leadership by senior management on the way client information is handled within MSD,” said Privacy Commissioner Marie Shroff, commenting on a report into the data breach at Work and Income public access kiosks.
“MSD has a huge and challenging role in delivering essential services to many New Zealanders. The Ministry is a mega-store of personal details and could be leading the way for innovative information holding. The report notes that some of the building blocks for good information management are in place, with good intentions by many staff. But it reveals that the lack of a strategic view and coordination has pulled MSD down.
“It’s not enough for individual employees to be trying to factor in privacy and security of client information. There also needs to be leadership from the top, to ensure that different parts of the ministry are working together.
“Information systems have moved on and are powerful and sophisticated. Senior managers must recognise that the way we manage those systems now needs to evolve too. Privacy and security should be structured in from the start. If you are reliant upon client information to get the job done, then that information is a mission-critical business asset – like it or not. If you don’t recognise the value of information in that way, you are at risk of being left behind.
“The Deloitte review makes the point too that there is pressure for MSD, and indeed other government agencies, to provide services in faster, more efficient and integrated ways. Those are admirable aims. But what we need is a public service management that is focused on respect for people and client information, not just on efficiency and meeting deliverables. It’s easy to forget that the “data” relates to real people – and that failing to look after that data can cause harm to those people.
“Repeated information privacy and security failings have the potential to undermine public confidence in our core government agencies and erode the relationship between citizen and state. I have concerns that core agencies are not yet switched on to the need to lift current practices and keep the community they serve foremost. In contrast, the private sector has recognised that there is a competitive edge to be gained by handling customer information well.
“I am pleased that MSD will accept the report’s recommendations in full and I look forward to hearing about a timeframe for implementation.
“I will also be encouraging the State Services Commissioner to hold government chief executives accountable for their performance in achieving quality public services in a way that also respects people and their personal information.”