An independent report released today into a recent data breach at MSD shows the problems created by a project with an unrealistic timeframe being imposed on a complex and sensitive area.

ComVoices is pleased to learn that no personal data was mistakenly released but the report details a series of mistakes and inadequacy.

ComVoices chair Brenda Pilott said that these errors were symptomatic of the implementation of this project to require community providers to collect and share personal information with MSD.  “We have said from the outset that this process was being rushed and was not affording MSD time to consider all the issues.  Nor have they engaged well with providers and other experts.”

ComVoices has consistently advised the department and Minister to slow down.  “The timeframe for this project was self-imposed and coincided with a period of major restructuring within MSD.  No wonder mistakes were made”, said Brenda Pilott.

“The Privacy Commissioner made four recommendations to MSD and its Minister, of which data security was just one.  The other recommendations have not been addressed yet.  Privacy considerations must be looked at carefully.  Neither we nor MSD can give providers any reassurance that they can provide this sensitive data to MSD with full trust and confidence.”

Brenda Pilott said: “My message to MSD is to slow down and to engage with provider groups in a co-design process.  This is too important to get wrong again.”

For further information, contact Brenda Pilott on 027 430 6016.

ComVoices is a Wellington based network of national community and voluntary sector organisations.

ComVoices.org.nz

The announcement of an enquiry into the privacy failure of MSD’s online reporting platform for community organisations required to provide individual client data (ICLD) addresses only one of the Privacy Commissioner’s four recommendations, says ComVoices.

“The just announced enquiry is deflecting us from the real question”, said Trevor McGlinchey, ComVoices Spokesperson.  “The question at the heart of the enquiry should be why are we collecting data that the Privacy Commissioner has said is ‘…excessive, disproportionate to government’s legitimate needs and therefore inconsistent with the privacy principles’?”.

“The staff of social services organisations have a range of professional bodies which provide ethical guidelines about maintaining the privacy of clients.  Not only will these organisations be breaking these ethical guidelines, they will also be forced to work in direct contravention of the Privacy Commissioner’s findings.”

At the moment service providers have been told they must continue to collect the private data of their clients to provide to MSD at a future date.  They have not been told who will be held to account for breaking the privacy principles set out in the Privacy Act.

“The community sector is waiting for leadership from the Minister and MSD about the important issues raised in the Privacy Commissioner’s report,” says McGlinchey.  “This mass collection of data is inappropriate and will directly affect many New Zealand families. This level of surveillance will cause others not to seek help so that they do not become labelled as ‘vulnerable’ and included as a named statistic on a government database. As always the NGO sector is happy to work alongside MSD to find a more appropriate solution to their data needs.”

ComVoices is calling on the Government to put an immediate hold on this policy while it addresses the issues raised by the Privacy Commissioner.

Contact Trevor McGlinchey, ComVoices Spokesperson, phone 027 286 9393

“ComVoices welcomes the Privacy Commissioner’s report on Individual Client Level Data and endorses the recommendations, particularly the preferred option that MSD should consider alternative methods for accomplishing its goals”, said Trevor McGlinchey, ComVoices Spokesperson. “These recommendations are directly in line with the advice provided by ComVoices members to MSD and to Minister Tolley”.

“It is very important the families and individuals seeking support from community service providers can trust that their rights to privacy will not be breached and that no harm or misuse could result in the use of their personal information. This encourages early access to support and allows vulnerable families to grow into independence rather than being forced to hide their problems for fear that this information will be used against them or publicly shared”.

“Earlier, more direct engagement with providers of social services could have prevented the current situation arising.  We have repeatedly offered to support MSD to develop alternative data gathering systems so they could better understand the high value of social services organisations and how these make a real difference for vulnerable people and communities”.

“The reported breakdown of the system proposed by MSD to collect the private information of social service clients illustrates the need for a more effective and better protected data system. It is evident that good governance and principles need to be developed across the public sector to support a coherent approach to the collection and analysis of relevant data. Community and iwi social services providers want to demonstrate the  value and effectiveness of their services to all stakeholders, but not to the detriment of their clients.  We welcome the support shown by the Privacy Commissioner for the expertise of Statistics NZ, which protects individual data within both legislative and ethical frameworks whilst delivering valuable data for analytics and research”.

“The establishment of the Ministry of Vulnerable Children Oranga Tamariki means a large proportion of government funded community services move to this new Ministry, however many services stay with MSD and Work and Income . The new Ministry is committed to working in partnership with community social service providers,  we see this as an opportunity for a fresh start. Social services want to work collaboratively with government to support them to understand the huge value of the services they receive for their $330million a year investment”.

“ComVoices looks forward to engaging with the Minister of Children, social sector government ministries, the office of the Privacy Commission and the Government Chief Information Officer to develop ethical, high trust systems that respect an individual’s choice in sharing their personal data and can report on the effectiveness of social services”.

Contact Trevor McGlinchey, ComVoices Spokesperson, phone 0272 286 9393