New Zealand Government departments reveal extent of privacy breaches

John Edwards, New Zealand's Privacy Commissioner.
John Edwards, New Zealand's Privacy Commissioner. Photo credit: Simon Wong

What happens when classified Government information is left lying about?

Several New Zealand Government departments have revealed the amount of confidential information that's been breached after being carelessly left unattended by staff. 

In one incident, classified material from the NZ Security Intelligence Service (NZSIS), New Zealand's domestic intelligence agency, was left in a Wellington café bathroom. Luckily the bag was only left unattended for about 10 to 15 minutes, NZSIS told NZME, but it wasn't an isolated incident. 

New Zealand's 20 District Health Boards (DHBs) are said to have had the most breaches of confidential information. In one privacy breach of Wellington's Capital & Coast DHB, a woman found information on 26 patients on a handover sheet in her garden. 

It turns out a nurse had taken the document home and put it in her recycling bin, which blew over, an investigation found. The patient information on the sheet was reportedly posted to a neighbourhood website. 

The Wellington DHB has had several other breaches of patient privacy, while Auckland DHB has had 16 incidents, involving information of up to 178 patients, NZME reports. Meanwhile, 15 privacy breaches have been reported at the Southern DHB, eight incidents at Counties Manukau DHB, and four at the Canterbury DHB. 

Four recent information breaches have happened at the Ministry of Foreign Affairs since 2016, but the details haven't been shared, because doing so could potentially compromise New Zealand's security and international relations. 

The New Zealand Bill of Rights Act 1990 is based on the International Covenant on Civil and Political Rights. However, no express right to privacy is included in it. When someone feels there has been a breach of the principles they can lodge a complaint with the Privacy Commissioner. 

New Zealand's Privacy Commissioner John Edwards says there is legislation progressing in Parliament that will introduce a new legal requirement to report on data breaches, if there is risk of harm. People whose information has been breached will need to be informed.