EQC boss Ian Simpson said he decided to front on the breach immediately in light of other recent government department privacy breaches. He made the announcement at a press conference in central Wellington this afternoon.
At 7.45am today a staff member sent out an email intending to stay within EQC, however, the auto-complete function in the email accidentally filled in a third-party’s address, Simpson said. The email included an attachment with 9700 claimants, claim numbers and street addresses. It did not include names.
He apologised “unreservedly” to the people whose privacy had been breached.
“I am dismayed and disappointed that this breach has occurred and I apologise unreservedly that private customer information was sent to the wrong person.
“I want to ensure our customers that every effort will be directed at ensuring this doesn’t happen again.”
The breach only affected customers in the EQC Canterbury Home Repair Programme. They were all from Canterbury and were people who had yet to have remedial work start on their properties.
Simpson said affected clients would be contacted next week.
The recipient of the email had already been contacted and had promised to delete the information.
The recipient, who has previously dealt with EQC, had also said they would not reveal any of the details contained in the message, Simpson said.
Were you the recipient of the email? Email us at email@example.com
Most of the information in the email would be indecipherable without inside knowledge of the inner-workings of the EQC, he said. However, he did not know whether the person who received the information had that knowledge.
The staff member responsible for accidentally sending out the email would not be punished, Simpson said.
EQC would beef up procedures for encrypting and securely accessing sensitive data and rules for using email to send sensitive documents, Simpson said.
“We will commission an independent review of the breach and take steps from that review to ensure this doesn’t happen again.”
Earthquake Recovery Minister Gerry Brownlee had been informed of the breach and was pleased the EQC was stepping forward publicly so soon.
– Fairfax Media
As far as privacy breaches go this is a minor one which has been swiftly dealt with by EQC. I imagine there are more than a few home owners in Christchurch who would like to see a little of that speed applied to resolving claim issues two years on from the big one.
What it does highlight is the growing trend in privacy breaches from government agencies. There is going to need to be a higher standard of permissions applied to emails (with attachments) to external recipients. This will result in some frustration on the part of employees having to deal with another pesky dialogue box but it is entirely necessary with so much sensitive public information floating around the central government digital universe.