Review of Tuia250 data breach bad end of year for PM

The New Zealand National Party

The Prime Minister’s year has ended badly with the release of the review of the Tuia250 data breach, National’s Cybersecurity spokesperson Dr Shane Reti says.

“This is the Prime Minister’s own Ministry, she knew the report was bad and has cynically sat on it until the last week of the year when it could not be scrutinised by Parliament.

“The independent review found three privacy breaches, out of date policies and raised a conflict of interest with staff and the website supplier.

“The key fault was a change approved by the Deputy Chief Executive of Tuia250 that was outside of the contract and that altered the website from being promotional to collecting personal data.

“At that time the previous security settings that allowed information to be downloaded were not changed, and all of the personal information became searchable by web engines and downloadable.

“The website supplier was not on the approved panel of suppliers and was initially recommended by a member of staff with whom there was a ‘connection and a professional relationship’. This relationship was known by other staff and management but regardless the contract was initially directed to only that supplier.

“The staff member was eventually recused from further decision making but not before providing information that helped the supplier eventually win a contestable Request for Proposal to build the site.

“Arts, Culture and Heritage Minister Jacinda Ardern has many questions to answer. This is a very serious matter, the Prime Minister has overseen more young people having their personal data breached this year than any other Minster, and yet her attitude in Parliament to the four breaches has been flippant and dismissive.

“Jacinda Ardern has been distracted and taken her eyes off her own Ministry, and has allowed 71 young people to have their personal data accessed. That is completely unacceptable, and for the Minister to release this information just before Christmas is deeply cynical.”

the Independent Review of the Tuia 250 Voyage Trainee Privacy Breach can be found here

/Public Release. View in full here.