Since the massive privacy breach at the Ministry of Social Development was made public on Sunday 14th October, Social Development Minister Paula Bennett has consistently passed the buck and refused to accept responsibility for the total failure of leadership she has provided.
The release of the damning Deloitte Independent Review of Information Systems Security on November 2nd shows clearly that the breach cannot simply be blamed on individual error from the four MSD staffers currently facing employment investigations, and it identifies systemic issues for which responsibility lies at the feet of Minister Bennett and Chief Executive Brendan Boyle.
The report states that “[t]here is little evidence, at the design stage, of analysis of security and privacy risks, specification of requirements based on such analysis, and assessment of the solution design to ensure that requirements are met and risks are mitigated”. Considering the importance of the confidential information the Ministry holds on thousands of our most vulnerable citizens, this lack of consideration of privacy risks is a damning indictment on the culture at the Ministry, a culture created from the very top.
The report also found that “[t]he policy guidelines are silent on the escalation of risks that are not rated as ‘high’ or above” and that “the type of project documentation we would usually expect … does not appear to have been developed, maintained consistently and signed off”. This shift away from best practice is a clear failure of the Ministry’s leadership.
Minister Bennett cannot continue to shy away from taking responsibility. She must stop trying to shift the blame for her lack of leadership and the systemic issues present in her Ministry onto a few lowly staffers.
Under this National Government, the privacy of thousands of our citizens has repeatedly been breached, including the major breaches at ACC and MSD. New Zealanders deserve better.