Kiosk security report finds 12 weak points

File photo / NZ Herald

A review of Government information systems' security found weak points in 12 agencies which have now been addressed.

The review of the security of publicly accessible state sector agency IT systems was conducted by Government Chief Information Officer Colin McDonald and initiated in October last year in response to revelations that private data could be obtained via the Ministry of Social Development's public computer kiosks.

Releasing the report this morning, Mr McDonald confirmed that weak points had been found in 12 of the 215 publicly accessible systems reviewed.

"Action has been taken and the systems are now secure."

There was no evidence those weak points led to unauthorised access to information.

A draft of the review was supposed to have been given to the Government by November 27 last year.

State Services Commissioner Iain Rennie confirmed the report was completed late last year but departments had been working on their response since then.

The issue of public trust in Government agencies' ability to handle private information appropriately was an increasingly important one Mr Rennie said.

The public was no much more aware of the issue and much less tolerant of misuse of their information.

"We need to raise our game considerably around how we handle people's information."

Mr McDonald said there "will always be a level of risk in this area that must be managed".

He said the review's key findings were that the management of privacy and information security "is not always meeting best practice and needs to improve".

There was currently too much reliance on work done by IT staff and contractors and not sufficient oversight by senior managers.

The weak point at the Department of Corrections involved inmates at Mt Eden Corrections Facility being able to access "a limited number of external websites through a prisoner kiosk".

Mr McDonald said he did not have any information to hand about websites accessed by prisoners.

The agencies where weak points were identified were:

- Careers NZ
- Ministry for Culture and Heritage
- Department of Corrections
- Ministry of Education
- EQC
- Commission for Financial Literacy and Retirement Income
- Ministry of Justice
- Maritime NZ
- MidCentral DHB
- Trade and Enterprise
- Ministry of Social Development
- Tertiary Education Commission