An employment investigation is underway at the Ministry of Social Development after a review into a blunder involving client information in a controversial information-sharing programme slated the ministry for its management of that programme.
The review was into an April incident in which one organisation was able to access an organisation's folder on a new IT system for social services providers to share personal client data with the Government.
Although no personal information was in the folder accessed, the loophole forced the ministry to close down the portal which was a critical part of a new Government policy requiring social organisations to share individualised client information - such as what help they were getting, names, addresses and family members - with the Government to be eligible for government funding.
The review found the incident was the result of human error. One provider was mistakenly been given access to another provider's "library" of information. In removing that access, the ministry accidentally removed its own access as well. The attempt to restore it by a Datacom consultant resulted in all providers being given permission to access that folder.
However, the review was also critical of the wider set-up of the programme and the Ministry of Social Development's management of it, including a failure to consider security and privacy issues early and fully. "Privacy needs to be considered early and be a consistent thread throughout projects like this."