MSD deputy cops one for the team for data bungle

Murray Edridge, a deputy chief executive in the Ministry of Social Development, has resigned over an embarrassing data bungle, but the Public Service Association (PSA) says that responsibility went wider than that.

Stuff: MSD deputy quits after botch-up with client data security, despite having ‘no direct involvement’

A senior civil servant has quit after a privacy botch-up at the Ministry of Social Development – but a union says others are also responsible for the bungle.

Murray Edridge​, a deputy chief executive at the ministry, will step aside, even though his boss, Brendan Boyle, said Edridge had “no direct involvement” in the client data controversy.

But responsibility went “wider than Mr Edridge and his colleagues”, PSA national secretary Glenn Barclay said.

The Public Service Association (PSA) said Edridge had taken the blame for security and privacy issues arising from client data collection.

Is one person falling on their sword sufficient?

The ministry’s poor handling of issues around the handling of sensitive and personal data in late March and early April triggered an independent inquiry.

Data sharing is a contentious issue and this was an embarrassing stuff up.

Former Deloitte consultant Murray Jack, who led the investigation, made it clear the ministry was asked to implement policy in an unworkable timeframe, and the security issues were a direct consequence of that, Barclay said.

“At a time of major organisational change, putting pressure on agencies to implement complex IT projects is unfair and unwise.

“We are very concerned about the pressure the Government can bring to bear on ministries when their pet policies are at stake.”

Political pressures in election year? Not a good reason to rush things.

Social Development Minister Anne Tolley announced details of the independent review into MSD’s individual client level data system last month.

Client level data included beneficiaries’ demographic information and vital statistics, such as client addresses, details of their dependants and details of MSD programmes clients were enrolled in.

No privacy breach occurred in the IT botch-up, but the review found the IT system gave organisations access to other groups’ folders, with the potential to reveal vulnerable clients’ personal data.

The botch-up infuriated Tolley, being revealed as she promoted policies forcing non-governmental organisations (NGOs) to hand over personalised client data if they wanted Government funding.

Was she poorly advised about reasonable timeframes, or did she push things too hard?

On Tuesday, Boyle said the investigation confirmed the ability of other organisations to see one uploaded folder stemmed from human error, relating to the incorrect granting of access permissions.

Human error is easy with things like that, especially if under time pressure and with inadequate systems and tests to check crucial things like data security.

“While we are satisfied that no breach of privacy occurred, it is concerning that there was the potential for this to occur.”

Very concerning.

Leave a comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s