Report into Covid privacy breach

The Heron report into the Covid privacy breach has been released.

Media release:

Findings of investigation into COVID-19 active cases privacy breach

Deputy State Services Commissioner Helene Quilter has today announced the findings of an investigation into a breach of privacy regarding sensitive personal information.

The investigation looked into who or what caused the disclosure of the information, and what might have prevented the information from being disclosed and what, if any, improvements might prevent that happening again in the future.

The deputy commissioner said the investigation, led by Mr Michael Heron, QC, found that sensitive personal information was passed to someone who was not authorised to see it, who then placed it in the public arena.

The breach happened after the then Acting Chief Executive of the Auckland Rescue Helicopter Trust, Ms Michelle Boag, passed on the information, without authorisation, to Mr Hamish Walker, MP. Mr Walker subsequently passed the information on to the media.The report findings around Ms Boag, the Auckland Rescue Helicopter Trust (ARHT) and Mr Walker have raised privacy issues which are outside the deputy commissioner’s jurisdiction. Ms Quilter has therefore referred the report to the Privacy Commissioner. In particular, she has referred the actions of Ms Boag, the ARHT and Mr Walker for specific attention. Mr Walker’s actions may fall outside the jurisdiction of the Privacy Commissioner but that is for him to determine.

The deputy commissioner has also shared the report with the Speaker of the House of Representatives and the Leader of the National Party, who are referred to in the report and who may have jurisdiction.

In relation to matters under the Commissioner’s jurisdiction, Ms Quilter said the policy around the security of personal information within the Ministry of Health could have been tighter and the agency should have reviewed this earlier.

The Director-General of Health, Dr Ashley Bloomfield, has assured the Commission that the agency is fixing the areas identified in the report for improvement.“The Ministry’s policy should have been reviewed when the context shifted and it was not,” said Ms Quilter.

“I am not going to criticise the Ministry of Health beyond that when lives have been saved as a result of their actions on the broader COVID-19 front.

“The information should not have been placed in the public arena. The Ministry of Health did not place it there.”

Report Executive Summary:

Ms Boag and Mr Walker were each responsible for the unauthorised disclosure of this sensitive personal information. Their motivations were political. Their actions were not justified or reasonable. Each acknowledged their error publicly and cooperated fully with this inquiry.

The Ministry of Health policy and process in notifying emergency services of active cases was a considered response to the pressures arising during the early stages of the crisis. Whether the policy was appropriate in the circumstances applicable in April 2020 will be the subject of further review by the Privacy Commissioner. The policy and process should have been reviewed once there were no longer cases in the community and the dissemination to emergency services of the personal information ought to have stopped. In any event, there ought to have been better protection over the personal information.

On Boag and Walker:

The statements of Ms Boag and Mr Walker indicate that the cause of the leak was, first and foremost, deliberate and politically motivated. Both have expressed their sincere regret at their poor judgement in distributing this sensitive personal information to others. I was contacted by a COVID-19 patient to convey their shock and dismay that such information would be passed around in this manner. The Ministry was aware of the risks of unauthorised disclosure of such information and the harm that could be caused. Given its sensitivity, disclosure of such personal information requires clear legal authority and careful judgement.

The Privacy Act is unlikely to apply to Mr Walker in these circumstances. Section 2 of the Act states that an “agency… does not include… a member of Parliament in his or her official capacity.” Mr Walker considers he received and disseminated the information in his capacity as an MP. He says and I accept that he sought to hold the Government to account with respect to the countries from which new cases were originating and with respect to the lack of security around personal information. Mr Walker accepted that the spreadsheet did not assist to prove the first point. In my view, however, Mr Walker was acting in his official capacity.

Ms Boag’s actions in disseminating the personal information would not have been compliant with ARHT policy.

The State Services Commissioner could consider a formal referral of Ms Boag and the ARHT to the Privacy Commissioner, who is the appropriate statutory body in their case. The Privacy Commissioner is, however, already reviewing the question of whether the Ministry policy was appropriate and can investigate this matter with or without a referral or complaint.

On Michael Woodhouse:

Ms Boag had earlier provided similar personal information (but different spreadsheets) to Michael Woodhouse, MP. I received information relating to those other occasions from Ms Boag and proactively from Mr Woodhouse. Mr Woodhouse advised he did not forward such information on and has now deleted it. I considered whether I should pursue the deletion further with Mr Woodhouse, but ultimately because the information was similar in nature and it was not central to my inquiry, I determined it was not necessary to pursue it. I accept Mr Woodhouse deleted the information. Ideally, he would have counselled Ms Boag not to disclose such information and/or alerted the Ministry or Minister.

Full report:

Tree house ‘breaches building code’

The Dunedin City Council has ordered the removal of a tree house because it breaches the building code. I bet the building of it also breached safety codes by not surrounding the tree with scaffolding during contrutction. And it hasn’t got smoke alarms or any tsunami warning system.

1 News: ‘Seriously get a life’ – Council tells Dunedin family to remove backyard tree house they say breaches Building Code

The tree hut, built by grandad Trevor Norman, has given his grandsons Logan, Devon and Ethan hours of fun.

But a visit from the Dunedin City Council – prompted by a privacy complaint from the neighbours – has seen the tree house in line for the chop.

Trevor – who built the platform with a friend – is questioning what the council is spending its resources on.

“What’s wrong with kids playing in their own backyard anymore, are we not allowed that?” he said.

“I don’t see why the Council would waste their time on it.”

There probably aren’t safety mats on the ground under the tree house either.

The platform, ladders and railing sit in the plum tree owned by Trevor’s daughter Janice Norman-Oke.

“They’ve all had their friends over. We’ve got quite a few kids in the neighbourhood, they’ve all been over climbing it. They all have gone home and said to their parents they want one too,” said Janice.

But shortly after it was built, Janice was notified by the Council that a neighbour had complained the tree house disturbed their privacy.

Rachael and Martin Morris said they approached the Council asking about “guidance regarding privacy, and in the process alerted the Council about the tree house structure”.

Council inspectors visited, and decided that while there was no breach of privacy – the tree house didn’t meet the Building Code.

“I think it’s rather ridiculous,” said Janice.

The structure isn’t exempt under provisions for private playground equipment, because the safety railing takes the overall height to more than three metres – which means, it needs a building consent.

So why not just remove the safety railing? That would probably breach something else – including common sense.

I must admit the tree house and swing I have made don’t have RMA approval, and the trolley I built doesn’t have a warrant of fitness.

Bradbury does dirty

This morning Martyn Bradbury posted

BREAKING EXCLUSIVE: Massive online ACT Party data breach

The Daily Blog has been contacted with information that the ACT Party database has been left open online…

…we’ve had a look, and they are right. There is a huge data base of members and donors on the list, alongside a fascinating document from Franks/Ogilvie to the hard right NZ Initiative outlining their hatred of Maori gaining any power under the new RMA.

As far as I can see the entire database of donors and members are just open on this and I estimate there maybe about a 1000 names there.

To protect their privacy we won’t publish any of their details, but ACT might want to hire someone to make their database secure.

If ACT did have insecure date publicly accessible on a website that’s embarrassing for them and fair enough to point it out and to score a political hit.

But beyond that Bradbury has acted in an inexcusable, despicable way, as did the person he claims alerted him to it. This looks to be as dirty as when Cameron Slater went far to far when someone found insecure data on a Labour Party website.

This is as bad as finding an unlocked building and entering and rummaging through cupboards and drawers, and taking copies of information and publishing it.

Bradbury published information that could reasonably expected to be not intended for the public to see.

The person who enabled Bradbury to breach privacy like this is more culpable.

If the data was still insecure when Bradbury publicised it that put it at great risk of other people finding and copying data and information.

Again, going online publicising an unlocked door is highly unethical.

As per the Slater-Labour breach, fine to publicise lax security, but accessing and searching and publishing information is inexcusable and possibly illegal.

The proper thing to do would be to advise the owner of the data that it was insecure, and after it was secured then fair enough to go public.

What Bradbury has done here is admit himself to the dirty politics hall of infamy occupied by Slater.

Bradbury promotes The Daily Blog as a shiny new alternative to mainstream media (similar to Slater and Whale Oil). Very sadly both operate in the social media gutter.

This makes him more like a sensation and attention seeking scummy dirty blogger. D

It’s hard to believe how irresponsible Bradbury has been here – more so than whoever was responsible for insecure data.

Other contributors to The Daily Blog should be concerned and embarrassed by this.

Reserve Bank leak and MediaWorks

In March a journalist from MediaWorks leaked information about an OCR announcement that could potentially have resulted in insider trading, and another MediaWorks employee passed the information on to a blogger.

This was a serious breach.

Journalists had been brief on impending announcements so they cold prepare stories on the condition secrecy was maintained until the official announcement was made.

Yesterday the Reserve Bank issued this press release:

Reserve Bank takes action after investigation confirms leak

Thursday, 14 April 2016, 2:15 pm

Reserve Bank takes action after investigation confirms leak

An independent investigation has confirmed that highly sensitive and valuable market information on the March Official Cash Rate (OCR) cut decision was leaked by a journalist ahead of the official release, the Reserve Bank said today.

Following the investigation, the Bank will tighten its procedures for the release of confidential information. The Bank will discontinue embargoed lock-ups for news media and analysts ahead of announcements of interest rate decisions, Monetary Policy Statements and Financial Stability Reports.

The investigation by Deloitte’s forensic unit found that, contrary to the rules of the lock-up, information on the Bank’s decision to cut the OCR was transmitted by a Newshub Mediaworks reporter to several people in the Newshub office from the media lockup for the Monetary Policy Statement on 10 March.

This information was then passed on by another person in Newshub Mediaworks, well before the MPS official release, to an economics blogger. The blogger only alerted the Bank to the leak after the MPS was officially released.

Deloitte was assisted in its investigation by Mediaworks’ legal team, who undertook an internal investigation, uncovered emails that confirmed the leak, and reported these to Deloitte.

Governor Graeme Wheeler said: “The leak is a serious and disappointing breach of many years of trust. It created the opportunity for improper gain on financial markets and damage to the integrity of the Bank’s communications. I am extremely disappointed that the information was leaked initially and then communicated more widely.

“The fact that several people outside the Bank, who had access to the information improperly, failed to alert the Bank immediately, was irresponsible and left open a significant risk that the Bank could have closed down quickly with an immediate official release.”

No evidence has emerged that the leak gave rise to any financial market impact.

The Bank has considered alternative arrangements relating to information security. However, none completely mitigated the technology and human risks, said Head of Communications Mike Hannah.

“We have reviewed the procedures of several central banks. None provide lock-ups for analysts prior to major policy announcements, and the few that provide embargoed lock-ups for media representatives take extensive measures to control the media environment in the lock-up that are not viable for us. Most central banks do not provide embargoed lock-ups.”

Mr Hannah said that from the 28 April OCR statement release, the Bank will issue OCR and MPS statements via its pages on Thomson Reuters and Bloomberg screens at 9:00am, as is currently the case, followed by release on its website and to email subscribers. In the case of the quarterly MPSs and six-monthly FSRs, the release of a news release and these documents at9:00am will be followed an hour later by a press conference.

“The decision not to provide lock-ups for media or analysts means that these parties will receive the information at the same time as other financial market and public audiences.”

More information: Investigation into leak of March 2016 OCR announcement

MediaWorks issued their own press release:

MediaWorks Response to Reserve Bank Statement

Thursday, 14 April 2016, 2:07 pm

Mark Weldon, Group CEO, MediaWorks said: “MediaWorks unreservedly apologises to the Reserve Bank for this incident. Once MediaWorks was aware a leak had taken place, it conducted its own investigation to determine whether the leak had come from within MediaWorks and self-reported that to the Reserve Bank.”

Regarding the specifics of the matter, Richard Sutherland, Acting Chief News Officer, said: “The leak was caused by a failure within News to follow proper process and changes have already been made as a result. We are addressing the breach with those concerned and new policies and training will be implemented moving forward.”

There was a strong response on Twitter from journalists from other companies who were very annoyed their privilege of lock-up provide information in advance had been removed.

Some suggested that MediaWorks only should be penalised, which is a fair point.

Others said that much stronger action would be appropriate from MediaWorks, with sackings amongst the suggestions.

It was pointed out that if a Reserve Bank employee or politician had leaked information like this the media would be all over the story, they would have identified the people involved and named and shamed them.

Instead they muttered on Twitter where it was also suggested that they protect their own.

Except Rob Hosking from NBR who was scathing. See next post.


Little on defying the TPPA

Here’s the interview of Andrew Little on Radio New Zealand where he says he would defy the Trans Pacific Partnership Agreement.

Labour says it will defy TPP

The Labour Party leader Andrew Little says his party would defy the Trans Pacific Partnership in Government.


The Labour Party leader Andrew Little says his party would defy the Trans Pacific Partnership in government.

An international agreement on the trade deal was reached late last year and now has to be ratified by each country’s government. There are reports it could be signed in New Zealand next month, two days before Waitangi day.

Note that signing is a step before ratifying – see TPPA process corrects claims of lying.

Mr Little says National has the numbers to pass the legislation without Labour. Andrew Little doesn’t intend to abide by the agreement if elected to government next year.

The interview:

RNZ: Once the ink’s dry on this how would a Labour government actually be able to flout it anyway?

Andrew Little: One of the provisions in the TPPA that most concerns me, I raised this in all the meetings I had  in Washington DC at the end of last year, is the part of the agreement that says that countries who are party to it will not be able to pass laws to restrict land sales.

So of we decided that there were too many Americans or too many Australians or too many Chinese or whoever buying up New Zealand farmland and we wanted to put restrictions on that then we wouldn’t be able to pass laws to do that.

The USA and Australia are party to the TPPA but China isn’t.

Andrew Little: That seems to me just an absolute contravention of our sovereign right to have a Parliament that passes our laws.

The funny thing is of course when you look at it, when you look at the agreement, at least three countries have got exemption from that provision, Australia, Malaysia and Singapore, and when I asked about the issue when I was in Washington DC I was told that actually New Zealand didn’t even ask for an exemption to that provision.

So we’re stuck with an agreement that would prevent a future New Zealand Parliament from passing a law that the New Zealand public might want to have.

The same must apply to many international agreements New Zealand has made. If a future New Zealand government wanted to pass a law that was in breach of an agreement then they would breach the agreement and would have to be prepared for any consequences, including the possible need to withdraw from the agreement..

RNZ: But if Labour was elected how would you actually defy this, how would you not go ahead with the bits that you don’t agree with?

Andrew Little: So the point I’m making, I’m getting to, is the Labour Party has a policy  that we would restrict or put in place restrictions on land sales, because we know that New Zealanders are concerned about the amount of land that is falling into non resident foreign ownership. And so we will proceed to do that.

But what I I guess they’re making clear (that part wasn’t clear) made clear in my meetings with officials of the administration at the end of last year and what I think is important for New Zealanders to do both around the time of the signing next month that happens then and during the course of legislation in our Parliament here is for New Zealanders to make very clear that they don’t agree with those parts of the TPPA that compromise our sovereignty.

I don’t know what Little means exactly by “compromise our sovereignty” but any international agreement made by New Zealand can affect what we can then do if we want to abide by those agreements.

It may be a ‘sovereign right’ for a future Government to pass legislation that breaches the Geneva Convention, or any other international agreement that we are signatories to, but it may not be very smart.

We need to send that signal very clearly so that when there is a change of government it won’t be a surprise to other members of the TPPA and we will proceed as if we will do what’s in the best interests of New Zealand.

Labour may be faced with a decision to decide whether it’s in our best interests to abide by international agreements or to breach or withdraw from the agreements. If they want to further restrict foreign buyers of land here it could involve more agreements than just the TPPA.

RNZ: Why such a strong opposition from Labour now?

Andrew Little: Ah well our opposition to anything that compromises our sovereignty is nothing new, we’ve made that pretty clear. I was pretty clear in my speech to the Labour conference at the end of last year is that  you know it is simply something we would not contemplate or would not agree with and we would defy it and I’ve made that clear to various American authorities I met with at the end of last year. I’m making it clear now.

You know I just I am stunned, I was stunned to hear when I was in Washington DC that they are where lining up the 4th of February as a date for the Ministerial signing of the agreement, and I said to some of them, I said are you nuts?

If Little knew last year about the plan to sign the TPPA on February 4th why is it suddenly big news now?

This is two days before our national day, the day we celebrate our national identity and our national authority. Why on earth would you set that aside as a date to sign an agreement that is so controversial and is not particularly popular in New Zealand. And was met with a sort of dumb silence.

So you know they will go ahead and do what they want. It just demonstrates a level of arrogance around this whole thing.

I think what’s important for New Zealanders um you know because there is a level of concern about it, that we send a very clear signal and take every opportunity to do so, that those things that undermine the sovereign right to our New Zealand Parliament, um we have to you know tell the other parties of the TPPA it’s not acceptable and we won’t abide by it.

What Little should be asked is if this not abiding by agreements that he or Labour don’t find acceptable could apply to any international agreement made by New Zealand.

If Labour is establishing a precedent of breaching agreements (or threatening to breach agreements) they don’t agree with I think this should be made very clear. And Little should say whether it could apply to any agreement they don’t think is acceptable.

RNZ: Is the Labour caucus behind this? Goff? Shearer? Are they with you?

Andrew Little: Ah, well, they it Labour Party policy is the policy of the Labour Party, both the you know the rank and file and the caucus and we’ve had discussions in caucus about it and indeed the party at conference and at all levels have discussed this and they’ve been pretty clear um and so you know that’s the stance um that that we’re taking.

I’ve made it very clear as leader the the approach I intend to take and that will no doubt be the subject of ongoing discussions but I’ve been very clear and I think that’s the approach we need to take.

Little has made it clear he wants to take a stance on defying or breaching the Trans Pacific Partnership Agreement but has not made it clear to what extent he would take that, on the TPPA or potentially on any other international agreement.

And what seemed clear from his lack of clarity in that last response is that he may not have the full support of the Labour caucus and that expects discussions to be ongoing.

I’m not sure that Little or his advisers have thought through the implications of appearing to take a strong stance on a small part of the TPPA might have.

This has the potential to undo the dampening down of caucus dissent that Little appears to have achieved last year.

It also has implications for Little’s credibility as a potential Prime Minister, both on a national scale and particularly internationally.

Threatening to defy international agreements is no minor matter.

Breach of interim injunction?

The Sunday Star Times (and Stuff) may have at least come close to breaching an interim injunction, and if covered by the injunction commenters on a major New Zealand blog have fairly blatantly breached it, and has so far the blog has taken no action about it. Tony Wall wrote:

A Cabinet minister’s brother is due to appear in court this week on child indecency charges.

The man has been summonsed to appear in the District Court on Tuesday — but the man’s lawyer, high-powered Queen’s Counsel Jonathan Eaton, last night went to the High Court in Christchurch to obtain an injunction stopping the Sunday Star-Times naming the man or the minister concerned.

Last night, High Court Justice David Gendall imposed an interim injunction preventing the newspaper naming the accused and the Cabinet minister.

But the article gives enough details to make it quite easy to narrow down possibilities.

And commenters on a major New Zealand blog have fairly openly and blatantly identified the Minister. And site moderators have taken no action, despite the comments being prominent, and despite being advise of possible legal issues, and despite a moderator being active on the same post.

And despite that blog having clear policy against this behaviour.

If we and/or our lawyers feel that the the comment or post oversteps a legal bound, violates good taste, invades the privacy of people outside the public domain, or goes beyond the scope of our site – then and only then will we do something about it.

Most of the time the moderators will be harsher on offending content than any court in NZ is likely to be.

The breaches began about 8.30 am this morning and subsequent comments confirmed what was heavily hinted at.

If they have identified the Minister then it’s clearly defying the intent to prevent revealing the identity which sounds likely to be subject to a name suppression application.

And the blog management would appear to be allowing these breaches to remain on public view.

UPDATE: I’ve been advised by the blog that if they haven’t been advised of an injunction then they don’t have to stop speculation (but they are obviously aware of the injunction).

They also claim that speculation is fine as ling as it doesn’t explicitly name the people protected by the injunction (despite the collective comments clearly identifying someone).

And the claim that suppression orders “just stop people being named, not speculated on”.

That surprises me – it’s not how I understand that name suppression works, and I’m surprised this blogger is taking this position.

UPDATE2: This question has been asked on the blog:

The courts granted an injunction to prevent publication by the SST of the Minister’s name. Does that injunction apply to the public?

A response from the moderator:

Likely. As I have no idea who it is, So to conform to the reported suppression, I will just limit people saying explicitly which minister it is.

From a legal point of view that surprises me. Taken as a whole the blog thread clearly identifies the Minister.

Mind you, after the questions on how Carmel’s mothers name got into media, I am only inclined to follow the letter of suppression orders.

From a blog and political point of view that doesn’t surprise me.

Has Slater breached suppression, and can Freed trust him?

In a post on Whale Oil today Cameron Slater must have come very close to breaching a suppression order, or blatantly breached it (I’m not sure of the legal specifics. I won’t link to it here to be safe.

It was so risky head moderator Peter Belt shut comments and posted this comment saying he “expressed my displeasure at this article to Cam last night”.

[MOD] Every time there are posts like this, I end up banning people. If you can’t play the game, then just pass these sorts of articles by. For the record, I expressed my displeasure at this article to Cam last night. Guess what? It’s his blog, and I don’t have the final say. I think it’s a stupid piece to write, and all it does is makes work for me and the other mods, “good” people end up being banned because they blunder into our no-tolerance on name suppression issues enforcement, and it attracts a wave of trolls that (generally successfully) manage to tip veteran commenters into making mistakes.

I get this wrong, and we face a $100,00 fine and/or 6 months in jail. That’s MY perspective. If you can’t figure out how to comment on posts like this PASS THEM BY.

Finally, this is Cam’s blog, and when the National Party in a number of it’s guises shit on him from a great height, I can’t blame him for acting on that. Most of the time he’s a bit more subtle than today, but I think there is a message that is being sent that probably has nothing to do with you, our readers.

I’m closing this article to comments, because I have work to do.

So he was concerned about the content of the post. I’m not surprised. But it became bizarre when he warned and banned commenters for also risking breaching the suppression.

Belt has already fundraised to help pay Slater’s legal bills.

It looks like quite a few comments could have disappeared since they were posted.

But before he closed comments Slater posted a few of his own.

I owe National nothing…I’m not even a member. I call things as I see them…this is just one such thing that I think needs attention.

I am not a sycophant and never will be.


They can think what they like. I know what is reality. I am not in control of the feeble minds of others.

This on top of recent posts and comments where Slater has made it clear he does as he pleases and is not controlled by anyone I would suspect Freed is more than a little concerned about the risks of an uncontrolled beast if they ever get around to launching.