Security gap being closed
9 September 2008
Enhanced security is now being required when New Zealand government agencies transfer data to other agencies for authorised information matching programmes Privacy Commissioner, Marie Shroff said today.
In February this year, the Office of the Privacy Commissioner reviewed how data was being transferred. Many files were not encrypted for transfer by tape, CD or floppy disk. The Commissioner required the adoption of encryption within a reasonable time frame. Six months on, she said that most departments have now achieved this.
Of the 46 authorised government data matching programmes operating in February, 19 transferred data in electronic form on digital media without encryption. Now, only three remain unencrypted.
I have been advised that all files transferred on CD for authorised information matching programmes are now encrypted. One file transfer has been shifted to an on-line, encrypted transfer. However, Inland Revenue is involved in three transfers on tape which are not encrypted. The department advises that these three tapes require specialist computer equipment to read them and other security measures are also used to protect the data. Agencies involved in these tape transfers are still discussing options for enhancing security.
Privacy Commissioner Marie Shroff initiated the review of data matching programme security after the major data breaches in the UK late last year involving tens of millions of records lost in transit between government departments. The data comprised the personal details of some 7 million British families.
"I am pleased that departments have made efforts to adopt more secure methods of data transfer. I look forward to further progress on all remaining programmes. Of course, transfers for the purposes of authorised information matching are merely one stream of intra-governmental data transfers. All agencies using and storing data about people whether public or private sector should carefully reflect upon the security of that data in each instance, for example by accepting the need for encryption for all portable data storage media, said Ms Shroff.
The Privacy Commissioners office has a special oversight role for government data matching programmes.
For more information see www.privacy.org.nz or contact: Annabel Fordham tel 04 474 7590 or 021 509 735 or email@example.com
For the previous media release see: http://www.privacy.org.nz/privacy-commissioner-requires-data-encryption/
For more information about the UK data breaches, see statements from the UK Information Commissioner: www.ico.gov.uk/upload/documents/pressreleases/2007/personal_details_lost_by_hmrc_201107003.pdf