If you have other people’s personal information, it is your responsibility to keep it safe. There are many reasons why you need to keep that information secure. Here’s one recent example of how careless disclosure can put people at risk.

In July, WikiLeaks dumped a lot of files of personal information into the public domain which they justified by claiming the public’s need to know. It happened some days after a failed attempt to overthrow Turkey’s government.

Turkish email leak

The dump of about 300,000 emails - which WikiLeaks called “Erdogan emails” after the country’s president, Recip Tayyip Erdogan - was intended to harm the Turkish government’s efforts to quell dissent.

But, as with a huge collection of Saudi Arabian files in 2015, WikiLeaks chose not to sort through the documents to work out what was in the public interest and what should not be released.

In response, Turkey’s internet governance body swiftly moved to block access to WikiLeaks. Free speech activists, including Edward Snowden, then decided the government was trying to hide the leaked information and drew further attention to it.

WikiLeaks also disclosed links to another dump of Turkish files which were hosted by the Internet Archive. But with both sets of information, the language barrier and a lack of general information meant that little was known for some time about the nature and significance of the information, until a Turkish academic based in the United States took a closer look.

Private, sensitive information

Zeynep Tufekci who is based at the University of North Carolina and is a faculty associate at the Berkman Center for Internet and Society at Harvard, wrote: “Yes, this “leak” actually contains spreadsheets of private, sensitive information of what appears to be every female voter in 79 out of 81 provinces in Turkey, including their home addresses and other private information, sometimes including their cell phone numbers.“

She added that “Snowden couldn’t have been more wrong about an act that was irresponsible, of no public interest and of potential danger to millions of ordinary, innocent people, especially millions of women in Turkey”.

When alerted to the sensitive nature of the personal information disclosed, WikiLeaks deleted the link and the Internet Archive took down the files but the internet is the internet, and the database remained available on torrent sites.

Protecting the information

What then does the law in New Zealand expect if an agency receives leaked information? The Privacy Act in New Zealand says it is the responsibility of agencies to protect personal information from disclosure, even if it is leaked to them. A good way to do this is to delete or safely destroy the information.

If you are ever affected by others publishing your personal information in a similar way, you do have a few options. The first step, because time matters, is to attempt to contact the operators of the site that hosts the information. Some of the big operators do have processes for dealing with such requests and they can quickly take the information down.

If that does not work for you, contact NetSafe. It has established relations with some of the big internet players like Google, Facebook, Twitter, YouTube and others. You can report the threat to you on NetSafe’s reporting site, The Orb.

In the case of the ‘Erdogan emails’, WikiLeaks failed in its responsibility to check if there was a risk of ‘collateral damage’ if the information was leaked to the world.

Further reading

Associated Press has explored the context of the issue. Raphael Satter and Maggie Michael - Private lives are exposed as WikiLeaks spills its secrets (23 Aug 2016)

This Motherboard article provides an overview of where the information came from and how it was distributed. Joseph Cox - How 'Kind of Everything Went Wrong' With the Turkey Data Dump (28 July 2016)

This article discusses the earlier history of the data. Efe Kerem Sozeri - Major ‘Turkish police data dump’ reveals an even bigger scandal (21 Feb 2016, The Daily Dot)

Zeynep Tufekci’s piece published on Huffington Post looked at the data and the ramifications of leaking in a bit more depth - WikiLeaks Put Women in Turkey in Danger for No Reason (Huffington Post, 25 July 2016)

Image credit: Wikimedia Commons

IPP5 - storage & security, IPP11 - disclosure, breach