Another day, another governmental privacy breach. This time it's Work and Income and their privacy compromised information kiosks.

The question I'm now asking is where is the government's secure communications when you need them? Of course, we've constantly heard about the Government Communications Security Bureau (GCSB) during the Kim Dotcom saga. However, they only deal with 'securing' our country against communications and security breaches from abroad.

So, where's our own internal government secure communications agency when you need them? Put simply, we have no one internal government agency overseeing the security of all government information technology and communications platforms. To the best of my knowledge, the Privacy Commissioner does have a watchdog role over privacy issues within both the government and private sector but the Commissioner doesn't have the ability to ensure that all encrypted personal information held by state agencies remains just that - private. The Police and the Ombudsman as well as the Security Intelligence Service (SIS) do play various roles in ensuring that government information remains secure and uncompromised as well but their roles, to the best of my understanding, can and do overlap in this regard.

It must be remembered that have now had three IT related privacy breaches cited in one year, namely, at the Accident Compensation Corporation, Inland Revenue Department and now Work and Income. 

I realise, though, that it is near nigh impossible to secure all private, digitally stored information from breaches, whether it's held by private companies or the state. Having said that, government agencies hold extremely personal information, provided in good faith, by all New Zealanders. After all, every New Zealander has a National Health number, an IRD number and (if they have ever accessed WINZ) a benefit number. That's why it's important for government agencies, with all the powers they possess over us mortal citizens, to be extremely diligent in their handling of personal information. Due to numerous revelations this year, we now know they haven't been. 

I can also remember other breaches by Work and Income of their confidentiality policy. A number of years ago, I can remember a story about WINZ files being found in a rubbish bag on a roadside in the North Island. Another time I can remember a story about a North Island DHB sacking and/or reprimanding staff who had inappropriately accessed the health records of famous patients.

That's why I now believe it's time for Government to address what is becoming a systemic issue. For government agencies to continually violate information privacy laws (particularly in one year) is just basic incompetence. I now believe that we need a coordinated Government IT Security Coordination Agency (GITSA) to ensure that our IT and other information holding platforms are as absolutely safe as they can be. GITSA could work closely with all government departments and agencies to ensure that all the personal information they hold is safe. I also believe that any GITSA should be legally required to have strong, collaborative working relationships with the Privacy Commissioner's Office, the Ombudsman and the Human Rights Commission. Perhaps even the Privacy Commissioner's Office could be merged into the new entity and consideration could be given to extending its brief to enabling the private sector to access its services as well.

What I'm suggesting is but one solution amongst many. Another could be for government to look at its cost cutting policies as these have seen many IT professionals (considered to be 'back room staff') made redundant. IT boffins, especially, should be viewed as essential staff in this day in age rather than just add ons. I believe that government departmental heads should think about the situation this way -  if they keep on an IT worker in a restructuring, they are saving themselves from being potentially sued for millions of dollars by aggrieved taxpayers in the event of a privacy breach. And I wouldn't be surprised if lawsuits were launched in the WINZ case, especially if very sensitive information has made it into the wrong hands. Already, ACC sexual abuse clients are suing that corporation over their private information having been erroneously sent to Bronwyn Pullar and others.

I'm hopeful that this leak hasn't caused any real damage beyond what has been reported. I also hope that Government is listening to any and all suggestions being made to rectify this situation including the need for a more powerful IT security coordination agency. At the end of the day, one of the State's primary duties is to ensure that all information held by it on its citizens is securely stored and appropriately used. Otherwise, if it isn't even doing this job, then what faith can New Zealanders have in their political institutions to protect them from having one of their most precious rights, namely, privacy, invaded?

That's not a question I want to have answered again in the negative.