Data breach in 2015
Jenna Stein made this Official Information request to Department of Internal Affairs
Department of Internal Affairs did not have the information requested.
From: Jenna Stein
Dear Department of Internal Affairs,
I have been reading online articles as part of some research I am doing on data breaches. I found a reference to a DIA data breach in 2015 in one of the comments in the comments section under one news article. I have searched online and cannot find any public information about this. So if it did happened it looks like the public may not have been notified.
The comment read "When the Internal Affairs Financial Integrity team (now called the AML team) emailed confidential information about hundreds of businesses out to each other in late 2015...."
I am hoping to find out
A. If it happened, and if it did
B. Exactly what happened and how and what information was sent out that should not have been
C. If the public were notified and if not why not
The comment also said that there was human error involved and that it would not have happened if there were more than "one layer of protection" in the processes. So if this is correct I would also like to find out
D. What process or system changes have been made to prevent it happening again
E. What were the position(s) of the person or people who made the human errors and how does DIA decide if they are responsible or capable enough to be in positions where they have the potential to make errors like this
F. What extra training they got after the incident and what has changed for new people being trained for those roles
G. Whether any disciplinary information was taken
H. I would also like a copy of the investigation report from the investigation of the incident please
Yours faithfully,
J Stein
From: OIA
Department of Internal Affairs
Tçnâ koe Jenna,
Thank you for your OIA request to the Department of Internal Affairs (included with this email)
The Department will provide its response to your request as soon as practicable and within twenty working days. The 20th working day is 14 October 2019
Please note that in cases where the Department’s response provides information that is identified to be of general public interest, the response may also be published on the Department of Internal Affairs website. If the Department publishes its response to your OIA request, all personal information, including your name and contact details, will be removed.
Ngâ mihi
Michelle Reed | Lead Advisor – Official Correspondence
Te Urungi - Organisational Strategy and Performance
Te Tari Taiwhenua - The Department of Internal Affairs
45 Pipitea St | PO Box 805, Wellington 6140, New Zealand | www.dia.govt.nz
show quoted sections
From: Rachel Chrystall
Department of Internal Affairs
Please find attached a response to your OIA request from the Department of
Internal Affairs.
Kind regards
Rachel Chrystall | Senior Advisor Official Correspondence | Regulatory
Services
Department of Internal Affairs | Te Tari Taiwhenua
45 Pipitea St | Thorndon |Wellington 6011| New Zealand
| [1]www.dia.govt.nz
[2]cid:image003.png@01D40167.C4013620
References
Visible links
1. http://www.dia.govt.nz/
From: Jenna Stein
Dear Rachel Chrystall,
Thank you for the response. My research has continued while I awaited a response. The response claims that the breach did not happen. My research suggests that that is not true.
I have now met a person who was there at the time of the breach. The person related how an "Assistant Compliance Officer" accidentally emailed a number of businesses information identifying a number of other businesses that had failed to meet a legislative requirement to provide a report to DIA by the due date and were thus in breach of law. These businesses were clearly identifiable in the email and email addresses internal to these businesses were also made available to all of the businesses receiving the email.
The person has also told me that Mike Stone the very person that wrote the letter responding to my request saying that it did not happen was there at the time this happened and was well aware of it. Mike Stone's letter even says that he had spoken to all of the staff who were in that team then who were still with DIA and none knew about it. But the person has told me that the officer that sent the email still works for DIA. She even gave me his name. So either he wasn't asked about it or he forgot about it. Neither of these seems very plausible.
So the man that wrote the reply to me knew about it so did the man who made the breach. So why is the reply saying that it did not happen? Please explain this and respond with truthful information to my request or I will have to go to the ombudsman.
Yours sincerely,
Jenna Stein
From: Rachel Chrystall
Department of Internal Affairs
Dear Jenna,
Thank you for your OIA request to the Department of Internal Affairs (included with this email).
The Department will provide its response to your request as soon as practicable and within twenty working days. The 20th working day is 8 November 2019.
Kind regards
Rachel
show quoted sections
From: Jenna Stein
Dear Rachel Chrystall,
I made my request on 15 September. 20 Working days would have been 14 October. In your message you have restarted the 20 working days. Please explain
Yours sincerely,
Jenna Stein
From: Rachel Chrystall
Department of Internal Affairs
Dear Jenna,
Your email of 10 October 2019 provides further information to the Department and asks a new question that differs from your earlier request of 15 September 2019. Therefore, the Department considers that your email of 10 October 2019 is new OIA request which is due for response on 8 November 2019.
Kind regards
Rachel
show quoted sections
From: Jenna Stein
Dear Rachel Chrystall,
No. My request is the same as is it was when I first made it. The only additional part of the request is that I ask you to explain why your official reply was false.
It is disheartening and worrying that a false reply was furnished and that you are now claiming that I am submitting a different request. The matter will now be referred to the Ombudsman's office for investigation and will also feature in my thesis.
Yours sincerely,
Jenna Stein
From: Rachel Chrystall
Department of Internal Affairs
Dear Jenna,
Please find attached a response to your OIA request from the Department of
Internal Affairs.
Kind regards
Rachel Chrystall | Senior Advisor Official Correspondence | Regulatory
Services
Department of Internal Affairs | Te Tari Taiwhenua
45 Pipitea St | Thorndon |Wellington 6011| New Zealand
DD: +64 4 816 4041 |Extn: 6041 | [1]www.dia.govt.nz
[2]cid:image003.png@01D40167.C4013620
References
Visible links
1. http://www.dia.govt.nz/
Things to do with this request
- Add an annotation (to help the requester or others)
- Download a zip file of all correspondence
Jenna Stein left an annotation ()
The reply that I received to my request was false. It was stated that the event I referred to did not occur. I have since obtained evidence to the contrary. The reply letter was signed by an individual who was party to the events that have been denied.
I raised this concern with the agency and the agency claimed that this was a new query and would take a further 20 working days to reply to.
I am now referring the matter to the ombudsman's office for investigation.
Link to this