Deloitte to review NZ Ministry security

By on
Deloitte to review NZ Ministry security

Follows massive #MSD privacy breach.

Deloitte has been commissioned to conduct an independent review of the information systems security at the New Zealand ministry of social development (MSD).

The review comes after a massive privacy breach that meant anyone using the 700 self-service kiosks installed in Work and Income social welfare offices could access confidential and sensitive personal data about the agency's clients.

Murray Jack, Deloitte chairman, will lead the review with a four-person independent steering group to provide oversight. 

MSD chief executive Brendan Boyle will also attend and participate in the steering group.

Phase One of the review will be completed within two weeks, and will investigate the circumstances and causes of the kiosk security breach that compromised privacy. It will check the work done to ensure appropriate information security was put in place at the time the kiosk infrastructure and services were designed and built.

Also in the scope of the first phase of the review are checks on the independent security testing done, the MSD's response to it and information provided by third parties reporting security concerns.

A second part of the review will look at the MSD's wider information systems security, focusing on  the policies, governance, capability and culture around publicly available systems.

The second phase will also identify any lessons learned and make recommendations to the chief executive of the MSD as to any changes and improvements required for systems security.

Reports from both phases of the review will be made public, according to the terms of reference.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © . All rights reserved.
In Partnership With

Most Read Articles

Log In

Username / Email:
  |  Forgot your password?