NZ bans unapproved govt IT suppliers after data breach

By on
NZ bans unapproved govt IT suppliers after data breach

Approved supplier list not mandatory in the past.

New Zealand Prime Minister Jacinda Ardern's Cabinet has clamped down on government agencies using unvetted IT service providers, cracking down on hard on rules around privacy and systems security.

The measures come after another embarrassing data breach at the ministry of Arts, Culture and Heritage, which saw an unnamed supplier leaked hundreds of people's sensitive personal information including birth certificates, passport numbers and drivers' licences.

In a press conference [pdf], Ardern said that with immediate effect, a set of interim decisions were made by Cabinet that set mandatory requirements for government agencies.

The requirements force small agencies to only procure products and services from the all-of-government ICT common capabilities list that names approved providers.

Additionally, the agencies must review current and future planned IT projects, implement common capability security, and adhere to privacy related guidance from the government chief digital officer.

The GCIO's information security standards and policies must be followed, Ardern emphasised.

Agencies have to obtain certification from the GCIO that they comply with the requirements, she added.

Ardern defined small agencies as those with limited IT capability and not by size.

They include important parts of the government, such as the Department of the Prime Minister and Cabinet, the State Services Commission, the Crown Law, and Ministry of Defence among others.

The Treasury, which was embroiled in a data breach scandal recently that leaked sensitive government budget information ahead of the official release, is also listed as an agency that needs to handle privacy and security better.

"My understanding is that the list has not been mandatory, but as I’ve set out, as an interim step, while we work through what needs to occur to prevent this ever happening again, we will now be requiring those small agencies to procure from that list over the near future while we work to ensure the security of all New Zealanders’ data and restore confidence in the systems and the agencies who are providing services to the New Zealand public," Ardern said.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
government jacinda ardern new zealand security
In Partnership With

Most Read Articles

Google slams Aussie threat to 'directly intervene' on Android defaults

Google slams Aussie threat to 'directly intervene' on Android defaults
CBA primes app for $10bn welfare payments clawback

CBA primes app for $10bn welfare payments clawback
NBN Co floats "up to" gigabit speeds for $80 a month

NBN Co floats "up to" gigabit speeds for $80 a month
Telstra blocks 2.9m scam calls in one month

Telstra blocks 2.9m scam calls in one month
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Is your AWS framework well-architected?
Is your AWS framework well-architected?
Why you should reassess your cybersecurity posture
Why you should reassess your cybersecurity posture
How will you manage the cloud data deluge?
How will you manage the cloud data deluge?
Follow these steps to prevent targeted attacks
Follow these steps to prevent targeted attacks
Your mobile devices may not be secure – learn how to fix that
Your mobile devices may not be secure – learn how to fix that

Events

Log In

Username / Email:
Password:
  |  Forgot your password?