The New Zealand Privacy Commissioner has expressed concern that information illegally obtained from a regional health authority is being used by journalists to source stories, saying doing so is likely to cause "a great deal of anxiety to the people affected".
Yesterday, Radio New Zealand published a story that referenced information obtained from the ransomware attack on the Waikato District Health Board in May.
The state broadcaster has had access to patient files and other sensitive information since June this year, when it said it discovered them on "the dark web".
Privacy Commissioner John Edwards slammed the reporting as unethical.
“This reporting would appear to raise quite significant ethical questions, and I would be concerned to think of journalists trawling through illegally obtained deeply sensitive personal information to identify and generate stories," Edwards said.
"The fact that one media source would appear to have done so may prompt others to do so - effectively creating a market for, and monetising, this very personal material,” he added.
Everyone, including the media, should respect the personal information of others and not access such material, Edwards said
The Office of the Privacy Commissioner is now considering whether to lay a complaint with the New Zealand Broadcasting Standards Authority, or the New Zealand Media Council.