EQC privacy breach: 80K affected

The massive Earthquake Commission privacy breach involving the details of more than 80,000 people is just another reason not to take the organisation seriously, Christchurch residents say.

EQC announced that every Canterbury resident who had made a home repair claim after the quakes had their privacy breached last week.

It is believed to be one of the largest privacy breaches by a government agency in the country's history.

EQC bosses have been summoned to Earthquake Recovery Minister Gerry Brownlee's office.

Christchurch resident Lesley Fulton needs about $100,000 worth of repairs on her New Brighton property and is facing her third winter with cracks in her home.

She had made a claim with EQC and her address, claim number and possibly details of the claim was one of 83,000 that were mistakenly emailed to a former EQC contractor.

"It's really frustrating that somebody else can get the information but you just can't get anything out of them, you just have to wait," she said today.

Ms Fulton said she didn't think anybody in Canterbury really expected much from the commission.

EQC chief executive Ian Simpson told media he just now found out about the scale of the breach.

It was initially thought the information of 9700 people was emailed in error, but that scale had ballooned to eight times in size after it was realised if filters within the spreadsheet were manipulated, all the claims could be seen.

The information covered 98,000 claims from the residents, he said.

The information has since been destroyed but not before the email recipient and up to four others who were in the room saw the information.

Prime Minister John Key has played down the extent of a privacy breach by the Earthquake Commission in which the information of 83,000 claimants was leaked.

Mr Key said he was disappointed but breaches were expected to some extent in all government departments and agencies.

"EQC has been dealing with huge amounts of information and hundreds of thousands of client contacts in the last few years and have had one breach."

Comment by Senior InfoWatch Analyst Nikolai Fedotov: «Historically, the need for personal data protection depended on whether the subjects suffered from disclosure. For several years, the cause and effect changed places. Personal data are now protected, because it is obligatory according to the law. There is no trouble directly from the disclosure. The main cause of damage is in violation of security policies. There is no doubt that in the above case, the guilty employees will be fined as well as organization where the data breach has happened. It is also possible that personal data owners could sue compensation, despite the absence of direct loss from the leak».

Source

l.12-.057c.834-.407 1.663-.812 2.53-1.211a42.414 42.414 0 0 1 3.345-1.374c2.478-.867 5.078-1.427 7.788-1.427 2.715 0 5.318.56 7.786 1.427z" transform="translate(-128 -243)"/>