Seven complaints involving nine staff for accessing client records without authorisation during the past year have been substantiated, with a former former Immigration New Zealand officer informing the New Zealand Herald that
staff sometimes logged in to look at information on wealthy and interesting clients "for fun". "We would joke about which client would make a good boyfriend, and recommend in jest the rich ones to our single colleagues," she said. "It's similar to how people would look and laugh at people and the information they put on dating websites."One officer has resigned, four have received final warnings and another is facing disciplinary action.
The Otago Daily Times in reporting on the action states that -
It was also "common" for immigration staff who had access to client files to call colleagues over to their computer screens when they found interesting information or photographs on applications.
In April, a Department of Labour internal audit investigator found one officer had accessed client details on three occasions and information was passed to other parties.
But no action was taken against the woman, as she was no longer working with the agency.
"The complaint was substantiated as a breach of our code of conduct and disciplinary action would have been recommended had (the woman) still been employed by the department," the investigator told the complainant.Arguably penalties for misebehaviour should extend beyond internal sanctions, ie offenders should not be able to escape by simply resigning from a government agency.
In the UK the Information Commissioner has announced a £150,000 civil monetary penalty (CMP) on consumer lender Welcome Financial Services Limited (WFSL) in relation to the loss of records featuring over half a million customers’ details.
WFSL’s Shopacheck business lost two back up tapes containing names, addresses and telephone numbers of customers in November 2011. Those tapes have not been recovered. There is no indication of whether the data was encrypted.
The Commissioner commented that "It’s a case of ‘wake up and smell the CMP", noting that
Over the past year the ICO has bared its teeth and has taken effective action to punish organisations many of which have shown a cavalier attitude to looking after people’s personal information.
This year we have seen some truly shocking examples, with sensitive personal information, including health records and court documents, being lost or misplaced, causing considerable distress to those concerned. This is not acceptable and today’s penalty shows just how much information can be lost if organisations don’t keep people’s details secure.
We hope these penalties send a clear message to both the public and private sectors that they cannot afford to fail when it comes to handling people’s data correctly.