TVNZ alerted the Teaching Council of Aotearoa New Zealand to a spreadsheet of information they discovered on a New Zealand-based online technology forum, prompting a data breach apology.
Teaching Council Chief Executive, Lesley Hoskin says, “For clarity, this was not a breach of information relating to our teacher conduct and competence database. It related to general enquiries and correspondence data and contained a short summary of the enquiry-it did not include fulsome material or attachments.
“However, some of the information was sensitive and for that I am incredibly sorry. The number of people whose privacy was breached, is approximately 43, and I’m working with them directly to mitigate the impact of the breach.”
The Teaching Council has ‘unreservedly apologised and continues to work with the affected parties on the ongoing actions’. Communications with the persons affected are private and confidential, and it would not be appropriate for the Teaching Council to comment any further, said Hoskin.
“The inadvertent and unintentional breach was a result of human error rather than a cybersecurity incident. TVNZ inadvertently discovered the breach-by typing specific details into Google that were contained in the spreadsheet.
“I am grateful to TVNZ for alerting me and the Office of the Privacy Commissioner, so urgent action could be taken. I am extremely disappointed that this has happened, and I wholeheartedly and unreservedly apologise for this breach of privacy. I have made sure the information can no longer be publicly accessed, and we’re working urgently to rectify this matter,” says Hoskin.
The Teaching Council is also in contact with the Office of the Privacy Commissioner who has advised that any information arising from this breach could cause a great deal of anxiety to the people affected and that journalists should not be accessing this information or contributing to its more widespread dissemination.
Hoskin added, “Our legal advisers confirmed that TVNZ understands that when a privacy breach occurs, out of fairness to the responsible agency and the individuals affected, it is best practice is to delete the document as soon as it’s discovered and advise the agency concerned. It would be a breach of privacy for any person or organisation who finds information to use the information in any way.”
The Teaching Council has started conducting an internal investigation into their processes to ensure this doesn’t happen again, and details of the investigation will remain confidential. Appropriate comment on the outcome of the internal investigation, consistent with the Teaching Council’s employment obligations may be made when the investigation is concluded.
Once the internal investigation is concluded and the Teaching Council has determined precisely how the breach occurred, it will take all necessary steps to ensure a similar breach does not occur again. The Teaching Council takes its obligations very seriously-to protect privacy and maintain appropriate confidentiality of all personal information. The Teaching Council is committed to ensuring all necessary safeguards are in place.
The Office of the Privacy Commissioner supports the Teaching Council’s actions to date noting they were pleased to see the Council took the necessary steps to minimise and prevent further harm to individuals concerned.