Gun buy-back data breach prompts calls for agencies to step up vigilance

Police Minister Stuart Nash and Police Deputy Commissioner Mike Clement. - Photo: RNZ / Dom Thomas

Government agencies and the police have been told to lift their game in protecting personal details after a breach in the gun buy back scheme allowed names and addresses to be viewed.

The website has now been temporarily shut down.

Police Deputy Commissioner Mike Clement blamed third-party German software company SAP for the breach.

SAP apologised for the error and said only 66 gun dealers would have had access to those personal details.

Mr Clement told reporters yesterday one dealer had accessed the personal information and notified police.

Nicole McKee, of the Council of Licensed Firearms Owners, said her organisation has been told other people had been able to view the data.

"Our lawyers had received notification from 15 others that they had been able to access that information and several... said they were able to download all the information that was on that site as well," she said.

Ms McKee said they were in the process of verifying whether all 15 people were gun dealers or simply members of the public.

Gehan Gunasekara from Privacy Foundation New Zealand, which lobbies for privacy rights, was not impressed by the police pointing the finger at the software company.

"There's always a reason isn't there, these things happen," he said.

"[But] everyone's going to be having to lift their game, especially government and the police you would expect them to be setting the standard."

Mr Gunasekara said there had been too many privacy breaches by government agencies.

Just four months ago, sensitive information on hundreds of young people was exposed online by the Ministry for Culture and Heritage.

Mr Gunasekara said the government had to do better.

"What I would like to see is that privacy is not an afterthought," he said.

"The security aspect needs to be done first...it's not just a box-ticking exercise."

Barrister Kathryn Dalziel, who specialises in privacy law, agreed.

"We've also got a bit of culture of 'she'll be alright', and sometimes we see that government money is directed into other areas rather than cyber security," she said.

"We've now seen a couple of data breaches this year, I believe that boards looking after government agencies are going to be saying, actually that's a top priority and we're going to be needing to put something in place."

Ms McKee said their members involved with the gun buy back scheme were very concerned.

"At this stage, the alarm bells that we are hearing is more about security for themselves, their families and their homes rather than those who say 'we're not going to hand in [firearms anymore]," she said.

"We have not even been able to process all of the feedback we've had from our members yet."

National Party leader Simon Bridges said estimates showed only about 10 percent of firearm owners had handed in their guns.

He said because of the data breach that number was unlikely to grow.

"In a situation where some, possibly all, of that 10 percent has had their details out there, that is a huge breach of trust," he said.

"It means that people who hadn't handed back - that vast majority of gun owners who might have military style or semi-automatic weapons - are incredibly unlikely to."

The police said the firearms buy-back programme would now be using a manual process.

German software company SAP said a full internal investigation was under way.

It unreservedly apologised to the police and New Zealand citizens for the error.

Comments