I generally report breaches over on the companion blog, DataBreaches.net, but this news story about a privacy breach involving an “insider” took so long to come to light and to be handled that I want to mention it here. Jared Savage reports from New Zealand:
A North Shore officer leaked secret information from the police computer network to his wife in a bid to win a custody battle with her ex-husband.
An internal investigation has found Senior Constable Terry Beatson used the police National Intelligence Application (NIA) to open the man’s file 17 times over four years.
Doing unauthorised checks over the network is considered serious misconduct under the police code of conduct and can be grounds for dismissal.
Mr Beatson has kept his job despite giving confidential information to his wife, who was in a custody battle with her ex-partner over their young son.
The former husband discovered the leak when he found private details were contained in an affidavit his ex-wife filed with the Family Court.
The man, who asked not to be named to protect his son, laid a complaint with the Waitemata police in August 2007. However, the matter was not investigated until January last year after he complained to the Privacy Commissioner and the Independent Police Conduct Authority.
Police have now confirmed Mr Beatson made unauthorised checks, but would not reveal what disciplinary action had been taken.
The Waitemata district commander, Superintendent Bill Searle, confirmed police had conducted an investigation into inappropriate access of the NIA by a staff member.
“In this investigation a thorough and robust process was undertaken, including examination by external parties of the circumstances and facts.
“Strong disciplinary action has been taken – short of dismissal.”
Read more in the New Zealand Herald.
That the victim had to take the matter to the Privacy Commissioner and Independent Police Conduct Authority should make citizens distrustful of that police department as it smacks of a total coverup.
That the department did not catch the access in excess of authorization that occurred over a 4-year period should make citizens distrustful of the competence of the police department to audit itself. So who/what is auditing the police department’s access to NIA every month? Hopefully it is someone outside of the department.
If the victim first filed a complaint in 2007, the egregious conduct had occurred well before then, and yet it took until January 2010 to open an investigation? Unacceptable. Totally unacceptable.