Monday, April 8, 2013

Ministry apologises over Novopay privacy breach

Talent2, providers of Novopay have admitted the latest in a string of privacy breaches

Human error is again being blamed for New Zealand schools receiving the wrong Novopay details.
Acting Secretary for Education Peter Hughes says Talent2, the providers of the beleaguered Novopay system, sent a number of schools the wrong emails about yet-to-be-processed actions regarding their payrolls.
Mr Hughes says a Talent2 staff member made the mistake when doing a mail merge and about 1600 schools are involved. The emails are being used to proactively advise schools of payroll changes that are being worked on.
The case was "human error" and Talent2 has since apologised to the Ministry of Education, he says. 
Mr Hughes says pay administrators at the affected schools have received the names and Ministry of Education numbers for staff at another school, instead of their own, along with the transaction number for the outstanding issue.
"I treat this very seriously and sincerely apologise to those schools and staff,” he says. 
Of the 5600 transactions covered in the email, 3400 identified an individual and about 40 of those had other limited personal information, such as the dollar amount of an advance or underpayment, information about a relationship with another agency or circumstances such as parental leave, Mr Hughes says.
“Privacy requirements are set out in our contract with Talent2, and in this case they have clearly failed to meet the terms of the contract and I have taken that up with their CEO," Mr Hughes says.
He has asked the company's chief executive for a full review and report to make sure everything is done to help prevent another mistake. 
Mr Hughes says the pay administrators who received the incorrect emails are authorised users of the Novopay payroll system and have been asked to delete the incorrect email.
“They’re a respected and professional group of people who deal with personal information daily and I expect they will do the right thing.”
The office of the Privacy Commissioner has been advised of the breach.
This breach is the latest in a string of others including at Immigration NZ, Work and Income, ACC and Inland Revenue
last month the human error was blamed for an Earthquake Commission employee sending out details of 83,000 Canterbury earthquake claims to Bryan Staples.
3 News Tue, 09 Apr 2013 4:33p.m.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)