In recent months New Zealand has been plagued by security breaches within various government departments.  Starting with the Accident Compensation Corporation, Work and Income and more recently the Earthquake Commission.  Confidential private information has become available to all sorts of people.

I was reading Michael Sampson's blog post which he wrote on this subject, entitled The Cost of Doing Business with Email - The EQC Privacy Breach and What To Do About It.  In his post. Michael makes it clear that email is not the correct place for sharing information of this nature.  He also provides possible solutions and ways to prevent data leakage.  A Social Enterprise platform would be a much better alternative to email.

With all of these breaches, I am led to wonder if plugging the holes is actually the best outcome for New Zealand citizens.  One of the things which I talk about a lot is the need for organisations to be transparent.  In most of the recent security breaches there has been a lot of embarrassment for senior officials as investigations have shown significant issues within the corporate culture of the organisation. In a number of cases the leakage of personal data has just scratched the surface of a much more endemic problem.

In the case of the EQC breach, information was sent in a spreadsheet to the wrong person.  This spreadsheet contained information about insurance claims from the Christchurch Earthquakes, information which revealed how unfairly people were being treated.  As a result, people have questions and they are demanding answers.  Where they may have been unsure about the fairness of insurance payouts, the facts have now been revealed.

In a social world, people are demanding transparency and honesty from the organisations they find themselves dealing with.  People are revisiting old fashioned values of honesty and integrity.  "Revisiting" might be the wrong word, maybe I should have used the word "demanding".  People are demanding old fashioned values of honesty and integrity.

So my question is, should we be expecting the government to fix a data leakage problem, or should we be expecting them to fix much greater problems within the culture of their departments?