Good grief.
This is crazy but it does seem like this is a result of an underfunded agency. Doubly so when the staff are “too busy to think about privacy”.
I hope this is not used as justification to cut funding or disestablish the agency when the opposite is needed. Most of these issues have technology solutions that could be implemented with some investment.
One of their examples was probably the whisper network (warning someone about historic allegations about someone else who probably had contact with them) but some of the others have me scratching my head.
I think what happens sometimes is that over time with underfunding and undertraining you end up with an organizational culture that becomes weirdly blind to privacy issues, like how our birds evolved to not have wings.
I definitely think you’re right that if your organisation doesn’t make privacy an important thing then you get blind to it. I’ve worked at a lot of places over the years and have seen vastly different attitudes to this.
I guess the other component is consequences, i.e whose privacy is being breached and what recourse they have. So from that point of view I’d expect organizations like Oranga Tamariki and WINZ to have developed a worse privacy culture than organizations like IRD and MBIE.
Interestingly many of the old WINZ systems are quite strict on this. I believe they are replacing their 90s system with a new one in a project happening now so it will be interesting to see if they make big improvements.
Interesting because they have a terrible privacy culture and leak like crazy - I say this not just because of their known incidents but also from personal experience.
I wonder if it’s because their systems are so strict they tend to just work outside them? (a bit like the paradox where if a penalty for a crime is too draconian you end up with more of the crime due to reluctance to report).
Hopefully if they get a new system it will be one all their staff can use properly.
The systems I’ve seen are very strict on recording every access, however, didn’t enforce who could access. I guess without a culture of accountability, all that does is let you find all the privacy breaches once someone complains. You actually need the culture of audit and follow through to back it up. I may have implied it prevented privacy breaches, but it’s probably fairer to say they have all the tools they need to take it seriously but that doesn’t mean they do.
Ah, that makes sense and it tracks. If you ever want to work somewhere with little accountability, that would probably be a good place!
Speaking of govt systems do you know anything about RealMe? It sort of looks like they are phasing it out?
Definitely underfunded, overworked, and probably mentally clocked out.
Even if the agency was well funded and well managed, I can’t imagine working there is good for your mental health.
Oh, definitely not.
Underfunding plus corruption in procurement plus poor training results in this kind of thing.
Unfortunately the current government has promised to cut funding even more, be even more corrupt and spend even less on training.
I know it’s underfunding but that first one is just movie villain levels of weird. “Sure, here’s the address of the person you might have assaulted.” Wth?
