A Work and Income New Zealand employee who helped to place friends and family members - including her ex-husband, sister and stepdaughter - into employment was justifiably sacked, the Employment Relations Authority has found.
In its decision, released today, the authority (ERA) found that Manukau work broker Dellwyn Rhind accessed the files of friends or family members 22 times between 2005 and 2011.
Of particular concern to Ministry of Social Development investigators was Ms Rhind's admission that she had processed a special needs grant for her niece, which "undermined MSD's ability to ensure the administration of funds to Winz clients was done fairly and impartially", the decision said.
The authority was told that Ms Rhind had also applied for a skills investment subsidy for family and friends, and that she had looked up her stepdaughter's records to see whether she was entitled to a subsidy.
"A subsidy payment may be an incentive for an employer to take on a particular client and it could potentially be seen to influence referrals, or be seen as an attempt to give Rhind's friends and family a head start at the expense of clients who had no relationship to Rhind," it said.
In her defence, Rhind said it was "common practice" for work brokers to find jobs for their friends and family, and that management knew about and condoned it.
She also said she had been under the impression that accessing friends' and family's client records was permitted for "business purposes".
The authority dismissed both these assertions and ruled that Ms Rhind was justifiably dismissed .
"It is clear MSD takes confidentiality, the protection of personal information of its clients and the protection of the integrity of its benefit system very seriously. That message is clearly and regularly communicated to employees throughout their employment."
Employment and privacy law specialist Kathryn Dalziel said she would not be surprised to learn that this practice, known as "employee browsing", was common in government departments.
"It is a clear and identifiable risk that government agencies should be aware about," she said.
"We know that the temptation is great and that from time to time people will be caught."
Government agencies were advised to do regular audits and to monitor electronic footprints to ensure it wasn't happening.
"The question this case raises for me is what were the audit processes around it and what was the electronic footprinting? Why wasn't this picked up earlier? I think that's a legitimate question."
Staff caught accessing such information could be prosecuted for misuse of government information, Ms Dalziel said.
In a recent article in an Institute of IT Professionals newsletter, Privacy Commissioner Marie Shroff said it was not only government departments that needed to be aware of employees going through the "increasingly large reservoirs of personal information at their finger-tips". Businesses needed to think about it too.
"Such browsing is wrong, on so many levels - including that it's a serious breach of clients' trust. And it does real damage to the organisation's reputation when it comes to light," she said.
It was revealed in July that 10 Winz staff members had been sacked after two inquiries into breaches of privacy for beneficiaries.
Seven staff were dismissed from the Manukau office for "appalling" breaches of the code of conduct which included improper use of private files belonging to family and friends, as well as inappropriate email use. An allegation that a staff member sold personal details of a client to a debt collection agency was not proven.