Why is John Key demeaning himself by leading the chorus of ministers jumping up and down in the House saying accidents will happen?

He comes from an industry where data security is paramount. The statements from ministers and the administrative heads of the departments are disappointingly illiterate about the systems where data has leaked.

In the case of the first leak from ACC the recipient was asked to send the document back. The recipient of EQC data volunteered to "destroy" the document.

These would have been adequate responses had the documents in question been physical papers.


Sending back the first document would have created new copies of it all along the path between A and B. The recipient alone would then have a copy in the inbox and a copy in the outbox. All of the intermediate mail servers along the path would have an additional copy in their backup tapes.

The deletion of the EQC document moved it from the inbox to the deleted items folder, as the recipient has publicly disclosed. Even if the deleted items folder had been emptied, the document may still have been recoverable with simple forensic tools from the recipient's computer, or any of the mailservers along the route.

The quantity and sensitivity of data in both these departments, and in the related Winz affair, require a robust secure database that writes to a log file who read what and when.

Data of this sort should never be managed in spreadsheets on desktop hard drives. Excel spreadsheets are kitchen table accounting.

The problem is worsened by the ease with which simple documents allow one-click mail-to. To which we can add the invisible spreadsheet columns that are revealed with a simple command, and the document deletions that disappear from the screen but remain electronically embedded to be revealed by a plain text reader.

What can be done now we have become so reliant on computers?

First, educate users, from the front office customer data input operators, right on up to the CEO. Passing the exam, and frequent refresher tests, should be compulsory. Email is a commonly (ab)used tool. Two common faults that contributed to the recent problems are failure to trim unwanted quoted material from the bottom of a message, and not hesitating before clicking send, to verify addressee and attachments.

There is a common assumption that everyone now knows how to use a computer, much like everyone can drive a car. Recent events prove that is not true.

Secondly, the Government must budget funds to employ suitably qualified and experienced staff to manage their IT systems. This money should also include the establishment of secure database systems to replace ad hoc spreadsheets, and training in the proper and diligent use of them.

The Winz failure came from inexperienced staff pushed on a low budget using simple file-sharing techniques with inadequate permissions settings.

The public of New Zealand deserve better than these kitchen table accidents with their private information and public accounts.

Peter Kerr recently supported desktop computer systems in a large tertiary education institute.