The government's freezing of EQC's email system is unprecedented for an entire organisation, an IT expert says.

Gerry Brownlee has put the Earthquake Commission's computer system in lock down after a second security breach was uncovered this week.

Chief executive of the Institute of IT Professionals, Paul Matthews, can't think of another case where this has happened.

He says the government's decision may appear to be a massive overreaction, but there is logic behind the move.


"Now if they have no confidence in the systems and processes that are in place at EQC, to the extent that they couldn't prevent another breach like this occurring tomorrow, then in some respects they've got an obligation to do what they've done."

Mr Matthews says the security breaches show that confidential information should not be sent by staff via email.

He says the repeated privacy breaches are 'a symptom of fundamental flaws in email systems'.

Email in general is a very insecure system, says Mr Matthews, and it is easy for things to be sent to the wrong place.

He says in this case, where the leaked information was contained in spreadsheets, EQC could restrict people sending emails with attachments over a certain size.

"Other solutions will be how do we train our staff to get the culture of security in place? Which is really what this is about. So that the staff know that we simply don't email confidential information around."