Independent reviewers have been called in after Wellington City Council inadvertently released personal details of people involved in road crashes and overstated the benefits of reducing speed limits across the capital by more than $250 million.
The “serious harm data breach” involved details of 1876 crashes involving 4224 people.
Information like the names of drivers, their accounts of the crashes, and car registration numbers were released as well as medical details like hospitalisations, blood alcohol levels, and whether they were under the influence of drugs.
Chief strategy and governance officer Stephen McArthur said a public notice has been published on the council’s website to notify those affected.
“We are sincerely sorry to anybody affected, and to the wider Wellington public: we will learn from this incident and endeavour to be a better kaitiaki (guardian) of personal information in the future,” the notice said.
A “harm matrix” has determined eight people reach the threshold to be personally notified, he said.
An independent review is under way by specialist privacy consultancy INFO By Design. Documents are being reviewed and interviews are being scheduled his week.
The spreadsheet was made public without redactions following an official information request for analysis on the council’s plan to reduce speed limits on most Wellington streets to 30km/h.
Wellington City Council officials used the same spreadsheet when they miscalculated the cost-benefit analysis of the speed reduction plan. The benefit of reducing crashes was overstated by more than $250 million.
A separate review is under way into this and will be overseen by independent external consultant Carolyn van Leuven.
“Carolyn is a former commercial law firm partner, former CEO of various public service agencies, and experienced Treasury gateway reviewer with a respected track record,” McArthur said.
Wellington Mayor Tory Whanau has previously said she was extremely disappointed at the news of the data breach.
“I can’t express how frustrated I am at the data breach, coming as it does on top of the human error made in calculations regarding the 30km/h speed limit. It’s just not good enough.”
Recommendations from both reviews will be reported back to the council’s Audit and Risk Committee in September.
Last night, the Herald revealed Wellington City Council had committed another privacy breach by publishing the names, IP addresses, and accessibility needs of some people who made submissions on a plan to remove private cars from the Golden Mile.
An investigation has found the personal information was publicly available on the Wellington City Council website for nine days before council officials were made aware of it.
There is no evidence that personal information has been misused at this stage.
Georgina Campbell is a Wellington-based reporter who has a particular interest in local government, transport, and seismic issues. She joined the Herald in 2019 after working as a broadcast journalist.