A "technical issue" with police's incident management tool may have led to sensitive information that was supposed to be redacted during disclosure being made visible.
By Sam Sherwood of RNZ
An investigation is under way into the extent of the issue and the Office of the Privacy Commissioner has been notified.
RNZ understands police have recently contacted lawyers of defendants advising them of the issue.
An email, seen by RNZ, says that a technical issue with police's Incident Management Tool (IMT) had been discovered that resulted in a proportion of redacted documents produced from the investigation software since 4 December that had redactions that were not applied correctly by the system.
This meant that information that was supposed to be redacted could become visible.
The lawyers were advised to retrieve the disclosure packages from their clients or request deletion of the email.
They were also told to advise them that they must comply with the Lawyers and Conveyances Act which included not disclosing information that would be likely to place a person's health or safety at risk.
In response to questions from RNZ Acting Assistant Commissioner Investigations, Serious and Organised Crime Keith Borrell said that on December 15 the disclosure functionality of Police's IMT was placed on hold after a "technical issue" was identified.
"Information that had been redacted could potentially be made visible to justice sector partners.
"Police's ICT department tested and applied a fix, enabling functionality to resume yesterday.
"Emails are being sent directly to officers and file managers in charge of cases affected by the issue, with clear instructions on action that needs to be taken."
Police had notified the Office of the Privacy Commissioner and continued to investigate the extent of the issue, Borrell said.
Chief Victims Advisor Ruth Money said she had contacted police asking for information on what had happened and what actions police were taking regarding both at risk victims and victims and witnesses in general who have been affected.
A spokesperson for the Office of the Privacy Commissioner confirmed the police notified them of a privacy breach on December 16.
"The Privacy Act sets out that agencies are required to notify the Office of the Privacy Commissioner as soon as they are aware of breaches that they have assessed as 'serious harm.'
"As with any breach, Police will need to investigate so they can fully understand the size and scope of the breach and its impact on New Zealanders. It's possible that further investigation of a breach could result in an initial assessment of serious harm being downgraded."
The commissioner's initial focus was to "support agencies who have experienced a breach with advice on how to minimise the harm to any people affected".
SHARE ME