company behind flawed payroll system Novopay could be slapped
with a financial penalty, after human error resulted in a
privacy breach yesterday.
The Ministry of Education issued an apology after it was
revealed a staff member from Talent2 incorrectly sent emails
to payroll administrators at 1600 schools.
Of the 5600 transactions covered in the emails, 3400
identified an individual, with 40 of those containing
personal information such as the amount of an advance or
underpayment, or noting a relationship with other agencies.
Acting Secretary for Education Peter Hughes said the latest
incident was a ''significant privacy issue; but I would not
put it at the top end''.
Although any repercussion for the person responsible was a
matter for the company, ''I have spoken to the New Zealand
CEO for a detailed report on measures they intend to put in
place to avoid a recurrence of this.''
He expected that report on his desk by the end of the week.
Asked if the staff member's mistake may have been
stress-related, he conceded ''we are all busy, but standards
are standards ... and particularly when it comes to privacy
and we need to meet those standards''.
While he was yet to receive legal advice concerning the
privacy breach, the contract with Talent2 stipulated the
company had to meet the requirement of New Zealand privacy
law, and ''to have measures in place to avoid this sort of
''They have failed to meet those requirements and there are a
range of things we can do under the contract including
financial penalties,'' Mr Hughes said.
The emails had gone to professional payroll administrators
and he was confident all emails would be deleted as
''I treat this very seriously and sincerely apologise to
those schools and staff.''
Otago Primary Principals' Association president Whetu
Cormick, whose Bathgate Park School was sent the incorrect
email, said the latest incident was disappointing.
Although he applauded Novopay and the ministry for trying to
communicate unresolved payment issues, ''I think this
reflects the poor system that Novopay is, and the sooner
Novopay is dumped, the better''.
''I think the apology is unacceptable and I don't accept
The Officer of the Privacy Commissioner has been advised.