Man accused of stealing Covid vaccine data granted bail

Barry Young. Photo: RNZ
Barry Young was arrested on Sunday and appeared in the Wellington District Court this morning. Photo: RNZ
A man employed by Te Whatu Ora who is accused of dishonestly taking vaccination data that later spread rapidly on the internet has been granted bail.

Barry Young, 56, appeared in the Wellington District Court twice today, receiving a standing ovation from a full public gallery at his first procedural appearance this morning.

He returned to the dock this afternoon so a bail application could be heard. His application for an immediate release on bail was denied.

But Judge Andrew Nicholls did grant bail, so long as Young is released at 1pm tomorrow.

The reason for the delayed release cannot be reported due to statutory non-publication orders in the Bail Act. The conditions of Young’s bail were not read to the court.

The data allegedly taken by Young rapidly garnered both local and international attention over the weekend, after initially being shared by conspiracy theorist and former political candidate Liz Gunn.

After a police complaint from Te Whatu Ora, Young was arrested yesterday and charged with dishonestly accessing a computer.

No pleas were entered by his lawyer, and the case is to be recalled this afternoon so bail can be considered. He has applied for bail, but it was opposed by police.

As Young was taken back to the cells after his first appearance, he shouted "freedom" to the public gallery. Known anti-vaccination activist Billy Te Kahika was in court supporting Young, while Counterspin Media’s Kelvyn Alp remained outside.

Te Whatu Ora was granted an urgent injunction on Friday to prevent the spread of the data, chief executive Margie Apa said.

"The data, as published on an overseas site, appears to have been anonymised. Analysis of the released data is ongoing, but work so far has not found any National Health Index Numbers or personally identifiable information."

Apa said an injunction had been used to have information taken down from an overseas website and cyber security specialists are continuing to scan extensively for any other places where the information may appear.

"We sought and were granted an injunction through the Employment Relations Authority that prevents any publication of the data to ensure that we can take all steps to protect the privacy of individuals."

"The individual has worked in the health system for a number of years. He was authorised to access data as part of his work and was locked out of our systems as soon as we became aware of the unauthorised use," Apa said.

He had been employed since the inception of Te Whatu Ora last year.

"We take the security of our data very seriously and are extremely disappointed at this gross breach of trust by this individual and his alleged involvement in spreading harmful misinformation.

"We can assure the public that we are doing everything we can to respond to this incident and to safeguard their information."

The data has since garnered international attention online, and was the subject of a question in the UK’s House of Commons over the weekend from an MP critical of the vaccine.

Speaking to media this morning, Labour leader Chris Hipkins said the breach was concerning.

"I am pretty concerned about the momentum building behind some of these conspiracy theories. They’re not grounded in fact."

Asked if there needed to be stronger vetting of employees in roles dealing with sensitive information, Hipkins said vetting should be paired with security systems.

"I think if they’re going to be handling people’s private and personal information including their health data, there needs to be a pretty rigorous system in place, which includes vetting people and systems that stop people from extracting large amounts of data."

Ethan Griffiths, Public Interest Journalism Fund.