Late last month, Wellington City Council's parking services contractor, Tenix Solutions, inadvertently released bulk personal information to an individual who made a routine information request earlier this year.
The requestor has assisted the Council to recover and secure the information, with Tenix instructed to ensure no recurrence of any such releases.
The requestor sought publicly-available information from Tenix about Council parking enforcement data over a two-year period. Tenix populated spreadsheets with that data from about 120,000 tickets issued to some lesser number of vehicle owners – both individuals and businesses.
Without notifying the Council, Tenix sent the spreadsheets to the requestor on three separate disks between August and November this year.
While the information released was not of a sensitive nature and might otherwise have been obtained elsewhere, the spreadsheets included personal information about vehicle owners – specifically, the names and addresses of vehicle owners, and their vehicle registration numbers, issued with parking tickets during the past two financial years, mostly between April and June 2012 and April and June 2013.
Unable to obtain the information asked for, the requestor contacted the Council and also made it aware of the privacy breach on 19 November.
Since then, Wellington Council says he has fully cooperated with Council officers investigating the breach, returned the three disks on which the information was sent, and satisfied the Council that the personal information has not been copied or used.
But despite this, the Council claims it is still working with the requestor to provide the information sought, excluding any personal information.
Council CEO Kevin Lavery has sought assurances from Tenix that appropriate systems and checks are in place to prevent this from occurring in future, instructing a full review to be undertaken by Tenix to provide those assurances.
"I would like to unreservedly apologise to those individuals whose personal information has been disclosed and, again, thank the requestor for returning the information," Lavery says.
"I have been clear with our contractor that its performance in this event was woeful.
"We should all have every confidence that our personal information is secure and that there are processes and systems in place to ensure this does not happen again."