How not to handle a data leak

New Zealand goes full ‘Assange’ 

All HART articles also on Substack. Please consider a PAID SUBSCRIPTION so we can continue our work. Comments are open so you can join in the conversation.

A New Zealand health ministry employee was arrested for leaking records on vaccination status and death from the government database. He faces up to seven years in prison. The government admits that there has been no privacy breach as the data was anonymised yet by arresting him they have confirmed the veracity of the data and implied they do not want the public seeing it. Subsequently, Kevin McKernan’s Mega account was deleted along with $200,000 of his work including the DNA sequences from the vaccine vials, because they believed he held a copy of the anonymised data. Thankfully it has since been restored.

Imagine there was a man who worked for the government. He has access to all the data from the transport network. Based on viewing this data he starts to be concerned that people are failing to complete their journeys and disappearing in the system. He is not sure who to turn to and convinces himself to leak the data publicly. Before doing so he anonymises it.

What would the response be?

First of all, an explanation would presumably be provided to reassure the public that his conclusions were incorrect. Secondly, some kind of support would likely be offered to the man.

Can you really envisage a scenario where such a man would be arrested?

The New Zealand government response has given this story enormous attention and seems only to have inflamed concerns. The New Zealand health authorities have been granted “an urgent injunction on Friday to prevent the spread of the data.” Are they worried about exponential spread? Do they think they have to flatten the curve? What if we all end up with Long Data?

Please follow and like us:
Visit Us