Do the right thing with personal information
✎ Edit Post
Posted June 09, 2021
Media Release: Privacy Commission
Privacy Commissioner John Edwards is advising people to do the right thing if they are sent or find personal information which might have come from the Waikato DHB ransomware breach.
Mr Edwards warned that the hackers responsible for taking patient and staff information from the DHB are likely to publish and circulate the information further.
Sometimes a person or agency may receive information by mistake, or may find information that wasn’t intended for them.
If you or your agency has received information in error, the Privacy Commission suggests you contact the agency or person who sent the information and let them know about the mistake. You should consider either returning the information to the agency which sent it, or making sure it is securely destroyed.
If you don’t know where it came from, you can contact the Privacy Commission on 0800 803 909, or email firstname.lastname@example.org
People sometimes have information sent to them that’s not theirs, or they may find other people’s information in places like cafes or on public transport.
One example might be finding a memory stick on the street that contains documents or images. Or perhaps you requested personal information about yourself from an organisation or business and were sent someone else’s file in error.
If this happens to you, you should treat the information like the valuable lost property it is. You have legal obligations once you are in possession of information that identifies other people, or that is clearly confidential.
There are a few things to bear in mind:
Remember to keep the information safe and don’t copy it. Once you have it, you’re responsible for its security.
If possible, send it back to the organisation it came from. Then the organisation knows it has made a mistake and can decide whether and how to let the person know. It can also figure out what went wrong so it can improve its systems.
If you don’t know where it came from, or you think it is better to send it to the Privacy Commission, contact them using their online enquiry form, or call 0800 803 909.
Sometimes people want to head straight to the media and share the news of what’s happened. That decision is up to you, but you still have a legal responsibility for the information you hold. Handle the information with respect and send it back to the organisation. There is nothing to stop you telling your story to a journalist. But don’t put other people at risk when you are doing that.