The Commerce Commission has obtained a broad interim injunction to help protect the confidentiality of information contained on stolen computer equipment.
The injunction also prevents publication of details about how the information was lost beyond what is already in the public domain.
The Commission was granted an interim injunction by the High Court to help protect the information on a computer owned by one of its external providers.
The Commission said last week that more than 200 meeting and interview transcripts across a range of the Commission’s work were contained on the stolen computer equipment.
The injunction was made against unknown persons who may at any stage possess information on or taken from the equipment.
The injunction prohibits any person from dealing with the stolen information in any way, including copying, communicating or publishing it.
The High Court has also made orders suppressing information relating to the external service provider, the nature of the services provided by the provider to the Commission, and information about the burglary not disclosed by the Police.
In addition, some of the information on the stolen equipment is subject to a section 100 order issued by the Commerce Commission under the Commerce Act.
This makes it a criminal offence for any person in possession of information on or from the equipment to disclose or communicate it to anyone while the order is in force.
The order covers information about open Commission matters under the Commerce Act and the Credit Contracts and Consumer Finance Act.
That order was unable to cover the Fair Trading Act and closed matters, however, all matters are subject to the injunction.
The Commission encouraged any person who had information about the stolen computer equipment to contact the Police or the Commission.
Last week, Commission chair Anna Rawlings said two separate independent reviews have been initiated in response to the security incident.
In addition, the Commission will be contacting its third-party suppliers to seek assurances that they are meeting its expectations in relation to information handling and have systems and processes in place to protect its information.
“Information security is crucial to our role and it is vital that those who interact with us can be confident in our ability to protect confidential and commercially sensitive information," she said.
"We have engaged Richard Fowler QC to undertake an independent review of the circumstances that led to this specific incident.
“Separately, we have also engaged KPMG to review our information handling processes, including third-party supplier engagements.
"These reviews will report directly to me and the Commission Board. We will make the findings public once we have considered them and any recommendations made.”
ComCom chief executive Adrienne Meikle said last week that it was contacting those affected to discuss the details of the information potentially compromised.
“We will also no longer be using the external provider," she said. "It was subject to contractual and confidentiality obligations to ensure that information was stored securely and deleted after use. The provider has informed us it did not meet these obligations.
“While this breach has resulted from criminal activity and our provider failing to meet the obligations we placed on it, it is our job to keep sensitive information safe and we apologise unreservedly to those affected. We acknowledge the distress this incident may cause businesses and individuals who have provided information to us in confidence.”