Menu
ComCom says it has lifted its game following embarrassing security breach

ComCom says it has lifted its game following embarrassing security breach

Independent review recommended taking back control from contractors

Adrienne Meikle (Commerce Commission CEO)

Adrienne Meikle (Commerce Commission CEO)

Credit: Supplied

New Zealand's competition watchdog the Commerce Commission is cracking down on third party contractors following an embarrassing security breach in October 2019.

The commission called in the police after it lost highly sensitive documents after a third party service provider was burgled and PCs were stolen.

More than 200 meeting and interview transcripts across a range of the commission’s sensitive work were contained on computer equipment stolen in the burglary.

"As an initial immediate step after the incident, the commission implemented an interim security assurance process for all third-party contractors," the commission told Parliament this month.

"We sought assurance from all contractors so that we could be confident our security expectations were being met. 

We also put additional interim security obligations in all contracts, which was over and above what was present in the more generic contract templates being used."

One of two reviews into the incident, by Richard Fowler QC, pointed out that: "Lawyers think that just because it is in a contract it will happen and we are surprised and dismayed when it does not."

The risk of exactly that happening could only be properly minimised by the commission taking back more control, Fowler said concluding his report.

Some of the commission's responses do just that.

"We have taken additional steps relating to some areas of our work by requiring contractors to work on-site at the commission or with commission owned devices rather than using the vendors’ technology," the commission said.

In addition, the commission now has two staff focused on security, including information security with contractors and new information governance procedures.

KPMG also reviewed the incident.

A reconciliation of the KPMG review (which contains wider recommendations) with our ongoing
security programme demonstrates that we are in a 'good space' in terms of overall progress," the commission said.

"The recommendations from the review have been addressed via policy, process improvements, and control technology deployment. 

"We have established governance oversight for security, developed and enhanced management and staff practices and employed subject matter specialists to assist with the programme."

The commission said it was reviewing policies and procedures regarding security and privacy standards for contractors; taking a further more-detailed look at contractual settings; and developing a specifically tailored assurance process to ensure all vendors and contractors were contractually obliged to meet commission information, security and privacy standards.

"The commission is confident that the security improvements that have been implemented will reduce the likelihood and consequences of incidents and breaches," it reported. 

"However, no security measures can completely remove all risk."


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags information securitycontractorsCommerce Commissionsecurity

Events

Featured

Slideshows

Channel kicks 2021 into gear as After Hours returns to Auckland

Channel kicks 2021 into gear as After Hours returns to Auckland

After Hours made a welcome return to the channel social calendar with a bumper crowd of partners, distributors and vendors descending on The Pantry at Park Hyatt in Auckland to kick-start 2021.

Channel kicks 2021 into gear as After Hours returns to Auckland
The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

Hundreds of leaders from the New Zealand IT industry gathered at the Hilton in Auckland on 17 November to celebrate the finest female talent in the Kiwi channel and recognise the winners of the Reseller News Women in ICT Awards (WIICTA) 2020.

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards
Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

The leading female front runners of the New Zealand ICT industry joined together for the annual Reseller News Women in ICT Awards event at the Hilton in Auckland, during which hundreds of guests celebrated 13 outstanding individuals who won awards, chosen from more than 50 finalists representing over 30 organisations.

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards
Show Comments