8 Feb 2024 Data Privacy Incident (Meta Support) - email details
H Patel made this Official Information request to Inland Revenue Department
Currently waiting for a response from Inland Revenue Department, they must respond promptly and normally no later than (details and exceptions).
From: H Patel
Dear Inland Revenue Department,
In the 'Review and analysis of Social Media for Custom Audiences' document (https://www.ird.govt.nz/-/media/project/...) you have noted that a cleartext CSV was sent to Meta Support via email.
Could you please advise:
- What, if any, end-to-end encryption method was used (e.g. S/MIME, PGP) when transmitting the file?
- What is IRD's policy on appropriate methods to secure personal information when transmitting to third parties (both via email and other means)?
- Can IRD be sure that there have been no other occasions of personal information being shared with third parties, in a non-approved manner, other than the incidents described in the review document or otherwise previously disclosed? Why/why not?
Yours faithfully,
H Patel
From: oia
Inland Revenue Department
[IN CONFIDENCE RELEASE EXTERNAL]
[IN CONFIDENCE RELEASE EXTERNAL]
Kia ora
Thank you for your request under the Official Information Act.
We will respond within the 20-day statutory timeframe. You can expect to
receive a response no later than 04 December 2024.
Your reference number is 25OIA1568.
Kind regards
Governance and Ministerial Services | Inland Revenue - Te Tari Taake
From: H Patel <[FOI #29088 email]>
Sent: Wednesday, 6 November 2024 5:11 pm
To: oia <[IRD request email]>
Subject: 25OIA1568 Request Patel
External Email CAUTION: Please take CARE when opening any links or
attachments.
Dear Inland Revenue Department,
In the 'Review and analysis of Social Media for Custom Audiences' document
([1]https://aus01.safelinks.protection.outlo...)
you have noted that a cleartext CSV was sent to Meta Support via email.
Could you please advise:
- What, if any, end-to-end encryption method was used (e.g. S/MIME, PGP)
when transmitting the file?
- What is IRD's policy on appropriate methods to secure personal
information when transmitting to third parties (both via email and other
means)?
- Can IRD be sure that there have been no other occasions of personal
information being shared with third parties, in a non-approved manner,
other than the incidents described in the review document or otherwise
previously disclosed? Why/why not?
Yours faithfully,
H Patel
-------------------------------------------------------------------
This is an Official Information request made via the FYI website.
Please use this email address for all replies to this request:
[2][FOI #29088 email]
Is [3][IRD request email] the wrong address for Official Information requests
to Inland Revenue Department? If so, please contact us using this form:
[4]https://aus01.safelinks.protection.outlo...
Disclaimer: This message and any reply that you make will be published on
the internet. Our privacy and copyright policies:
[5]https://aus01.safelinks.protection.outlo...
If you find this service useful as an Official Information officer, please
ask your web manager to link to us from your organisation's OIA or LGOIMA
page.
show quoted sections
Things to do with this request
- Add an annotation (to help the requester or others)
- Download a zip file of all correspondence
Offensive? Unsuitable?
Requests for personal information and vexatious requests are not considered valid requests for Official Information (read more).
If you believe this request is not suitable, you can report it for attention by the site administrators
Report this request