Police are investigating the theft of computer equipment containing sensitive information relating to Commerce Commission business.
A number of items of computer equipment were taken in a burglary at a residential address involving an external provider to the Commerce Commission, which is New Zealand's competition watchdog.
The commission says it was informed last week that more than 200 meeting and interview transcripts across a range of the commission’s work were contained on computer equipment stolen in the burglary.
The transcripts may date back to early 2016 and contain some confidential information businesses and individuals have provided the commission, it says.
The commission’s own network and systems have not been breached, it says.
The information potentially contained on the stolen computer equipment does not include any documents or general consumer complaints provided to the commission.
Chief executive Adrienne Meikle says the commission has been in close contact with police and is confident every possible action is being taken to locate and recover the stolen equipment.
“We are in the process of contacting those affected to discuss the details of the information potentially compromised," she says.
Some of the information is subject to a confidentiality order issued by the commission, Ms Meikle says.
This makes it a criminal offence for any person in possession of the devices or information from the devices to disclose or communicate it to anyone while the orders are in force.
"We are also exploring other potential legal avenues to help protect the confidentiality of the information," she says.
“We will also no longer be using the external provider. It was subject to contractual and confidentiality obligations to ensure that information was stored securely and deleted after use. The provider has informed us it did not meet these obligations.
“While this breach has resulted from criminal activity and our provider failing to meet the obligations we placed on it, it is our job to keep sensitive information safe and we apologise unreservedly to those affected."
Commission chair Anna Rawlings says two separate independent reviews have been initiated in response to the security incident.
In addition, the commission will be contacting its third-party suppliers to seek assurances that they are meeting its expectations in relation to information handling and have systems and processes in place to protect its information.
The commission has engaged Richard Fowler QC to undertake an independent review of the circumstances that led to this specific incident. The commission has also engaged KPMG to review its information handling processes, including third-party supplier engagements.
Authorities are urging anyone who has information about the burglary or the computer equipment taken to contact police.