Accessible News

Top storiesNew ZealandPoliticsBusinessEntertainmentSportsWorld

Mercury 'extremely sorry' for privacy breach of shareholder information

Wednesday, 30 May 2018

Mercury sent a sent a letter of apology to its shareholders for breaching their privacy.
Mercury sent a sent a letter of apology to its shareholders for breaching their privacy.

Power company Mercury has apologised for publicly releasing some personal details of its shareholders.

The majority state-owned company posted the email addresses and common shareholder numbers (CSN) on the Companies Office website in November.

In a letter to shareholders on Tuesday, the company said the information remained on the site until it was brought to its attention in mid-May. The information was looked at 12 times on three separate days.

Mercury chief financial officer William Meek said the company was 'extremely sorry' for the error.

**READ MORE:

Thousands of 'vulnerable' customers' private data shared by Vector app

NZ privacy commissioner has pulled up Facebook for breach of privacy laws**

'We don't believe any negative consequences have been experienced by any shareholders because of this, but it shouldn't have happened.

'While the risk associated with this information being made available is considered very low, and steps have been taken to mitigate that risk, including contacting shareholders, it's important to acknowledge such mistakes and learn from them.'

Company secretary Howard Thomas, said in the letter that Mercury took immediate action when it learned of the breach and it was not aware of any misuse of the information.

The name, address and shareholding of all shareholders is already publicly available through Mercury's share registrar, on request. But this did not include email addresses or a shareholder's CSN.

However, it was additional information to this that was part of the privacy breach.

These changes included putting in place additional monitoring of shareholder activity related to this information, as well as reviewing and changing Mercury's own processes, he said.

The firm has also informed the New Zealand Privacy Commissioner and the Australian Information Commissioner.

A spokesman for the office of the Privacy Commissioner said Mercury took the appropriate action by notifying it and informing shareholders.

'Human error has been the cause of many of the privacy breaches that organisations and business have voluntarily reported to us over the last few years,' the spokesman said.

Shareholders who felt harmed by Mercury's error had the right to make a complaint to the commissioner, he said.