Police are investigating an alleged breach of the National DNA Profile Databank, managed by Crown Research Institute ESR.
ESR says it has been made aware of an allegation of inappropriate disclosure by a staff member of information from New Zealand's DNA database.
"ESR is treating this matter very seriously. The Police were informed of the allegation and initiated a criminal investigation. A staff member has been suspended pending the outcome of the police and internal investigations," it says in a statement released after Computerworld initiated inquiries into rumours of the breach.
ESR says it is undertaking a number of steps to continue to ensure every measure is in place to protect the integrity of the databank information and how it is accessed.
"This includes an independent audit and review of all systems, policies and procedures related to the DNA databank," it says.
"Having said that, ESR is confident that there has not been any impact on the integrity or outcome of past or current criminal cases or on the ongoing operation of the DNA databank."
The DNA Profile Databank is on a separate dedicated secure system, ESR says.
"The system is physically isolated and contains a number of security features. External parties, including Police, cannot access any information on it. Access by ESR staff is limited, both physically and by system security features, to those staff working within the forensic DNA facility," the Crown Research Institute says.
ESR says this is the first time since the National DNA Databank began operating in 1996 that any allegation of inappropriate disclosure has been made.
The operation of the National DNA Databank is governed by legislation. It is composed of two separate databases; the DNA Profile Databank and the Crime Sample Database.
New Zealand Police submit voluntary and compelled samples to ESR for the purpose of obtaining profiles for the databank. Once a profile is obtained the actual sample is destroyed as set out in the legislation governing the databank.
An individual profile held on the databank is a string of numbers which is used only for matching individual profiles to other individuals or to crimes sample profiles. Genetic information is not available from profiles with the exception of gender.