The Inspector-General of Intelligence and Security, Cheryl Gwyn, has released the first part of her findings into how the New Zealand Security Intelligence Service holds and uses information collected for assessing security clearances.
The Inspector-General found strengths but also some significant shortcomings in NZSIS practice that did not meet standard data protection requirements.
The report makes a number of recommendations to improve the way in which the NZSIS stores and uses vetting information.
“I recognise the serious commitment to privacy that is made by the NZSIS staff who undertake this difficult and sensitive work. What is also needed, and what is required in any Government agency that deals with personal information, are systemic safeguards to back up and verify that commitment,” Ms Gwyn said.
“For instance, I found electronic records for the largest category of clearance holders and candidates were accessible at any time to 60 or so staff who carry out security clearances.
“Under standard data protection requirements, staff should have access only to files that they are working on and only while those files are active.”
Ms Gwyn recommended the NZSIS adopt stronger systems to track access to files, record and check the reasons for access, and ensure clarity about how and under what conditions the information collected can be used.
The NZSIS has a statutory mandate to conduct inquiries into whether particular individuals should be granted a New Zealand Government security clearance, which are required for people who access classified information as part of their work. The NZSIS completes assessments for about 5000 people each year.
Security clearance assessments require the NZSIS to review all aspects of a candidate’s professional and personal life and result in the collection of a large volume of highly personal and sensitive information.
“In both sensitivity and scale, the NZSIS’s records are one of the most substantial compilations of personal data about New Zealanders that the Government holds,” Ms Gwyn said.
The outcome of the review will be to ensure that the NZSIS is doing all it should to hold that information securely and to make sure there are clear controls on how it is accessed and used.”
The Director of the NZSIS has accepted the Inspector-General’s findings and recommendations, and the NZSIS has commenced work to implement necessary changes.
The second part of the findings, which will be completed in the coming months, deals with ICT systems.
A copy of the report is available here: www.igis.govt.nz/publications/investigation-reports/(external link)
The Inspector-General is not available for interview or further comment. Matt Torbit, Senior Advisor, Media Communications & External Relations, Ministry of Justice, is assisting the Office of the Inspector-General of Intelligence and Security. Matt.Torbit@justice.govt.nz; +64 4 918 8836.