Privacy and Protective Security Reports to the Minister of State Services
The Government Chief Digitial Officer (GCDO), the Government Chief Privacy Officer (GCPO) and the New Zealand Intelligence Community report to the Minister of State Services annually on State sector capability and maturity in privacy and protective security. The reports, provided to the Minister on 30 June 2016 and 30 June 2017, are available under Related Resources to the right of the screen.
GCDO Review of Publicly Accessible Computer Systems
Review of Publicly Accessible Computer Systems – June 2013
A report following a review of Publicly Accessible Computer systems in the State Services was released on 5 June 2013. http://www.ssc.govt.nz/gcio-review-media
State Services Commissioner Iain Rennie requested the review in October 2012 after a security breach at Ministry of Social Development Work and Income kiosks. It was carried out by the GCDO Colin MacDonald, who is Chief Executive of the Department of Internal Affairs.
The review covered 215 publicly accessible information systems across 70 government agencies. These systems included kiosks, sign-in systems at reception desks, and internet access to services requiring information to be entered online. Most government networks and systems are not publicly accessible.
The review found that security processes within many agencies were under-developed and relied too much on the skills and capabilities of staff and suppliers.
Privacy and information security standards are being tightened and a plan of action is underway in response.
The following actions have been taken or are underway:
- Agencies were instructed by the GCDO before Christmas to take immediate actions to strengthen privacy and security processes.
- Immediate requirements included making an executive-level manager in each agency responsible for robust practices and processes.
- Agencies had to produce evidence by April 2013 of a detailed risk assessment of their publicly accessible systems.
- Agencies had to decide by April 2013 whether to increase their ability to address privacy and security challenges, or find alternative arrangements such as using capability in other agencies.
- Agencies are required to provide security assessments to the GCDO by the end of July 2013 and again by the end of March 2014 along with reports about the steps they have taken to address privacy and security issues.
Update on Initial Improvements – December 2013
The Cabinet paper on Initial Improvements to Information Privacy and Security in government agencies has been released. This summarises information received from agencies in scope of the GCDO Review of Publicly Accessible Information Systems, from their four-month report-back to the GCPO at the end of July. The key results of this report back were released by the Ministers of State Services and Internal Affairs on 19 November when they announced changes to the Department of Internal Affairs functions to create a GCPO - www.beehive.govt.nz/release/new-government-chief-privacy-officer.
Final report published – October 2015
The final report to Cabinet on a two-year Information Privacy and Security programme, led by the GCPO, has been published. This report is available under Related Resources to the right of screen. This programme is now complete and has resulted in significant improvements in privacy and information security practice across the state services.