GCIO Review of Publicly Accessible Computer Systems
- SEC Cabinet Paper (SEC-15-SUB-0005) 130 KB PDF
- SEC Cabinet Minute (SEC-15-MIN-0005) 122 KB PDF
- Cabinet paper on Initial Improvements to Information Privacy and Security in government agencies 628 KB PDF
- Cabinet minute on Initial Improvements to Information Privacy and Security in government agencies 49 KB PDF
- Cover letter, GCIO Review report 298 KB PDF
- ‘GCIO Review of Publicly Accessible Systems – Summary of Findings, December 2012’ 377 KB PDF
- Cabinet Paper EGI 31 May 2013 200 KB PDF
- Cabinet Paper SEC 25 Feb 2013 379 KB PDF
- Cabinet Paper SEC 8 Feb 2013 397 KB PDF
- EGI Cabinet Minute (13) 11/5 33 KB PDF
- SEC Cabinet Minute (13) 2-6 60 KB PDF
- SEC Cabinet Minute (13) 1-3 34 KB PDF
- GCIO Review Timeline 18 KB PDF
Final report published – October 2015
The final report to Cabinet on a two-year Information Privacy and Security programme, led by the Government Chief Information Officer, has been published. This report is available under Related Resources to the right of screen. This programme is now complete and has resulted in significant improvements in privacy and information security practice across the state services.
Information Privacy and Security
Review of Publicly Accessible Computer Systems – June 2013
A report following a review of Publicly Accessible Computer systems in the State Services was released on 5 June 2013. http://www.ssc.govt.nz/gcio-review-media
State Services Commissioner Iain Rennie requested the review in October 2012 after a security breach at Ministry of Social Development Work and Income kiosks. It was carried out by the Government Chief Information Officer (GCIO) Colin MacDonald, who is Chief Executive of the Department of Internal Affairs.
The review covered 215 publicly accessible information systems across 70 government agencies. These systems included kiosks, sign-in systems at reception desks, and internet access to services requiring information to be entered online. Most government networks and systems are not publicly accessible.
The review found that security processes within many agencies were under-developed and relied too much on the skills and capabilities of staff and suppliers.
Privacy and information security standards are being tightened and a plan of action is underway in response.
The following actions have been taken or are underway:
- Agencies were instructed by the GCIO before Christmas to take immediate actions to strengthen privacy and security processes.
- Immediate requirements included making an executive-level manager in each agency responsible for robust practices and processes.
- Agencies had to produce evidence by April 2013 of a detailed risk assessment of their publicly accessible systems.
- Agencies had to decide by April 2013 whether to increase their ability to address privacy and security challenges, or find alternative arrangements such as using capability in other agencies.
- Agencies are required to provide security assessments to the GCIO by the end of July 2013 and again by the end of March 2014 along with reports about the steps they have taken to address privacy and security issues.
Update on Initial Improvements – December 2013
The Cabinet paper on Initial Improvements to Information Privacy and Security in government agencies has been released. This summarises information received from agencies in scope of the GCIO Review of Publicly Accessible Information Systems, from their four-month report-back to the Government Chief Information Officer at the end of July. The key results of this report back were released by the Ministers of State Services and Internal Affairs on 19 November when they announced changes to the Department of Internal Affairs functions to create a Government Chief Privacy Officer - www.beehive.govt.nz/release/new-government-chief-privacy-officer.