The Inspector-General of Intelligence and Security (IGIS), Cheryl Gwyn, has today published a report summarising a review she completed into the NZSIS’s practices in 2016/17 of acquiring personal information from New Zealand banks about customers by seeking voluntary disclosure from the bank.
The IGIS’s role is to ensure that New Zealand’s two dedicated intelligence and security agencies, the NZSIS and the GCSB, act lawfully and properly.
Cheryl Gwyn says, “The frequency of the Service’s use of voluntary disclosure, the fact that it was not authorised by a warrant or other independent process, and the nature of personal information held by banks made this an obvious area for review. From the customer’s perspective banking information is likely to be considered to be reasonably confidential, if not sensitive.”
The review was conducted by assessing policies and practices in place over a 3 month period in 2016/17. The review also included a sample of 13 cases from that period where requests for personal information had been made to banks.
Ms Gwyn found that the NZSIS preferred the voluntary disclosure process to obtaining a warrant.
“The 13 cases examined and the agency’s practices disclosed issues relevant to NZSIS’s compliance with the law. Very intrusive requests were at times made when the Service should have tried to obtain a warrant to require the banks to provide the information.”
”Many of the letters sent to banks should have been clearer that they were requests for ’voluntary’ disclosure. Some of the past collection by the NZSIS would have constituted unreasonable searches contrary to the Bill of Rights.”
The law was changed last year with the enactment of the Intelligence and Security Act 2017 (ISA).
The Inspector-General says that the changes in the Act “resolve some of the issues identified”.
“The ISA contains clearer mechanisms for obtaining information. In addition to warrants there are now ’Business Records Directions’ which provide a compulsory mechanism for obtaining information from banks and telecommunication network operators. The right to seek voluntary disclosure is still recognised but there are some clear requirements in the new Act.
”This framework has the potential to be far more exacting for the NZSIS.”
The Inspector-General considers that there is limited scope for voluntary requests to banks under the ISA.
The New Zealand Bankers’ Association had expressed concerns in 2016 to the Select Committee considering the Intelligence and Security Bill about NZSIS requests for voluntary disclosure, and had sought to be compelled by the type of mechanism now available under the Business Records regime.
Ms Gwyn made three recommendations to the NZSIS which all apply to its practices under the new Act.
She says that as a priority NZSIS needs to develop a coherent framework for how the three mechanisms under the ISA for obtaining personal information from third party agencies interrelate. In particular that framework must reflect that requests for voluntary disclosure of personal information are likely to be searches and will engage the NZ Bill of Rights.
The report is available at www.igis.govt.nz/publications/IGIS Reports
Media contact: Antony Byers 027 5438 735