Procedures will be changed at the Security Intelligence Service to ensure the highly personal and sensitive information of thousands of New Zealanders can be used for no other purpose than security clearances.
In a report on SIS vetting, the Inspector-General of Intelligence and Security, Cheryl Gwyn, said she had identified practices under which vetting file information was accessed for various purposes.
Inspector-General of Security and Intelligence Cheryl Gwyn, left, and SIS Director of Security Rebecca Kitteridge Photo: RNZ / Alexander Robertson
The information collected for a government security clearance can include sexuality, social habits, physical and mental health, financial well-being, and religious and political affiliations.
There was a high level procedure if the SIS sought to use vetting information for other purposes, the report said.
The procedure was "rarely if ever used" and would be done so only after application to the responsible deputy director.
However, Ms Gwyn's report found that did not mean information was not being used for purposes other than the security clearance.
"I identified a range of other practices by which vetting file information is accessed for various purposes, some with access controls and some form of assessment of justification, and others without."
Chris Finlayson Photo: RNZ / Alexander Robertson
Minister Responsible for the SIS, Chris Finlayson, was unequivocal when asked how broadly vetting information should be used, and what peoples' expectations would be.
"They would expect it to be submitted for the particular purpose for which it was submitted, and not for broader purposes.
"These are issues the director has been looking at for some months. It is recognised that the vetting procedures need to be improved."
The government had to make sure the vetting procedures were such that information could not be used for anything else, Mr Finlayson said. "And that is what the director is working on now."
Green Party co-leader Metiria Turei said the use of the information should be strictly controlled.
"The SIS does not have the proper controls or policy on how to manage access and it was allowing people to use it for purposes other than what it was handed over for."
