Office of the Privacy Commissioner
PO Box 10094, The Terrace, Wel ington 6143
Level 11, 215 Lambton Quay
Wellington, New Zealand
P +64 4 474 7590 F +64 4 474 7595
E [email address]
0800 803 909 Enquiries
privacy.org.nz
13 August 2021
John Creser
By email only to:
[FYI request #16295 email]
Tēnā koe John Creser
Official Information Act Request (Our Ref: OIA/0133)
I refer to your request under the Official Information Act 1982 (
OIA) dated 5 August 2021 made
via the fyi website:
The Ministry of Justice has prepared guidelines (which I've forwarded to your office) to assist
public and private sector organisations to develop and improve their fraud and corruption policy
and procedures.
Please advise me of the policy you've adopted to ensure that fraudulent records are not
promulgated by government departments in accordance with Justice Department guidelines.
Your request is refused under section 18(e) of the OIA because this information does not exist.
OPC has not adopted a policy in relation to limiting fraudulent records in government agencies.
To explain, fraud and corruption within government agencies (the core purpose of the Ministry
of Justice guidelines) is a criminal matter that is outside the scope of OPC’s regulatory
functions. A short summary of our role and functions can be found on our websit
e here. OPC’s
functions are primarily civil rather than criminal and are concerned with the protection of an
individual’s privacy. For the criminal matters where OPC may consider taking action, see our
Prosecution Policy. Nevertheless, there is potential for OPC’s regulatory functions such as investigating
complaints about breaches of privacy to overlap with the detection of fraudulent activity. For
example, privacy principle 5 requires all agencies to ensure that personal information is
protected against unauthorised access, use, modification or disclosure. Privacy principle 8
requires all agencies to take reasonable steps to check that personal information is accurate,
up to date and not misleading before using or disclosing the information. If we detect significant
misconduct or wrongdoing on the part of an agency or individual, we must report this to the
appropriate authority (section 96 of the Privacy Act).
For information, we have adopted our own comprehensive Fraud Policy based primarily on
the requirements of the Of ice of the Auditor General (
attached). This Policy covers the
measures raised in the Ministry of Justice guidance and ensures that the assets and reputation
of the Of ice of the Privacy Commissioner are protected from fraudulent misconduct.
OIA/0133/A757912
2
As part of our annual audit, Audit New Zealand reviews the appropriateness and adequacy of
our policy and practices with regard to fraud and potential corruption. We update the Fraud
Policy regularly to reflect ongoing advice received from the Office of the Auditor General and
Audit New Zealand.
In addition, please find the link to our Code of Conduct which is available on the Office’s
website:
https:/ privacy.org.nz/about-us/transparency-and-accountability/opc-policies/code-
of-conduct/
If you are dissatisfied with my response to your request, you have the right to complain to the
Ombudsman.
Nāku iti noa, nā
John Edwards
Privacy Commissioner
Encl. Fraud policy
OIA/0133/A757912