OC2240842
19 August 2024
New Zealand Council for Civil Liberties
Email: [FYI request #27753 email]
Tēnā koe New Zealand Council for Civil Liberties,
I refer to your email dated 22 July 2024, requesting the following under the Official Information Act
1982 (the Act):
“Dear Ministry of Transport,
The Council was notified shortly after the closing of your consultation on Land Transport
Rule: Setting of Speed Limits 2024 of the following statement in the supporting material:
"We may use an artificial intelligence tool to help us analyse submissions We may use an AI
tool to help us analyse submissions. We wil take steps to avoid inputting personal information
into any AI tool that is outside our network."[1]
Hereafter this “artificial intelligence tool” is referenced as “the tool”.
The New Zealand Council for Civil Liberties requests:
1. The name of the tool, and the names of any supporting external tools.
2. The Privacy Impact Assessment for this use of the tool.
3. The privacy policies, if any, of the tool.
4. As the Ministry is a signatory to the Algorithm Charter, we request the supporting material
for the tool produced in accordance with the Algorithm Charter, including but not limited to:[2]
4a. “plain English documentation of the algorithm.”
4b. explanations of “how data are collected, secured and stored.”
4c. evidence of how a Te Ao Māori perspective was embedded in the development.
4d. the analysis of the tool for compliance with Te Tiriti o Waitangi.
4e. the process used to identify, engage and consult “with people, communities and groups
who have an interest in algorithms.”
4f. the documents resulting from that consultation.
4g. the report or other evidence of the peer review of the tool for unintended consequences.
5.In July 2023, Government Chief Digital Officer (GCDO) issued “Initial advice on Generative
Artificial Intelligence in the public service” (GCDO advice)[3]. As this advice was issued under
authority delegated under the Public Service Act, it binds the Ministry. The Council requests:
5a. the Ministry’s policies or standards for “trialling and using GenAI”, whether developed in
response to the GCDO advice or independently.
5b. the assessment of the tool against the policy or standard, or other evidence that the policy
or standard was used when procuring or creating the tool.
transport.govt.nz | hei-arataki.nz
HEAD OFFICE: PO Box 3175, Wellington 6140, New Zealand. PH: +64 4 439 9000
AUCKLAND OFFICE: NZ Government Auckland Policy Office, PO Box 106483, Auckland 1143, New Zealand. PH: +64 4 439 9000
5c. the details of the “guard rails” which ensure that the tool is used safely.
5d. evidence that the tool was tested, that it passed testing, and a summary of the test
procedures.
6. Any internal or external ethics advice the Ministry has on the tool, or, if none, on Generative
AI.
7. The processes by which the Ministry “avoid[s] inputting personal information into any AI
tool that is outside [your] network”, including how the Ministry audits, or plans to audit, these
processes.
8. The Ministry’s policy on using AI tools to process, summarise and/or analysis submissions,
including any external guidance the Ministry has received.
9. What efforts, other than this small section in the consultation document, the Ministry has
made to let members of the public know about the Ministry’s use of AI tools.
10.How NZTA allows members of the public to opt out of their submissions being entered
into an AI tool.
11. The list of consultations on which the Ministry has used AI tools.
Under section 16(2) of the OIA our preferences are (a) to receive a copy of the whole
document (b) that the information is disclosed in a text searchable format, either Word or
PDF, and (c) that it is sent to the email address from which the Ministry received this request.
If the Ministry decides that there is 'good reason' under the OIA to withhold any of the
information we are requesting, then under section 19(a)(i ) of the OIA, we further request that
the Ministry provides us with the grounds in support of each withholding reason cited for
refusal.
If any part of our request is unclear, please don't hesitate to contact us.
Yours faithfully,
New Zealand Council for Civil Liberties”.
Before responding to the detail of your Official Information Act request, the Ministry would like to
provide some general context about the Ministry’s use of generative artificial intelligence (GenAI).
In June 2024, the Ministry’s Leadership Team approved a limited pilot to test the ability of GenAI to
support the analysis of public submissions. The key features of this pilot included:
• Using Microsoft CoPilot to test the ability of GenAI to review and summarise submissions
• Using both staff and Microsoft CoPilot to undertake the analysis.
• Ensuring the information analysed by CoPilot would remain inside the Ministry’s IT tenancy,
that is, treated in the same way as public submissions already are.
The intent was to test how well AI can perform a task which is labour intensive and support staff to
focus on analysis and advice.
The Ministry of Transport is using the ‘Land Transport Rule: Setting of Speed Limits 2024’ as a test
case for AI. As noted in the consultation, the Ministry has avoided inputting personal information into
any AI tool that is outside our network.
transport.govt.nz | hei-arataki.nz
Page 2 of 4
Our response to your request is as follows:
Question 1 -
The name of the tool, and the names of any supporting external tools - CoPilot Studio
Question 2 -
The Privacy Impact Assessment for this use of the tool - Annex 1 (at ached) outlines the
Ministry of Transport's Privacy Impact Assessment for the AI Pilot.
Question 3 -
The privacy policies, if any, of the tool - The information you have requested is
available at
https:/ learn.microsoft.com/en-us/copilot/privacy-and-protections. More generally, the Ministry’s own privacy policy applies to the use of AI, in the same way it
applies across all our work.
Questions 4 – 4.d -
The Algorithm Charter
As explained in the Charter, it is intended that the Charter applies in cases where algorithms are
being employed in a way that can significantly impact on the wellbeing of people, or there is a high
likelihood many people wil suffer an unintended adverse impact.
In this instance, given the content noted above and the details in the Privacy Impact Assessment,
the limited pilot undertaken by the Ministry is not expected have a significant impact on wellbeing,
nor is there a high likelihood that people wil suffer an unintended adverse impact.
Question 5 -
In July 2023, Government Chief Digital Officer (GCDO) issued “Initial advice on
Generative Artificial Intelligence in the public service” (GCDO advice) [3]. As this advice was issued
under authority delegated under the Public Service Act, it binds the Ministry. The Council requests:
a. the Ministry’s policies or standards for “trialling and using GenAI”, whether developed in
response to the GCDO advice or independently.
The Ministry applied the following standards/policies to the pilot:
• A Privacy Impact Assessment was completed – the assessment shows the pilot was
compliant with the Ministry’s privacy obligations
• A governance group was established to monitor the use of GenAI in the pilot to
manage any risks and issues associated with the pilot
• As advised under the public sector systems leaders’
guidance for use of GenAI, the
pilot was run in a sandboxed area to reduce risk.
b.
the assessment of the tool against the policy or standard, or other evidence that the
policy or standard was used when procuring or creating the tool - the security and
governance guidelines and policies of CoPilot Studios can be found at. -
https://learn.microsoft.com/en-us/microsoft-copilot-studio/security-and-governance
c.
the details of the “guard rails” which ensure that the tool is used safely - An isolated
CoPilot Studio instance was used to reduce risk, this means the information was
completely ringfenced from all other data. No information from the pilot left the
Ministry’s IT tenancy.
d.
evidence that the tool was tested, that it passed testing, and a summary of the test
procedures - The Ministry is currently testing CoPilot in an isolated environment within
our IT tenancy for testing purposes.
Question 6 -
Any internal or external ethics advice the Ministry has on the tool, or, if none, on
Generative AI. - No ethics advice was sought because of the limited nature of the pilot.
transport.govt.nz | hei-arataki.nz
Page 3 of 4
Question 7 -
The processes by which the Ministry “avoid[s] inputting personal information into any
AI tool that is outside [your] network”, including how the Ministry audits, or plans to audit, these
processes - The Ministry set up a specific internal SharePoint site with named individual access
where the submission information was held. This ensured that no information left the Ministry’s IT
tenancy. It is equivalent or more restrictive to how we would hold, and store submissions being
analysed by staff.
Question 8 -
The Ministry’s policy on using AI tools to process, summarise and/or analysis
submissions, including any external guidance the Ministry has received. – Please refer to Question
5.
Question 9 -
What efforts, other than this small section in the consultation document, the Ministry
has made to let members of the public know about the Ministry’s use of AI tools - The front page of
the consultation document clearly stated:
“We may use an artificial intel igence tool to help us analyse submissions
We may use an AI tool to help us analyse submissions. We wil take steps to avoid inputting
personal information into any AI tool that is outside our network”
Question 10 -
How NZTA allows members of the public to opt out of their submissions being
entered into an AI tool. - It is important to note that the consultation was managed by the Ministry of
Transport and not NZTA. As this was a pilot the submissions were reviewed by people (CoPilot
did not replace any human review) and all personal information was removed before any
information was entered into the tool, as a result we did not provide an opt-out.
Question 11 -
The list of consultations on which the Ministry has used AI tools. - The Ministry’s pilot
is assessing the ability of AI to support the assessment of public submissions for the ‘Speed
Rule’ and retrospectively (after submissions were assessed and reported on) for the 2024
Government Policy Statement (GPS) on land transport as part of the testing process. Given the
GPS submissions had already been reviewed at the time of the pilot, the pilot had no effect on
the outcome of the review of submissions.
You have the right to seek an investigation and review of this response by the Ombudsman, in
accordance with section 28(3) of the Act. The relevant details can be found on the Ombudsman’s
website
www.ombudsman.parliament.nz
The Ministry publishes our Official Information Act responses and the information contained in our
reply to you may be published on the Ministry website. Before publishing we will remove any
personal or identifiable information.
Nāku noa, nā
Richard Kelly
Manager Business Enablement & Support / CIO
transport.govt.nz | hei-arataki.nz
Page 4 of 4
Annex 1
BRIEF PRIVACY IMPACT ASSESSMENT
AI Pilot – submissions analysis
24 June 2024
1.
Project summary: AI Pilot – submissions analysis
1.1 Brief description of the project
This project is a pilot at the Ministry of Transport to test the effectiveness of using
1982
Microsoft CoPilot as an Artificial Intelligence tool in summarising submissions on the
‘Setting of Speed Rule 2024’ and draft Government Policy Statement on Land
Transport 2024.
The Speed Rule consultation is a live consultation where those providing submissions
ACT
have been informed that” We may use an AI tool to help us analyse submissions. We
will take steps to avoid inputting personal information into any AI tool that is outside our
network.”
Consultation on the draft GPS has already closed and submissions have already been
assessed by Ministry staff. The pilot will look back to assess the difference between
AI generated reviews and staff reviews. The purpose of the pilot is to test whether there
can be time savings and higher quality reviews of submissions through the use of AI.
It is a one-off exercise at this point.
Privacy will be managed in the same way as all Ministry consultation with the public
and consistent with our obligations under the Privacy Act. In the case of the pilot, we
will take the extra step of not adding personal information (contact details and names)
INFORMATION
into the AI tool. The information wil be held within the Ministry’s IT tenancy, in the
same way as all other information is. There will be no external sharing of the
RELEASED UNDER THE
submissions outside of the Ministry’s IT systems.
1.2 Personal information that the project will involve
Type of personal
Source of
Purpose of information
Information
Information
for the project
OFFICIAL
The personal information
Provided by public submitters
CoPilot will review the content of
involved in this pilot is any
the information provided by
on the speed rule and the
personally identifying
submitters, but no personal details
review of the GPS.
(names and contact information)
information provided by public
will be provided to the CoPilot tool.
submitters, including names and
All information will remain within the
contact details
Ministry’s IT tenancy.
Page
1 of
10
2.
Privacy assessment
2.1 Areas that are risky for privacy
Some types of projects are commonly known to create privacy risks. If the project
involves one or more of these risk areas, it’s likely that a PIA wil be valuable.
Use this checklist to identify and record whether your proposal raises certain privacy
risks. Delete any that do not apply.
Does the project involve
Yes
No
If yes, explain your response
any of the following?
(tick)
(tick)
Information management generally
1982
A substantial change to an existing policy,
✓
process or system that involves personal
information
ACT
Example: New legislation or policy that makes it
compulsory to collect or disclose information
Any practice or activity that is listed on a risk
✓
register kept by your organisation
Example: Practices or activities listed on your
office’s privacy risk register or health and safety
register
Collection
A new collection of personal information
✓
INFORMATION
Example: Collecting information about individuals’
location
RELEASED UNDER THE
A new way of collecting personal information
✓
Example: Collecting information online rather than
on paper forms
Storage, security and retention
OFFICIAL
A change in the way personal information is
✓
stored or secured
Example: Storing information in the cloud
A change to how sensitive information is
✓
managed
Page
2 of
10
Does the project involve
Yes
No
If yes, explain your response
any of the following?
(tick)
(tick)
Example: Moving health or financial records to a
new database
Does the project involve
Yes
No
If yes, explain your response
any of the following?
(tick)
(tick)
Transferring personal information offshore or
✓
using a third-party contractor
Example: Outsourcing the payroll function or
storing information in the cloud
1982
A decision to keep personal information for
✓
longer than you have previously
Example: Changing IT backups to be kept for
10 years when you previously only stored them for
7
ACT
Use or disclosure
A new use or disclosure of personal
✓
information that is already held
Example: Sharing information with other parties in
a new way
Sharing or matching personal information held
✓
by different organisations or currently held in
different datasets
Example: Combining information with other
INFORMATION
information held on public registers, or sharing
information to enable organisations to provide
RELEASED UNDER THE
services jointly
Individuals’ access to their information
A change in policy that results in people
✓
having less access to information that you
hold about them
OFFICIAL
Example: Archiving documents after 6 months into a
facility from which they can’t be easily retrieved
Identifying individuals
Establishing a new way of identifying
✓
individuals
Page
3 of
10
Does the project involve
Yes
No
If yes, explain your response
any of the following?
(tick)
(tick)
Example: A unique identifier, a biometric, or an
online identity system
1982
ACT
INFORMATION
RELEASED UNDER THE
OFFICIAL
Page
4 of
10
Does the project involve
Yes
No
If yes, explain your response
any of the following?
(tick)
(tick)
New intrusions on individuals’ property, person or activities
Introducing a new system for searching
✓
individuals’ property, persons or premises
Example: A phone company adopts a new policy
of searching data in old phones that are handed in
Surveillance, tracking or monitoring of
✓
movements, behaviour or communications
Example: Installing a new CCTV system
1982
Changes to your premises that will involve
✓
private spaces where clients or customers
may disclose their personal information
ACT
Example: Changing the location of the reception
desk, where people may discuss personal details
New regulatory requirements that could lead
✓
to compliance action against individuals on
the basis of information about them
Example: Adding a new medical condition to the
requirements of a pilot’s license
List anything else that may impact on privacy,
✓
such as bodily searches, or intrusions into
physical space
INFORMATION
RELEASED UNDER THE
OFFICIAL
Page
5 of
10
2.2
Privacy assessment
#
Description of the
Summary of personal information
Assessment of
Link to risk
privacy principle
involved, use and process to
compliance
assessment
manage
(if required)
(These can be deleted from
your final report if they’re
not relevant to your project
– but you should at least
consider each principle)
1
Principle 1 - Purpose of the
The pilot will not collect any
Compliant
collection of personal
personal information beyond the
information
status quo. Personal information
1982
(names and contact information) is
Only collect personal
provided regardless of who reviews
information if you really
submissions.
need it
ACT
2
Principle 2 – Source of
Any information is provided directly
Compliant
personal information
by those submitting on the
proposals. This is outside the scope
Get it directly from the
of the pilot as it would be required
people concerned wherever
regardless of whether CoPilot is
possible
used
3
Principle 3 – Collection of
Submitters have been told that we
Compliant
information from subject
may use an AI tool to help us
analyse submissions. We will take
Tell them what information
steps to avoid inputting personal
you are collecting, what
information into any AI tool that is
you’re going to do with it,
outside our network
whether it’s voluntary, and INFORMATION
the consequences if they
don’t provide it.
RELEASED UNDER THE
4
Principle 4 – Manner of
The pilot will not collect any
Compliant
collection of personal
personal information beyond the
information
status quo. Personal information
(names and contact information) is
Be fair and not overly
provided regardless of who reviews
OFFICIAL
intrusive in how you collect
submissions.
the information
Take particular care if
collecting information from
children or young people
Page
6 of
10
#
Description of the
Summary of personal information
Assessment of
Link to risk
privacy principle
involved, use and process to
compliance
assessment
manage
(if required)
(These can be deleted from
your final report if they’re
not relevant to your project
– but you should at least
consider each principle)
5
Principle 5 – Storage and
The pilot does not change the
Compliant
security of personal
Ministry’s existing policy. The pilot
information
will remove personal information
before it is assessed by CoPilot
Take care of it once you’ve
got it and protect it against
1982
loss, unauthorised access,
use, modification or
disclosure and other
misuse.
ACT
6
Principle 6 – Access to
The pilot does not change the
Compliant
personal information
Ministry’s existing policy.
People can see their
personal information if they
want to
7
Principle 7 – Correction of
The pilot does not change the
Compliant
personal information
Ministry’s existing policy.
They can correct it if it’s
wrong, or have a statement
of correction attached
INFORMATION
8
Principle 8 – Accuracy etc.
The pilot will not use personal
Compliant
of personal information to
information to assess submissions
RELEASED UNDER THE
be checked before use
Make sure personal
information is correct,
relevant and up to date
before you use it
OFFICIAL
9
Principle 9 – Not to keep
The pilot will not use personal
Compliant
personal information for
information to assess submissions
longer than necessary
Get rid of it once you’re
done with it
Page
7 of
10
#
Description of the
Summary of personal information
Assessment of
Link to risk
privacy principle
involved, use and process to
compliance
assessment
manage
(if required)
(These can be deleted from
your final report if they’re
not relevant to your project
– but you should at least
consider each principle)
10
Principle 10 – Limits on use
The pilot will not use personal
Compliant
of personal information
information to assess submissions
Use it for the purpose you
collected it for, unless one
of the exceptions applies
1982
11
Principle 11 – Limits on
The pilot will not disclose personal
Compliant
disclosure of personal
information
information
ACT
Only disclose it if you’ve got
a good reason, unless one
of the exceptions applies
12
Principle 12 – Disclosing
The pilot will not disclose personal
Compliant
information outside New
information
Zealand
Only share information
with an agency outside
New Zealand if the
information will be
protected
INFORMATION
13
Principle 13 – Unique
The pilot will not use unique
Compliant
RELEASED UNDER THE
identifiers
identifiers
Only assign unique
identifiers where permitted
Other privacy interests
NA
NA
OFFICIAL
Page
8 of
10
3.
Summary of privacy impact
The privacy impact for this project has been assessed as:
Tick
Low – There is little or no personal information involved; or the use of personal
✓
information is uncontroversial; or the risk of harm eventuating is negligible; or the
change is minor and something that the individuals concerned would expect; or risks
are fully mitigated
Medium – Some personal information is involved, but any risks can be mitigated
satisfactorily
High – Sensitive personal information is involved, and several medium to high risks
have been identified
1982
Reduced risk – The project will lessen existing privacy risks
Inadequate information – More information and analysis is needed to fully assess
ACT
the privacy impact of the project.
3.1 Reasons for the privacy impact rating
There is little or no personal information involved; and the use of personal information
is uncontroversial.
Section 2 shows there are no privacy risks from the pilot because the information is
INFORMATION
retained in the same way a standard submissions process is at the Ministry.
RELEASED UNDER THE
The Governance Group established to support the pilot will continue to monitor the
process and any future risks that may arise.
4. Recommendation
OFFICIAL
The Recommendation(s) from the Advisory Group to the Project Sponsor is set out
below.
The Governance Group
recommends:
Note that a privacy assessment has been carried out.
Note that there are no privacy risks from the pilot because the information is retained
in the same way a standard submissions process is at the Ministry.
Page
9 of
10
5. Sign off
Advisory Group:
Chris Nees
Director Sector Strategy
_______________________________
_________________________________
Name
Position
_______________________________
__25___/__06___/___24__
1982
Signature
Date
Richard Kelly
Business Enablement and Support Manager
ACT
_______________________________
_________________________________
Name
Position
_______________________________
___25__/_06____/____24_
Signature
Date
Project Sponsor:
INFORMATION
Carmen Mak
Acting DCE, Corporate Services
RELEASED UNDER THE
_______________________________
_________________________________
Name
Position
OFFICIAL
______________________________
__25___/_06____/_24____
Signature
Date
Page
10 of
10
