Source: Radio New Zealand
RNZ earlier revealed an investigation was under way into the extent of the issue and the Police Minister and Office of the Privacy Commissioner had been notified. RNZ / Richard Tindiller
More than 1000 cases were affected by a “technical issue” with police’s investigation management tool that led to sensitive information that was supposed to be redacted during disclosure potentially being made visible.
RNZ earlier revealed an investigation was under way into the extent of the issue and the Police Minister and Office of the Privacy Commissioner had been notified.
On Thursday Acting Assistant Commissioner Investigations, Serious and Organised Crime Keith Borrell told RNZ that the technical issue with the disclosure functionality of Police’s Investigation Management tool (IMT) was connected to a software update.
“As a result of this issue Police have reverted to an earlier iteration of the disclosure platform that has been thoroughly tested by both Police ICT and the software supplier.
- Do you know more? Email sam.sherwood@rnz.co.nz
“As a result of the investigations into the extent of the issue, Police have established that 1527 disclosure packages from 1037 cases have been affected. Police are working with justice sector partners to determine if there have been any privacy breaches as a result of the issue, and to date have identified 46 occasions where private information has been shared unintentionally.”
Police were working closely with the Office of the Privacy Commissioner and were assessing each case carefully to ensure individuals were informed and safety measures put in place where required. Borrell said that the majority of the information released was already known by the person who received it.
RNZ earlier reported police had contacted lawyers of defendants advising them of the issue.
An email seen by RNZ says a technical issue with police’s Investigation Management Tool (IMT) had been discovered that resulted in some redacted documents produced since 4 December not being correctly processed by the system.
This meant that information that was supposed to be redacted could become visible.
The lawyers were advised to retrieve the disclosure packages from their clients or request deletion of the email.
They were also told to advise them that they must comply with the Lawyers and Conveyances Act which included not disclosing information that would be likely to place a person’s health or safety at risk.
Police Minister Mark Mitchell earlier said it was “disappointing and concerning this error has occurred”.
“I expect Police to take all necessary steps to understand what happened, and to ensure it cannot happen again.”
Chief Victims Advisor Ruth Money earlier told RNZ she had contacted police asking for information on what had happened and what actions police were taking regarding both at risk victims and victims and witnesses in general who have been affected.
A spokesperson for the Office of the Privacy Commissioner earlier confirmed to RNZ police notified them of a privacy breach on 16 December 2025.
“The Privacy Act sets out that agencies are required to notify the Office of the Privacy Commissioner as soon as they are aware of breaches that they have assessed as ‘serious harm.’
“As with any breach, Police will need to investigate so they can fully understand the size and scope of the breach and its impact on New Zealanders. It’s possible that further investigation of a breach could result in an initial assessment of serious harm being downgraded.”
The commissioner’s initial focus was to “support agencies who have experienced a breach with advice on how to minimise the harm to any people affected.”
Sign up for Ngā Pitopito Kōrero, a daily newsletter curated by our editors and delivered straight to your inbox every weekday.
– Published by EveningReport.nz and AsiaPacificReport.nz, see: MIL OSI in partnership with Radio New Zealand
