The Ministry for Primary Industries (MPI) acknowledges the State Services Commission's (SSC's) report into the use of external security consultants by state sector agencies and accepts its findings.
MPI will be adopting the new state sector Model Standards to strengthen the transparency and accountability of our operations.
The findings follow MPI's proactive referral to the SSC of evidence of potential staff misconduct relating to events that occurred some years ago.
All these events relate to activities of former employees.
"The action of these former employees was unacceptable and failed to meet the standards New Zealanders expect of public servants. The public deserves to be able to trust public servants to act with integrity," says MPI director-general Ray Smith.
"For these past events, we are disappointed and apologise."
Some of the inquiry's conclusions relate to two former employees who were found to have breached the State Services Code of Conduct. These conclusions relate to secondary employment with Thompson & Clark Investigations Limited (TCIL) and are clearly very serious. These occurred between 2011 and 2014.
Earlier activity by MAF occurred in 2005 and 2006 and breached the code of conduct in place at that time with regard to the use of TCIL for surveillance activity. While the former Ministry of Agriculture and Forestry did make some use of TCIL, MPI has never engaged the firm or any other external security consultants for surveillance activity.
In the interests of transparency, MPI has released a range of material provided to the SSC's inquiry.
Professional Standards Unit to be established
"Like many Government departments, we exercise important powers on behalf of New Zealand and we need to make sure this is done appropriately," Mr Smith said.
"As one of my first actions at MPI, I am establishing a new Professional Standards Unit. This team will make information about the professional standards expected of staff more visible across the organisation, and undertake monitoring and checking to ensure these standards are being met.
"It's important to note that these efforts build on solid foundations to lift the capability, culture and awareness of information security and privacy since MPI was formed in 2012."
Some of this work includes:
- MPI established a dedicated security and privacy directorate in 2015, which includes the chief security officer and chief information security officer, to increase staff awareness of the protocols for information sharing, security and privacy, and provide assurance over MPI's core information systems.
- MPI’s intelligence team receives training on collecting, storing, sharing and use of information.
- MPI is implementing tools across our core information systems to monitor, detect and respond to unusual and suspicious activity.
- MPI has recently updated its fraud, theft and corruption policy, which outlines expectations for MPI staff about prevention, reporting, detection and investigation of fraud and corruption risk.
All new MPI employees are required to undergo a week-long induction course which includes MPI's expectations for information management, security and privacy, the Code of Conduct and the behaviour expected of MPI staff. These are supported by online learning modules and communication with staff.
"The SSC's report highlights the need to remain vigilant and ensure continuous improvement in these matters," says Mr Smith.
"We have referred other information to the SFO [Serious Fraud Office] and, as such, we are unable to discuss those matters further."