Immigration New Zealand has breached the privacy of more than 200 people - most of whom were not informed - in incidents in the past three years that led to 10 staff members losing their jobs.
It follows privacy breaches by state agencies including Work and Income, Inland Revenue and ACC, and raises fresh concerns about the Government's ability to keep personal details secure as it develops a controversial sex-offender register and vulnerable-children database.
Figures obtained by Labour show 207 people had their personal details "compromised" but only 12 of those were informed.
Labour's immigration spokeswoman, Darien Fenton, said the service kept records of almost every personal detail about its clients, including ages, family status, health checks, work history, income and criminal convictions.
"They store an incredible amount of information. This looks like they have been pretty careless."
The incidents could be staff sending the information to the wrong person or staff accessing personal information and sharing it around, she said.
In July, it was revealed that some Immigration NZ staff had been entertaining themselves by using confidential databases "like a dating site" and accessing the information of wealthy applicants.
In the past three years six staff had resigned over privacy breaches, four had been dismissed and eight had been given final written warnings, the figures show.
Ms Fenton said Immigration NZ should inform everyone whose privacy was breached. "They should be upfront and honest about it."
The Government was putting two bills through Parliament enabling it to store more information electronically and Immigration NZ's proposed "global management system" would allow for more online processing, she said.
"There are always risks and the Government is being far too shabby about the way they are going about this."
Immigration Minister Nathan Guy said the increasing number of breaches were because staff were more aware that they had to report every incident.
"Any breach of privacy is disappointing, but it needs to be remembered that Immigration New Zealand makes around 500,000 decisions every year."
Immigration NZ general manager Nicola Hogg said all staff were required to sign a code of conduct to say they would behave ethically.
"Only certain Immigration NZ staff have access to client files when it is necessary for their job.
"Employees must not access records of well-known members of the public for reasons not connected with their work."
All accessing of client information was recorded and regular checks were conducted and audits ordered when there were complaints.
Under current practice, staff contacted the affected person immediately and apologised if a breach involved the accidental release of one person's information to the wrong person, she said.
Immigration NZ was now part of the Business, Innovation and Employment Ministry, which was reviewing its policy on privacy breaches.
SLIP-UPS THIS YEAR
March: ACC inadvertently emailed personal information of about 6700 clients, including 250 sexual abuse cases, to claimant Bronwyn Pullar.
October: Work and Income closes its self-serve kiosks after blogger Keith Ng reveals he was able to access private details of thousands of clients, including children in care.
October: Inland Revenue had 32 privacy breaches involving personal details of 6300 people being sent to the wrong person in the past year.
November: The Education Ministry's new payroll system, Novopay, sends details, including the bank account numbers of teachers, to at least two wrong schools.
November: Immigration NZ breaches the privacy of 207 clients over the past three years. Only 12 are informed their personal details were accessed.
- The Dominion Post
Should MPs be able to swear to uphold the principles of the Treaty?Related story: Oath wording strikes MP discord