Horowhenua District Council releases peer review, but there's little about council's snooping
Horowhenua District Council has publicly released a peer review of an internal audit report that revealed its chief executive was intercepting emails.
David Clapperton, the chief executive, has defended the controversial practice, saying he was acting out of concern for his staff and would do so again "in a heartbeat".
The review of the audit, by KPMG, was released on Thursday, with names redacted.
The KPMG report said it could not validate the findings of the audit report, in which the auditor labelled email interceptions "extremely high risk".
* Horowhenua District Council to talk about email interceptions behind closed doors
* Horowhenua email snooping halted after local body election
* Concerns raised about email interception at Horowhenua District Council
* Legal questions about 'astonishing' email interceptions
KPMG did not directly condemn the council for snooping on residents and councillors, but did advise it to stop intercepting emails and to use a better process to protect staff from abuse.
KPMG was "not able to determine" the risk of the council's practices.
KPMG's report also said blocking or intercepting emails was outside the scope for an internal audit relating to sensitive expenditure.
The internal auditor had also labelled Clapperton's governance as an extreme risk and fleet management issues were considered a high risk, but KPMG tagged the risk from those areas as low.
KPMG's review cost about $22,000.
The internal auditor's report found Clapperton was intercepting emails from members of the public to council email addresses. Clapperton, after seeing the emails, could then choose to either block, redirect or allow them to continue to their intended destinations.
In July, the council said the draft report was incomplete, "not up to standard" and should not have been made public.
In a statement, the council revealed details of the interceptions, saying there was only one instance of emails from "an elected member" to a person outside of the council being "quarantined". The council did not say how many emails to elected members were intercepted.
The council has also admitted it should have updated its email policy and published this on its website.
In a statement released after a meeting on Wednesday, Clapperton said "quarantining emails was always about the safety and wellbeing of my employees".
"The wellbeing of my employees is paramount – I would do it again in a heartbeat. However, I would ensure the procedure was in council's electronic email usage policy."
The quality of emails had "vastly improved" and no elected members' emails were currently being intercepted.
Clapperton thanked his supporters for standing by him in "what has been an unprecedented attack on my professionalism and integrity" and he said he was "here for the long haul".
THE COUNCIL EXPLAINS ITSELF
A statement from council spokeswoman Lacey Wilson said KPMG interviewed the author of the audit report, but working papers supporting the report's findings were not produced.
Because of this, KPMG was unable to comment on the validity of some of the findings.
Six findings of the audit report were not usually within the scope of a sensitive expenditure review, KPMG found.
KPMG said while the word "blocked" was used in relation to the email interceptions, after discussions with the council it understood it was "actually a quarantine and vetting process to protect staff from threatening, abusive emails".
A further "questions and answers" statement from the council said the interceptions had gone on for six years, the past three under Clapperton, and nine people had been subject to them.
Most emails from these people were immediately released. "Only those that contained offensive comments, bad language and photographs caught up in the mail marshal were not."
About 1300 emails were "quarantined". The council says in the year to June 2016, it received about 657,000 emails.
It says it didn't block email users as that "would have prevented individuals and elected members on the quarantine list from communicating with council officers".
All councillors had been told about the practice in 2015.
A spokesman from the Office of the Privacy Commissioner would not confirm how many complaints it had received about the interceptions, but Stuff knew of at least one, by Horowhenua resident Christine Toms.
Toms laid a complaint after discovering her emails were being intercepted by Clapperton.
The council said it had provided documents to the Ombudsman's office. It was not aware of any Privacy Commissioner investigation.
Despite previously indicating discussions about the report should be held privately in the council committee before being made public, mayor Michael Feyen made a last-minute attempt to allow the public to stay at Wednesday's meeting.
Councillor Ross Campbell backed Feyen's proposal, but all other committee members, including eight other councillors, voted against it.