MSD fraud investigations “intrusive, excessive and inconsistent with legal requirements” - Privacy Commissioner
An Office of the Privacy Commissioner (OPC) inquiry has found the Ministry of Social Development (MSD) systematically
misused its investigatory powers while pursuing benefit fraud, unjustifiably intruding on the privacy of many
The inquiry found MSD’s exercise of its information gathering powers to be inconsistent with legal requirements under
the Social Security Act 1964 and the Privacy Act 1993. This failure has resulted in infringements of individual privacy,
particularly in relation to the collection of information from third parties.
In the course of its inquiry, OPC interviewed beneficiaries and reviewed fraud investigation files provided by MSD. As a
result, it saw cases where individual privacy was infringed. Examples included:
• Failing to ask beneficiary clients for information before seeking it from a third party leading to inaccurate
assessments of the information;
• Overly broad requests leading to the provision of unnecessary and sensitive information (in one case a woman’s
• Disproportionate and inappropriate requests for information (in some cases, every text message sent and received by an
individual over lengthy periods);
Mr Edwards says the inquiry reviewed MSD files that contained text messages between parties in a relationship, sometimes
of a sexual, familial or otherwise intimate nature.
“In one instance, a beneficiary described to us how MSD obtained, from a telecommunications company, an intimate picture
shared by that individual with a sexual partner. The photograph was then produced at an interview by MSD investigators
seeking an explanation for it.”
MSD has powers under the section 11 of the Social Security Act (as regulated by a Code of Conduct) to collect “any
information” about a person on a benefit in order to assess their entitlements – including retrospectively, as in the
case with fraud investigations.
As well as the Privacy Act, MSD’s Code of Conduct required MSD to first seek information from a beneficiary client
directly before seeking it from a third party, unless to so would prejudice the maintenance of the law.
A change in practice
But in 2012, MSD advised its fraud investigation staff they could bypass the requirement to seek information directly
from a beneficiary and instead go direct to third parties. MSD believed that an amendment to the Code enabled this.
The 2012 practice change resulted in MSD using its powers to collect large amounts of highly sensitive information about
beneficiaries from third parties without approaching beneficiaries first. The information collected included text
messages, domestic violence and other Police records, banking information and billing records from a range of providers.
MSD investigates thousands of fraud allegations a year. Of these, a large proportion result in no formal finding of
Mr Edwards said since 2012, MSD’s failure to first ask beneficiaries for information before approaching third parties
has likely affected thousands of beneficiaries.
“Due to poor record keeping practices and inconsistencies between fraud teams, we have been unable to establish whether
the Ministry has been bypassing beneficiaries in all fraud investigations or only those categorised as ‘high risk’. It
is disappointing that MSD does not keep accurate records of when and how many section 11 notices are issued by its
Mr Edwards also noted MSD is required to review the Code every three years but had not done so since 2012.
The report makes five recommendations including that MSD immediately cease its blanket application of the ‘prejudice to
the maintenance of the law’ exception when issuing section 11/schedule 6 notices.
It also recommends MSD undertake a comprehensive review of the Code and to develop training material and guidance for
all its fraud investigation teams.
The Inquiry into the Ministry of Social Development’s Exercise of Section 11 (Social Security Act 1964) and Compliance with
the Code of Conduct report is available here
. [Scoop copy: 20190515OPCInquiryintoMSDFinalReport2.pdf
Note to editors
The Privacy Act 1993 enables agencies to collect, use and disclose information that is necessary and proportionate to
their lawful requirements. The Act provides that, in general, information should be collected from an individual
Section 11 of the Social Security Act 1964 provides a mechanism by which the MSD can compel information from persons
other than the individual. Before exercising this power, however, MSD is required in the first instance to seek the
information required from the individual directly, unless there are reasonable grounds to believe that this would
‘prejudice the maintenance of the law’.