21 August 2019
Alex Harris
[FYI request #10611 email]
Kia ora Alex
Your Official Information Act request, reference: GOV-000353
Thank you for your email of 25 June 2019, asking for the following information under the Official
Information Act 1982 (the Act):
1.
whether your agency has ever employed ZX Security Ltd, to provide training in social media or
open source intelligence. For the avoidance of doubt, I am not interested in any work done by
them on network security or penetration testing.
2.
If so, all information relating to, or provided by, ZX Security Ltd in relation to the above.
Thank you for your patience while we prepared this information for release to you. The answers to your
questions are below.
1. ACC engaged ZX Security to provide a training session in 2014
ACC engaged ZX Security Ltd in February 2014 to provide training to the investigators in what was then
known as the ‘Investigation Unit’. The training included topics related to social media and open source
intelligence gathering.
2. We have identified information within scope of your request
We have identified the following information within the scope of your request:
• Power point presentation and handout used by ZX Security Ltd to deliver the 2014 training. These
have been withheld in full to prevent prejudice to the commercial position of the person who
supplied the information, or who is the subject of the information. This decision is in accordance
with section 9(2)(b)(ii) of the Act.
• The training invoice, Statement of Work Signed, and ACC Confidentiality agreement are being
released to you with some redactions to protect the privacy of natural persons. This decision is in
accordance with section 9(2)(a) of the Act.
• Emails relating to the training attended by ACC staff are also being released to you with some
redactions to protect the privacy of natural persons. This decision is in accordance with section
9(2)(a) of the Act.
We have considered the public interest in the information and are of the view that it does not outweigh
the need to maintain the privacy of the individuals.
Integrity Services today
Since 2014, ACC has changed the group structure and operating model of Integrity Services. These
changes were intended to implement the ACC Integrity Framework through the establishment of the Risk
Advisory, Response, Enablement, and Performance & Delivery teams, alongside the existing Insights team.
This was an important step in continuing ACC’s shift in focus from reactive individual investigation, to
proactive prevention, risk advisory, communication and education activities.
A statement explaining how Integrity Services now collect, use and share information gathered about
members of the public or other entities for the purpose of preventing, detecting and/or responding to
potential fraud, waste and abuse of the ACC Scheme can be found at the following link:
www.acc.co.nz/assets/corporate-documents/3340bc6c3a/transparency-statement-integrity-services.pdf
GOV-000353
In addition to this, and as a result of the SSC Inquiry into the use of external security consultants by
Government agencies, in 2018 ACC took a fresh look at the way information is gathered by Integrity
Services. We:
• Confirmed our policies and procedures comply with the State Services model standards and
code of conduct.
• Conduct regular assurance reviews to reconfirm Integrity Services’ compliance with ACC’s
policies and processes and code of conduct.
We are happy to answer your questions
If you have any questions, you can email me at
[email address]. If you are not happy with
this response, you have the right to make a complaint to the Ombudsman. Information about how to do
this is available a
t www.ombudsman.parliament.nz or by phoning 0800 802 602.
Ngā mihi,
Emma Coats
Manager Official Information Act Services
Government Engagement & Support
Accident Compensation Corporation
Page 2 of 2