Widespread non-compliance in New Zealand public records spurs call for AI reform
A report from New Zealand’s Chief Archivist has revealed that most government agencies are still falling short of their legal obligations under the Public Records Act 2005. The 2023/24 Annual Report, published by Te Rua Mahara o te Kāwanatanga (Archives New Zealand), shows that two-thirds of surveyed agencies are still at early stages of maturity, with only seven reaching 50 percent or higher.
The findings reflect long-standing concerns around manual processes, poor visibility of information, and a lack of integration between systems. The report also notes a decline in information governance capability, with headcounts in records teams dropping by more than 15 percent over the past two years.
Rachael Greaves (pictured), CEO of Castlepoint Systems, said the data confirms that systemic issues remain unresolved, stating, “Agencies are expected to meet increasing regulatory and ethical obligations, but are often left without the tools or resources to do so effectively. Automation is now essential to reduce risk, protect citizens, and uphold trust.”
The report points to serious consequences for vulnerable communities. Recordkeeping failures have had the greatest impact on people in State and faith-based care, a key focus of the ongoing Royal Commission of Inquiry into Abuse in Care. The Chief Archivist warns that these gaps can delay redress and worsen harm.
Some agencies are already using automated tools to improve visibility, reduce information risk, and meet their obligations without adding operational burden. Some central and regional government bodies in New Zealand have adopted an AI-based approach to classify and manage records across its systems, supporting more accountable and efficient service delivery.
These tools align with Archives New Zealand’s published AI guidance and can assist with compliance under the Temporary Care Records Protection Instruction. They are also being used to identify and manage sensitive records, including those related to iwi, hapū, marae, and historic abuse in care.
Technology like Castlepoint Systems’, which holds Tier 2 information security endorsement from the New Zealand Government and ISO 27001 certification, is helping agencies embed compliance into routine operations, rather than treating it as a separate, resource-intensive process.
Greaves said the implications extend beyond the public sector, adding, “Any organisation that handles sensitive or regulated information needs to think seriously about how they manage and preserve records. The longer the gaps persist, the greater the risk of harm.”
