Plain language law

New Zealand law explained for everyone

Intelligence and Security Act 2017

Intelligence and security agencies - Functions

12: Information assurance and cybersecurity activities

You could also call this:

"Keeping New Zealand's computer systems and information safe and secure"

Illustration for Intelligence and Security Act 2017

The Government Communications Security Bureau helps keep New Zealand's information and communications safe. You can think of this as protecting the country's computer systems and the information they hold. The Bureau does this by providing information assurance and cybersecurity activities to public authorities, people, or groups of people.

The Bureau's job is to protect the security and integrity of important communications and information systems. This includes finding and responding to threats to these systems. The Bureau can do its job with or without special permission, depending on the situation.

If the Bureau gets information without permission, it can only use that information for certain purposes. These purposes include doing its job and making reports about threats to New Zealand's communications and information systems. The Minister decides who can receive these reports, and must make sure that sharing the reports follows New Zealand law and human rights obligations.

The Minister is the person in charge of the Government Communications Security Bureau. You can find more information about the Bureau's role in section 11 and Part 4 of the Intelligence and Security Act 2017.

This text is automatically generated. It might be out of date or be missing some parts. Find out more about how we do this.

This page was last updated on

View the original legislation for this page at https://legislation.govt.nz/act/public/1986/0120/latest/link.aspx?id=DLM7118909.

Topics:
Crime and justice > Police and safetyGovernment and voting > Government departmentsBusiness > Industry rules
Previous

11: Protective security services, advice, and assistance, or

"Help to keep people and places safe with security services and advice"

Next

13: Co-operation with other public authorities to facilitate their functions, or

"Intelligence agencies help other authorities do their jobs by sharing information and giving advice"

Part 2Intelligence and security agencies
Functions

12Information assurance and cybersecurity activities

  1. In relation to the Government Communications Security Bureau, the information assurance and cybersecurity activities referred to in paragraph (a)(ii) of the definition of protective security services, advice, and assistance in section 11(3) are—

  2. providing information assurance and cybersecurity activities to a public authority, person, or class of persons referred to in section 11(1); and
    1. doing everything that is necessary or desirable to protect the security and integrity of communications and information infrastructures of importance to the Government of New Zealand, including identifying and responding to threats or potential threats to those communications and information infrastructures.

      1. Subsection (1)(a) is not limited by subsection (1)(b).

      2. An activity described in subsection (1)(a) may be carried out by the Government Communications Security Bureau—

      3. without an authorisation if—
        1. the activity is a lawful activity; or
          1. the activity would otherwise be an unlawful activity but is a lawful activity because it is carried out with the lawful consent of the public authority, person, or class of persons; or
          2. with an authorisation if that activity is—
            1. not otherwise a lawful activity; and
              1. not carried out with the consent of the public authority, person, or class of persons.

              2. An activity described in subsection (1)(b) may be carried out by the Government Communications Security Bureau—

              3. without an authorisation if that activity is lawful; or
                1. with an authorisation if that activity is otherwise unlawful.

                  1. Any information obtained by the Government Communications Security Bureau in carrying out information assurance and cybersecurity activities under section 11 without an authorisation may only be used for—

                  2. performing its function under section 11:
                    1. producing reports related to threats to, or interference with, communications or information infrastructures of importance to the Government of New Zealand and providing those reports to any person or class of persons (whether in New Zealand or overseas) authorised by the Minister for the purpose of this subsection to receive them.

                      1. Despite subsection (5), any information obtained by the Government Communications Security Bureau in carrying out information assurance and cybersecurity activities under section 11 may—

                      2. be used for any other purpose authorised by an authorisation under Part 4:
                        1. if publicly available, be used for any other purpose relevant to its functions.

                          1. Before authorising, under subsection (5)(b), any overseas person or class of persons to receive any report or class of reports, the Minister must be satisfied that, in providing the report, the intelligence and security agency will be acting in accordance with New Zealand law and all human rights obligations recognised by New Zealand law.

                          2. In this section, Minister means the Minister responsible for the Government Communications Security Bureau.