Umair Iftikhar was caught up in the INZ breach. Photo / Getty Images
Umair Iftikhar was caught up in the INZ breach. Photo / Getty Images
An Immigration NZ privacy breach - which has been blamed on "human error" - has seen an Auckland man receive the private visa details of an Irish national.
Umair Iftikhar was caught up in the breach while helping his Chinese mother-in-law apply for a visitor visa.
On February 15, an eVisa letter addressed to an Irish national was couriered to Iftikhar's home in Ellerslie, along with original visa documents used in his mother-in-law Aili Wang's application.
This eVisa letter was an update of the Irishman's permanent residency visa, and a print-out of it was necessary for him to re-enter New Zealand.
The letter contained the man's name, DOB, nationality, passport number, start date of his new visa, and client and application numbers for his visa application.
Immigration NZ (INZ) manager Michael Carley said the privacy breach had occurred due to "human error", adding the department had been "in contact with both the applicant and recipient of the incorrect eVisa letter and apologised for the error".
"With more than one million visa decisions made in the last 12 months, sometimes mistakes are made," Carley said.
"While any mistake is regrettable, INZ is an organisation that believes in owning and fixing mistakes when they happen and ensuring we put things right."
A spokesperson for the NZ Privacy Commission said "as far as we're aware" this INZ privacy breach had not been notified to them. But the nature of the complaint did not breach the "threshold of seriousness" that a Government department would be expected to self-report to the commission.
Umair Iftikhar, with the incorrect residency forms sent to him from Imigration New Zealand. Photo / Getty Images
"Sending information to the wrong recipient, physically or electronically, has consistently been the leading cause of data breaches reported to us over the last few years," the spokesperson said.
"In the year ending June 30 2018 alone, it caused 73 of the 168 data breaches reported to us.
"It is easy to misspell an address on an envelope or attach the wrong document to an email. That's why agencies must have systems in place that catch and correct these mistakes before the information is sent."
The breach was only the beginning of frustrated dealings with immigration for Iftikhar.
When he first alerted the Herald to the breach on March 2, Iftikhar said he had been consistently trying to get in touch with Immigration NZ for 10 days, but had been repeatedly placed on hold.
Between February 5 and March 4, Iftikhar has phone records for at least 11 calls he made to the Immigration NZ help-line, spending around 10-hours on hold in total.
"Every time the phone line wait is more than one hour, or if I request a call back, I will get an automated blank call back and there is no one answering on other side," the 34-year-old property consultant said.
"I don't know how it works honestly, they call you back, when you say hello, and there is this answering machine, you are back in the queue or something.
"I was worried about two things: does my mother-in-law have the visa or not, is she still legal in the country? Secondly, I had a document for someone else, that was obviously a breach of privacy, and I don't know who I talk to. Big time [they have to improve].
"Finally, I got hold of NZ immigration today [March 2] after three failed attempts. When I told them they have sent me the wrong document they said their Chinese translation centre was closed I have to call them again."
Iftikhar said he was trying to "make things right" after the breach, saying it had left him "very stressed".
On Tuesday, following the Weekend Herald contacting INZ over Iftikhar's case, the correct eVisa letter for his mother-in-law was emailed through - three weeks after Iftikhar had first contacted INZ.
Immigration Minister Iain Lees-Galloway reiterated to the Weekend Herald the "huge amount of information" INZ has to process as context for the privacy breach adding " human error will happen from time to time".
"I have high expectations of Immigration New Zealand when providing services to the public and protecting people's privacy. Even one privacy breach is not good enough," Lees-Galloway said.
