Following the September 2012 discovery of unlawful intercept, GCSB Director Ian Fletcher and Chief Executive of the Department of the Prime Minister and Cabinet Andrew Kibblewhite initiated a review of compliance at GCSB. Then Cabinet Secretary Rebecca Kitteridge was seconded to the GCSB as Associate Director to undertake the review, which took into account the GCSB’s activities, systems and processes since 1 April 2003 (the date the Government Communications Security Bureau Act 2003 came into force).

Ms Kitteridge reported her findings to the Government in March 2013, and the report was made public on 9 April 2013. The report made 80 recommendations, 76 of which the GCSB was directly responsible for implementing. The recommendations fell into seven broad areas:

  • compliance (29 recommendations)
  • oversight (7 recommendations)
  • information management (9 recommendations)
  • legal capability and capacity (9 recommendations)
  • measurement and reporting (4 recommendations)
  • organisation structure and culture (20 recommendations)
  • outreach capability and capacity (2 recommendations).

The Government and GCSB accepted the Review and its recommendations. This has led to a significant internal change programme at GCSB to strengthen legal and procedural compliance. The GCSB Director has committed to publicly reporting on progress made in implementing the recommendations. These reports can be found under publications.