Direct access agreement

The Minister Responsible for the New Zealand Security Intelligence Service (NZSIS) and Minister of Immigration have completed their review of the Direct Access Agreement (DAA) concerning direct access by NZSIS to Advance Passenger Processing (APP) and Electronic Travel Authority (ETA) databases administered by Immigration New Zealand (INZ), a part of the Ministry of Business, Innovation & Employment (MBIE). The Intelligence and Security Act 2017 requires DAAs to be reviewed every 3 years. The revised DAA replaces the previous DAA concluded in October 2022.

The review determined that the direct access provided for under the DAA is of significant value to NZSIS and MBIE, allowing both agencies to fulfil their mandate, promote efficiencies and security at the border, while maintaining appropriate privacy safeguards for the public.

The major changes from the 2022 DAA are:

• The Privacy Impact Assessment (PIA) for access to the APP and ETA databases have been combined into one PIA covering both databases;
• The definition of persons undertaking duties under the DAA has been amended to account for Government Communications Security Bureau (GCSB) employees who conduct work for NZSIS as part of a shared service for both agencies;
• A change in the data retention period from 10 years to 25 years following a review into the appropriateness of the retention period that was signalled in the 2022 DAA. APP data currently held that has not reached the 10-year retention period will have the 25-year retention period applied to it. This change was made in response to changes in the data environment and the nature of threats posed to New Zealand’s security. The long-term nature of some of these threats are touched on in:
  New Zealand's Security Threat Environment 2025 [PDF 4.3MB](external link) — New Zealand Security Intelligence Service.

The 2025 DAA and unclassified PIA are available: