An urgent review of the New Zealand Police’s computer systems and digital security protocols has been prompted by recent events within the force.
The independent review was triggered following the resignation of Deputy Police Commissioner Jevin McSkimming amid allegations involving inappropriate material on his work computer. The urgency of this inquiry highlighted significant concerns about the robustness of police controls over technology use, especially considering that regular audits of police device internet usage had been halted four years ago to save resources, since then the system only checked web searches if an issue had already been flagged.
The review’s findings are a wake-up call: current controls are not strong enough. Key recommendations include the reinstatement of audits on police computers, better oversight over standalone police-owned devices, advanced filtering to block unauthorized websites, and stricter management and monitoring of all police IT assets.
Tech commentator Paul Spain emphasises the absolute necessity of regular auditing and modern oversight. Drawing on previous incidents of breaches, Spain stresses, “The auditing is really, really important and especially for police where, we have seen breaches in the past.” He notes that simply relying on reactive measures—such as only reviewing logs if an issue arises—does not provide sufficient protection for an organization as sensitive and significant as the police.
Spain also highlights the challenges associated with “shadow IT”—where employees use unsanctioned technology to perform their work. This practice, he explains, can bypass official controls and introduces significant risk. The existence of outdated technology, or “technical debt,” is another critical topic raised by Spain. He asserts that New Zealand police need ongoing investment from the government to keep their systems up to date and secure, cautioning, “We can’t just sit back and hope for the best when it comes to technology and cybersecurity.”
While covert and specialised policing operations may require distinct technological setups, all must be under vigilant, specialized scrutiny to maintain public trust. Robust technology governance in policing is not optional but imperative for safeguarding both data and public confidence.
15 July 2025