The new Social Investment agency, which sits under minister Amy Adams, will take the lead on developing a working group Working Group with Statistics New Zealand and NGOs to agree on an approach to ethically increasing the availability of data.

The Government has backed away from moves to have organisations hand over the identifiable data of thousands of vulnerable clients, until a new computer system has been developed.

And responsibility for handling that data has been stripped from the Ministry of Social Development and handed to the new Social Investment Agency, established earlier this year.

It follows a near privacy breach which saw the deputy chief executive of the Ministry of Social Development fall on his sword and resign last week.

CHRIS SKELTON/FAIRFAX NZ Social Development Anne Tolley has had to put plans on hold, to require personalised data from vulnerable clients, due to a series of ministry blunders.

An independent review found that in trying to fix an initial scare, the Ministry of Social Development revoked its own access to the IT system and its reinstatement resulted in even wider access being granted to prohibited parties.

READ MORE:

* Poor MSD approach to privacy

* Data-sharing blunder by ministry

* Data collection drive a political dead horse

* Privacy Commissioner slams MSD

* MSD says IT system not up to standard

The ministry began the process of establishing an interim database last year, to hold vulnerable clients data - right down to an identifiable level - in response to a new Government policy requiring NGOs hand it over to remain eligible for Government funding.

The move garnered widespread opposition, from MPs, the Privacy Commissioner, NGOs, academics and unions alike - for fear it would result in some clients walking away from receiving help.

On Wednesday, Social Development Minister Anne Tolley and Justice Minister Amy Adams said the Government would be advising social service providers that their new contracts would no longer require the collection of individual client level data until a new data protection and use policy is in place.

"Our Social Investment approach is about intervening earlier to help change lives for the better. We want to be working alongside providers on ways data sources can help ensure our most vulnerable New Zealanders are getting access to the services that they need," Adams said.

Tolley said it made sense for the new agency to handle the work around the data collection.

The Ministry would continue working with providers and building a new IT system. She predicted it would have lost about six months in terms of the rollout of the policy.

"The Social Investment Agency will lead a Working Group with Statistics New Zealand and NGOs to agree on an approach to increasing the availability of data in a way that is scalable, and builds and maintains trust and confidence."

"It makes sense for the Social Investment Agency to lead this work as the data we need to collect and analyse will be used by the wider social sector," Tolley said.

"An advisory group will provide oversight and lead the work to identify, evaluate and recommend a robust approach. It will bring together a number of agencies, as well as the Government Chief Information Officer, the Office of the Privacy Commissioner, and independent data consultants.

"The Ministry for Vulnerable Children, Oranga Tamariki will be writing to providers to advise them their 1 July 2017 contracts will not require the collection of data until the approach has been agreed and suitable IT systems are available," she said.

"We then intend to write to providers to agree a contract variation by the end of the current financial year."

Late last year, the ministry was forced to shut down an information-sharing portal after a privacy flaw allowed officials from one non-government organisation (NGO) which had a contract with the ministry, to view a folder that could have contained client data supplied by another.

Minister Anne Tolley called for an immediate review into the blunder, and the building of a new IT system to cope with the highly sensitive data that it would hold.

Headed by former Deloitte consultant Murray Jack, the review found the ministry's initial response to the incident was appropriate, but it had a poor approach to the protection of privacy, as it tried to get the system online in a limited timeframe.

Specific shortcomings included insufficient analysis of security requirements, little consideration given to the impacts of a privacy breach and a Privacy Impact Assessment was "not comprehensive and carried out too late" in the process.