The purpose of the Registry is to give Police and Te Tari Pūreke a complete record of all lawfully held arms items in New Zealand.

By doing the right thing and registering, licence holders are helping to build a ‘digital picture’ of the number and locations of firearms around the country. This greater transparency will help us:

• stop the diversion of firearms to organised criminal groups
• make frontline Police staff safer
• give licence holders more confidence when buying and selling arms items.

Police have growing evidence of a small number of licence holders diverting firearms to criminals. Alongside other Police initiatives that target organised criminal groups and gangs, the Registry helps disrupt this activity – by making it harder for firearms to be supplied to people without a licence and allowing us to track firearms as they are bought and sold. As a result, firearms are less likely to end up on the black market, and criminals will find it increasingly difficult to access them.

The Registry will also allow frontline Police to be better prepared when they attend incidents. It will tell them if firearms are likely to be in the location they’re visiting, so they can plan to keep themselves and others safe.

When you buy or sell a firearm, you will know if you are dealing with a current licence holder and if the item has been reported stolen. We are committed to working with you to support the safe and responsible use of firearms in New Zealand.

It has cost $10.4 million to establish the Firearms Registry. We estimate it will cost $8.5 million per annum to continue operating.

We recognise that how we manage and protect personal information is important for maintaining your trust and confidence in us.

Our technology and processes

We have been purposeful in making decisions on how licence holders are able to register their firearms and other arms items. We know it’s significantly more complex to keep paper forms and documents private and secure, so you will not be able to register using a paper form.

Any personal information you provide for the Registry will be held and managed in accordance with the Privacy Act.

The Arms Information System, which supports MyFirearms and the Firearms Registry, has been classified at RESTRICTED under the Protective Security Requirements (PSR). The PSR outlines the Government's expectations for managing staff, physical and information security.

This RESTRICTED classification recognises the potential national security impacts of an unauthorised release of the information held in the Registry. It therefore requires strong protections to safeguard the information from unauthorised access.

This level of classification means we have implemented a range of security controls to help protect the confidentiality and integrity of the information held in the Registry and ensure we can maintain its availability. These are similar controls to what you would see at your bank, and includes things like:

• strong data encryption of all information stored in the Registry
• robust authentication, including two-factor verification
• limits on what data can be accessed by staff in different roles, and what can be accessed via MyFirearms
• maintaining records of what actions are taken in the system, both by Police staff and users of MyFirearms, and processes to review these records for suspicious or unusual activity.

The Arms Information System has been through multiple security assessments by Government approved independent security consultants – the same security professionals regularly conduct these assessments across New Zealand businesses, including banks, telecommunication providers, government departments and insurance companies.

In accordance with the Government’s ‘Cloud First’ policy, we have chosen to use a cloud-hosted service over a traditional ICT system. AIS is hosted by Amazon Web Services in Australia, in the Asia Pacific (Sydney) Region. Its data security and privacy requirements have been assessed against government standards for the use of cloud-hosted services.

Our people

The only people who have access to the Registry are staff who need it to do their jobs. This will include Police and Te Tari Pūreke staff and authorised suppliers.

All our staff with access to the Arms Information System undertake privacy and security training and are bound by employment conditions and/or contractual agreements related to confidentiality. This access is audited and subject to the same professional conduct standards that apply to other Police systems. Audits included both planned activity and randomised checks.

Strict protocols are in place regarding access to the Police network and Police IT systems, and the Registry is no different. All Police staff with access to the Arms Information System must pass Police vetting processes and can only access it using a Police device while on the Police network.