What if New Zealand’s national security was discussed in a group chat? 

News & Stories 29th May 2025
ai
Opinion Piece: Rose Hiha-Agnew, Chief Executive, Community Governance Aotearoa

Earlier this year, a U.S. journalist was mistakenly added to a Signal group chat where senior national security officials, this included Vice President JD Vance and a CIA Director who were discussing an impending military strike. The breach, which included details about targets and weapons, was not what you want to see in the headlines.

While I know it’s a bit of a stretch to compare chatting about warfare intelligence directly to our own board roles (this level of risk is highly unlikely to be an urgent meeting anytime soon), I’m using this as an example: breaches in data governance and digital information use can happen to anyone (but really shouldn’t).

This also got me thinking, would our NZ Ministers chat away on unprotected communication systems, or add in their friends??! Well, I’m sure all of us could think of a few…

The tools we use matter. How we govern matters more.

AI is here – governance needs to catch up

In my first article on AI tools and applications, I raised the importance of caution. We need to think carefully about how we implement these tools into our systems (or better understand what we are currently using as well). Are Slack, WhatsApp, or Google Docs secure? Do we know what tools our staff and board members are using? These platforms might not be as safe as we assume.

If we want to improve governance and management efficiency such as using AI to write applications, summarise board minutes, or manage personal information for the work we do, we need to put policies and guidelines in place. How we use AI comes with risk: bias, misinformation, data breaches, and reputational harm. These are not IT issues. They are governance issues.

Good governance means good data stewardship

I remember when every board had to get up to speed with PCBU changes under the Health and Safety at Work Act 2015 (HSWA) and it was on every board agenda. Data governance should be our next big agenda item.

We must understand our responsibilities around:

  • Policies
  • Data permissions
  • Storage and access
  • Information management

Start with practical scenarios, and take the time to understand what your organisation does and how it interacts with people and places. This helps map where information flows and how it’s used, which will help with conversations at the board table.

We know our kaupapa best. Let’s make sure we protect the private, personal, and public information entrusted to us.

What is data governance?

Data is all the information we share, use, and that tells our story. Boards should ask:

  • Who owns the data?
  • Who can access it?
  • How is it protected?

If your data is unprotected (think passwords, cyber protection) or misused, your organisation is at risk, legally and reputationally. Remember, we don’t want to be in tomorrow’s headlines.

Digital governance is not just IT

Digital governance ensures your organisation’s use of digital tools aligns with its values, mission, and legal obligations. It’s about leadership, not just systems.

Boards should ask:

  • What AI tools are we using?
  • Who approves them?
  • What risks are we managing?

This includes everything from AI platforms to messaging apps like WhatsApp and Slack. If you’re discussing sensitive issues on these platforms, remember the Signal breach (thinking worst case scenario is often a handy tool) to help identify where you are most at risk.

Data sovereignty – Te Tiriti

Data sovereignty – Te Tiriti means a consideration for ensuring data about Māori communities and people is governed in line with Te Tiriti o Waitangi.

Boards may consider:

  • Do you have permission to gather personal information?
  • Is this data being used to train AI models without consent?
  • Are Māori data governance principles embedded and sustained?

As governors, we must lead with thoughtful, principled leadership that reflects our services, delivery, and responsibilities.

In my first article, I shared accessible AI tools and cautioned against casual use. In this follow-up, I encourage you to put AI, data governance, digital governance, and data sovereignty on your board agenda.

Some resources – stay connected

Board Talks: Sign up for our upcoming talk on Digital Governance and Data Sovereignty 

Access more content at Community Governance Aotearoa

We're here to support the growth of grassroots community organisations in Aotearoa.
Get in touch
Good Governance Code Resource Hub Talks & Events Join a board
Board resources
Workshops
About us
He puna mātauranga,
Kia ora ai te tangata.
A source of knowledge to enlighten the people.
  • Made by Scratch
Privacy Policy
Made by
Scratch
Ask a question

Have a question or enquiry? Fill out the form below and a member of the team will be in touch to help.

"*" indicates required fields

Name*
Email opt-in
Register your interest

Please share some background below about your board, the organisation it serves, and why you believe your board could benefit from the service.

"*" indicates required fields

Your Details

Name*
Email opt-in
Stay in the know
Sign up for news & updates via email
the governance mentoring programme hero

Enter your details below to keep up to date with the latest news and updates from Community Governance.

"*" indicates required fields

Name*
Which topics are you interested in?
Select all that apply.
Gated Content
Good Governance Code
Ask us a question
Enter your details below and we'll be in touch to assist as soon as possible.