A couple fear a privacy breach at Immigration New Zealand show safeguards on personal information are not adequate.
Immigration staff breached privacy 170 times in the last year and on 1232 occasions in the last four years.
Leanne Healey, whose partner is applying for a visa, said he received an email meant for someone from South Korea.
"We got so excited because we were expecting it was going to be months before we heard anything," she said. "But Immigration had emailed the wrong person and they were addressing it to some other applicant who had applied on the same day."
Immigrants entrusted their life history, finances and health details to Immigration New Zealand, she said.
"It frustrated me more than anything, they have such a rigorous process for applicants and then it seems so easy for them to slip up and drop the ball," she added.
"Any lapse in privacy with an agency that has so much personal information is really bad. We open up our whole lives to them, they have everything - bank statements, email histories, photographs, addresses, everything.
"That they could make any slip-up at all is really concerning."
The breach also revealed how quickly other files were handled, said Healey - the person whose email they received was contacted within three weeks of applying for the same visa type.
Her Colombian fiancé heard from immigration about his case only seven months later.
"The fact that we had not heard a peep about my partner's application, while someone else who made their application on exactly the same day as us was assigned to an immigration officer and under review within 18 business days is maddening, especially when every immigration employee I have spoken to insists that applications are put in a queue system and assigned according to the application date.
"It's blatant dishonesty on their part. I believe their error in emailing my partner instead of the correct person is telling - that the immigration officer was most likely accessing both applications at the same time when they made the mistake. It seems that there was a clear choice by the officer to start working on one application and leave the other by the wayside.
"I don't want to be too cynical but honestly, it really does feel like a big part of it is just the nationality of the applicants. I know that Colombia definitely doesn't have the same migration relationship that South Korea does with New Zealand. Our applications were submitted on the same day, our application is really comprehensive.
"For Colombians, it's a lot harder for them to come to New Zealand so maybe it was put in the too-hard basket."
In a statement, Immigration New Zealand apologised, saying the number of breaches were in the context of processing more than a million visas in the 2018/19 year.
"Reporting privacy breaches to the Privacy Commissioner (OPC) is not currently mandatory, but from December 1 2020, privacy breaches that reach a certain threshold of harm have to be reported to the OPC," said a spokeswoman. "MBIE is developing guidelines for the changes that come into effect with the new Privacy Act 2020 using guidance provided by the OPC.
"In regard to the person whose privacy was breached, we sincerely apologise. We take steps to fix any privacy breach that occurs and we are continually reviewing our processes and systems to ensure they are as robust as possible.
"In regard to the difference in processing times: INZ generally allocates applications in date order but does have the discretion to allocate in any order. There are many factors that may influence how quickly an application may be decided.
"Residence applications take longer to process as there is more at stake and there is greater scrutiny of each application, which means there is a flow-on effect and the allocation of new applications to an immigration officer can take longer."