Privacy Commissioner John Edwards has come out against the government's plan to require community groups to hand over clients' private details if they want state funding.
The policy will kick in from July for most community agencies seeking state funding.
The new arrangement has already come into effect for budgeting advisors. Sexual violence groups have been given a year's reprieve after they argued it could scare off people from coming forward.
Mr Edwards launched an inquiry into the policy in January and released his findings today, warning the plan was "excessive [and] disproportionate to government's legitimate need," making it "inconsistent with the principles of the Privacy Act".
Mr Edwards said the policy meant those most in need could be deterred from seeking help because of fear their details would not stay private.
People might also provide incorrect information or stay away from seeking help at all, which would hurt people and result in "skewed or incomplete" data being collected, he said.
The report also criticised the Ministry for Social Development, saying it had executed the policy "prematurely" without considering privacy risks.
"Nor has it taken sufficient time to understand the full range of concerns of those affected," the report said.
Mr Edwards recommended Statistics New Zealand take responsibility for collection and analysis of the data. He also suggested allowing clients to provide anonymised information or in some cases to opt out altogether.
That would reduce the "perverse incentive" for people to provide false information and would ensure the data was "more accurate and useful," he said.
Labour MP Carmel Sepuloni said the report proved the government had been irresponsible and negligent.
"It's been really ad hoc ... they have forced it onto social services despite protest ... and now we're told that this would deter people from actually accessing the support."
The government needed to take the report seriously, she said.
"We've seen in the past where the government have ignored the privacy commissioner's recommendation. They can't do that in this instance because there will be long-term costs to us as a country.
Green Party spokesperson Jan Logie said the commissioner's findings showed the sector was right to be worried.
"It's been an absolute disaster. This raised red flags immediately for everyone working in the industry ... and the government refused to listen to them."
It was the second major blow to the project in as many days after the government revealed yesterday it had shut down an IT system linked to the policy because of a data breach.
Social Development Minister Anne Tolley said the current system for collecting clients' data was not up to scratch.
"A provider was able to get access to another provider's folder. Fortunately there was nothing in it. We've shut the whole thing down."
She has asked officials to develop and test an entirely new system.
"If I can't guarantee [that people's privacy is protected] then we'll have to put things on hold and do it differently. We've got to get it right."
"What we are saying to the providers is that we are not going to ask them to upload any information until I can guarantee to them that that system is secure" - Anne Tolley
But Ms Sepuloni said the breach was a prime example of why the policy needed to be scrapped altogether.
"Actually, the report points out that one of the considerations has to be the security of how information is held.
"It's interesting that the report comes out today and just yesterday we see a pretty serious breach of confidentiality."