A draft of the review was supposed to have been given to the Government by November 27 last year.
State Services Commissioner Iain Rennie confirmed the report was completed late last year but departments had been working on their response since then.
The issue of public trust in Government agencies' ability to handle private information appropriately was an increasingly important one Mr Rennie said.
The public was no much more aware of the issue and much less tolerant of misuse of their information.
"We need to raise our game considerably around how we handle people's information."
Mr McDonald said there "will always be a level of risk in this area that must be managed".
He said the review's key findings were that the management of privacy and information security "is not always meeting best practice and needs to improve".
There was currently too much reliance on work done by IT staff and contractors and not sufficient oversight by senior managers.
The weak point at the Department of Corrections involved inmates at Mt Eden Corrections Facility being able to access "a limited number of external websites through a prisoner kiosk".
Mr McDonald said he did not have any information to hand about websites accessed by prisoners.
The agencies where weak points were identified were:
- Careers NZ
- Ministry for Culture and Heritage
- Department of Corrections
- Ministry of Education
- EQC
- Commission for Financial Literacy and Retirement Income
- Ministry of Justice
- Maritime NZ
- MidCentral DHB
- Trade and Enterprise
- Ministry of Social Development
- Tertiary Education Commission
