Oranga Tamariki (OT) says it always intended to publish a punishing review that found grievous privacy breaches which caused people physical harm.
The review was commissioned in 2023 at the Privacy Commissioner's insistence, and was completed in April 2024.
RNZ requested it in November, but it was released only last week.
The independent review detailed nine instances of breaches putting children and their families in harm's way, calling these "snapshots" of the current situation.
It found multiple and serious bad practices at the agency.
"People at the front line are very confused," it said.
"They get messages around [law] section 66C which wants to encourage broader sharing of information so that we make sure that we keep people safe, and then the messages from privacy border on fire and brimstone about the breaches.
"They don't know what to do."
Oranga Tamariki chief privacy officer Phil Grady told RNZ on Tuesday: "It was always our intention to publish the review.
"However, a number of factors, including the organisational restructure in 2024, resulted in a delay of the review's publication.
"It was important to us that upon release of the report we were also in a position to give the public confidence that we have systems in place already, to address the report's findings."
But the privacy commissioner said on Monday the agency had a "considerable amount of work" to do to improve its privacy practices, and these went beyond the reach of its new privacy improvement plan.
Grady took the privacy job after the role was elevated into the top leadership ranks, although he had held no previous privacy role at OT.
He has "extensive experience and understanding of the importance of privacy functions", according to his own statement.
This role upgrade was among several improvements already completed or "significantly progressed".
RNZ is seeking a rundown of what has been done about each of the report's recommendations.
The ministry is also upgrading its case management system to deliver better restrictions on data, auditing and tracking, Grady said.
The review found its existing system had the capability to impose layers of control to limit the range of personal data staff could see, but the agency had not activated it.
