Address by Assistant Commissioner, Policy, to ARANZ during Privacy Awareness Week 2008

Thu, 04 Sep 2008 09:34:34 +1200

Interrelationship between the Public Records Act & Privacy Act:

A Clash Between Good Information Practices and Fair Information Practices? Accountability for government, accountability to individuals

Blair Stewart(1)
Office of the Privacy Commissioner

1. Introduction

This week the Privacy Commissioner released the results of the 2008 UMR privacy survey on Individual Privacy and Personal Information(2). Particularly noteworthy, 62 percent expressed concern about ‘Government departments sharing personal information’, up from the 2006 survey in which 37 percent of respondents expressed concern about ‘data sharing between Government departments’.

In light of these results, the responsibility lies with government agencies to put practices in place that allow personal information to be appropriately safeguarded, and let individuals feel confident about government information handling practices.

Central to the issues are government accountability and citizen trust.

New Zealand has three major pieces of information legislation: the Privacy Act, the Official Information Act and the Public Records Act. This paper examines the aims of the Privacy Act and the Public Records Act and some interesting intersections.

The theme for this conference is ‘Archives - collaborating towards a networked future’ and it is clear that there is a considerable scope for ‘collaboration’ between those involved in records management and privacy protection on many issues relating to recordkeeping. This includes Archives New Zealand and the Office of the Privacy Commissioner but also many others, such as records officers and researches, as we all have a part to play. We all need to recognise the rights to privacy as well as the national interest in archival records.

2. Public Records Act 2005

The Public Records Act came into force in 2005 and brought about something of a ‘sea change’ to the recordkeeping framework of New Zealand. It replaces the Archives Act of 1957 and provides a purpose driven approach to:

 promote accountability between the Crown, the public, and Government agencies
 enhance public confidence in the integrity of public records
 enhance and promote New Zealand’s historical and cultural heritage.

The key institutions under the PRA are Archives New Zealand (‘Archives’). The Chief Executive, known as the Chief Archivist has wide ranging functions. The Archives Council has a specific statutory role in advising the Minister.

3. Privacy Act 1993

The Privacy Act was enacted in 1993 to provide a framework for the protection of personal information. It does this through the establishment of twelve information privacy principles which govern the life cycle of personal information – from collection, security, access, through to disclosure, storage and retention. They also confer rights of access and correction. These are sometimes referred to as ‘fair information practices’ and are based upon international standards.

The Privacy Act provides for the Privacy Commissioner who is an independent Crown Entity and has specific functions under the Act. These include examining proposed legislation and a complaints function as well as more general privacy ‘watchdog’ functions such as speaking out on matters affecting privacy and making inquires where it appears that individual privacy may be affected.

4. Notable intersections

Both Acts are written to be flexible, principled legislation. They obviously intersect on many levels, as far as personal information is involved in the public records at issue, and provide some interesting points of contrast, as well as some often unexpected similarities.

Unlike the Archives Act, the PRA was written in light of the Official Information Act and the Privacy Act which have been instrumental in bringing about more a culture of more openness and access to both government information and personal information.

At a fundamental level both Acts are about good information management practices. Two major areas of intersection between the Acts include retention and access. The PRA refers to access and also ‘appraisal’, of which retention is just one part.

5. Scope

A public record is described by the PRA as a record, in any form, created or received by a public office in the conduct of its affairs. Such a record may contain personal information, which is defined by the Privacy Act as information about an identifiable individual.

Clearly the PRA may require records containing personal information to be kept – perhaps by agencies themselves or permanently by Archives.

The PRA brought additional classes of document under the rubric of ‘public records’ and thus under the Act compared with the Archives Act. School records are a prime example. A number of full or partial exemptions under the 1957 Act were eliminated from the PRA.

Storage of large amounts of data for long periods suggests the need for vigilance around security of the documents. Breaches may occur in the transfer process or through agency error. This office has recently responded to growing nationwide and international awareness of the consequences of large privacy breaches through the issue of Privacy Breach Guidelines(3). The potential effects of such breaches can be seen in the recent concern over the loss of Corrections records in New Zealand and also the (much larger) breach in the UK involving tax information.

Appraisal

While the Privacy Act becomes relevant from the first interaction between agencies and individuals, the Public Records Act - aside from record creation obligations – does not substantially come into consideration until later in the information life cycle. The Privacy Act obligations are front and centre in the direct information dealings with a citizen during a transaction. The PRA requirements are sitting in the background.

Appraisal is the first stage in the management of public records under the PRA which goes beyond normal business practices which can include creating and maintaining records. The PRA presents a pragmatic approach to appraisal but part of that is a consideration of privacy. A holistic approach to the records management process is encouraged which is considerate of privacy concerns at every stage.

Although the Appraisal Standard is still under development by Archives, it is easy to see how privacy may be part of the decisions made at this point. The sensitivity of the personal information involved is a consideration that can be weighed as part of the appraisal process – with perhaps a more detailed consideration at the access stage in applying conditions for restricted access. Ideally appraisal should take place with an eye to the future over access. The individuals expectations during their dealings with government when documents are crated may be relevant.

General Disposal Authorities

Individual patient records are a good example of records that contain highly sensitive personal information. The Public Records Act has clarified the position of the District Health Boards and the Act covers all health records (patient records and other). The way this tension between privacy and archival retention is managed is through the District Health Board General Disposal Authority which identifies which records District Health Board’s can destroy and which need to be transferred to Archives. It is estimated by Archives that under the General Disposal Authority, 10 percent of records are required to be kept as archives, with the other 90 percent able to be destroyed because they are recognised as having no long term value. The General Disposal Authority also outlines how long this 90 percent must be kept before they can be destroyed.

6. Retention

The information contained in public records is a mix of information given voluntarily and that required by the state. When the state seeks or demands information from individuals there is a corresponding duty to protect it. If an individual has been a client of a government agency, they would expect that their personal information collected for that purpose would be retained for as long as it is needed to achieve that purpose. Typically, their reasonable expectation would be that once the information was no longer needed by the agency it would be destroyed.

That is reflected in information privacy principle 9 that requires an agency not to keep information for longer than is required for the purposes for which the information may lawfully be used.

However, the PRA generally prohibits any person from disposing of public records without the authority of the Chief Archivist. This does not apply where the disposal of the record is required under another Act. The requirement under the PRA not to destroy records (without approval) is given effect to under the Privacy Act which provides that of other enactments will prevail over the privacy principles.

One of the cornerstones of the Privacy Act, and good information management generally, is that individuals should understand what happens to their personal information and who gets hold of it. Information Privacy Principle 3 requires that individuals are made aware of the purpose for which their information is collected and the intended recipients. This provides practical challenges for agencies to make people aware of ‘back office’ administrative practices and how to know at the stage of collection whether something will be archived under the PRA. Sometimes the transfer to Archives will be envisaged at the stage of collection but sometimes not. There is scope for agencies to become more transparent in their practices in this context.

One point to note is that, although there is a healthy tension between the Acts on the question of retention, the philosophies underlying each are not too different. There are the competing interests in not retaining personal information for longer than the purpose of collection balanced against the risk of losing the historical value of some documents. Neither of these interests are unqualified.

Census Returns

As well as information which deals with personal information on an individual basis there are also records which are so highly personal in the information they demand special privacy safeguards to be considered. One such group of records is census information.

The national census has been carried out at regular 5 year intervals since the Census Act of 1877 – with some irregularity for reasons such as war. The history of census returns and casts an interesting light over the current situation. The 1957 Archives Act did not apply to census returns and until 1966 they were routinely destroyed. Destruction is of course a guarantee of absolute confidentiality, consistent with the promise of census secrecy. Destruction guarantees that promises are not subject to the whims of governmental changes in policy or officials.

Census information is given to the state for the purpose of compiling statistics, not for anything else. Once those statistics are compiled the returns have served their purpose. Complete and accurate information depends on the goodwill of the people and their trust in the processes to protect their personal information. Destruction of the census return forms is one way to ensure the public’s trust.

In a change in practice, the 1966 census returns were not destroyed – without the knowledge of the subjects – and are currently held for archiving purposes, along with the 1976 returns.

In 2001 Census respondents were asked whether they would agree to the information they supplied on their census forms being archived for 100 years, after which, anyone who wanted to see it would be able to do so. Forty percent of respondents refused permission for their forms to be archived. These forms were destroyed. This might be seen as a lack of trust in government – both current and future. Considering the minimal state interest in retaining identifiable census returns and the large number who did not want their records maintained, it is interesting that this was not taken as a strong signal by the Parliament against the mandatory retention of all returns.

By the 2006 census the Public Records Act was in force. Census returns are the only public records that disposal is provided for specifically in the Public Records Act rather than having to go through the processes laid out in that Act. The Act requires that census returns are to be kept by the Government Statistician for 100 years and after that time are transferred to Archives. What will happen after those 100 years is not immediately clear. Under the Statistics Act, after the 100 years, the Government Statistician may authorise the disclosure of individual returns, after having regard to the advice of the Chief Archivist.

7. Access

Access is an area where the two Acts must work together. At its simplest, there is a requirement under the Privacy Act that an individual has a right to seek access to the personal information that an agency holds about them. In addition, the Privacy Act prohibits disclosure of personal information except to anyone other than the subject of the information outside specific exceptions contained in the Act. These exceptions are found in information privacy principle 11 and cover situations such as maintaining the law, public health and safety, and statistical use.

In contrast, the PRA deals with access through the classification of records as open access or restricted access. The PRA also makes use of access law existing it he Privacy Act and official Information Act.

Individual’s access to their own records

While public records containing personal information are held by the agency that created them, individuals have rights of access to them under the Privacy Act. Once these records are transferred to Archives an individual’s rights under the Privacy Act continue to apply. There is no direct conflict between the Acts on this point.

Allowing an individual access to records kept about them by government is one of many ways of ensuring the accountability of government. This accountability is preserved in both pieces of legislation. It may perhaps be said that the Privacy Act promotes accountability directly to the individual concerned, the citizen to whom the information relates, whereas the PRA is seeking to promote an accountability to the community at large. In this particularly context, the philosophical differences in approach are immaterial.

Individual’s access to public records containing personal information of others

While the records are still held by the agency that created them, access remains covered by the Privacy Act and the Official Information Act. A person’s access to records containing personal information of other people is therefore governed by those Acts. However when the records are transferred to Archives, typically at 25 years or earlier, access depends on the classification of the records – and if the records are restricted, which specific restrictions apply. The classification and any restrictions are determined by the administrative head of the agency. This is done in consultation with the Chief Archivist and privacy is an obvious consideration in this process.

Information transferred to Archives is done so on the grounds of public interest in the retention of public records. However, some records will naturally have a fairly minor public interest aspect and a significant amount of personal information involved that needs protection.

Under the PRA the access provisions start from the position that government information should be made available to the public unless there is good reason to withhold it. The mechanism to protect the privacy of personal information contained in public records is through the restricted access classification which can be applied when the records have reached 25 years of age or when they are transferred to Archives. Public offices should only place restrictions on records if there are good reasons, under the Official Information Act or Privacy Act or other relevant legislation, for withholding some of the information in the records. As the name suggests, ‘restricted access’ does not mean no access. It means additional controls put around access. This is a change or clarification in approach from the old Act. The scope for more sophisticated access provisions means there is more chance of finding an appropriate balance between public interest in access to records and the public interest in privacy of personal information that would restrict such access.

Under the Public Records Act, as with the Archives Act, there is seldom a permanent restriction on access to public records. With the responsive and flexible nature of access restrictions, the question of when ‘sensitivity’ in public records declines. The issue of when privacy diminishes over time will likely become pertinent to questions of access. The question is, at what point does the age of the record override the privacy implications in its release? There is no determinative answer for this in the New Zealand context, although the fact that only living persons have a right to privacy under the Privacy Act may be an indicator. However, some information about an individual carries sensitivities regarding personal information about their family members, and so even death may not offer an obvious easy answer sometimes.

The PRA refers to enhancing the accessibility of records that are relevant to the ‘historical and cultural heritage of New Zealand and to New Zealanders’ sense of their national identity. Over time the privacy interests in certain records will give way to such national interests.

Rather than draw a line in the sand, these are questions that are best answered on a case by case basis.

Of course, just because a public record contains a personal name does not necessarily justify restricted access. Some personal names will be included due to that persons function as an official of the agency involved where the privacy impacts may be less. An assessment must be made of the nature of the information and the circumstances of each case. Some cases where it might be unnecessary to consider restricted access on privacy grounds are where:

 The information may already be available publicly;
 The information may be about a person, but be of such a nature that no privacy interest requiring protection arises; or
 The content of the particular information may not, in fact, relate to an identifiable person.

These are all considerations to think about when agencies are looking into restricting access to public records.

8. Archives Role as a Records Management Agency

One of the key changes to the new regime of public records handling is the role provided for the Archives as a records management agency. The Chief Archivist has a leadership role in recordkeeping in public offices and can issue standards relating to any aspect of record keeping within public offices. Importantly there is also the audit function which allows the Archivist to audit the recordkeeping of public offices. Audits will begin in 2010 and provide a powerful incentive for agencies to ‘get it right’ when creating and maintaining records.

This role of instruction and enforcement recognises that the old assumption that agencies would create and maintain all information required to be public records does not necessarily stand up in today’s working environments. It is a significant extension of the Chief Archivist’s role which can potentially form a basis for advocating the consideration of privacy impacts at every stage of public records creation and management.

This role is about ensuring public records are managed well and appropriately – in the same way that the Privacy Commissioner’s role is about ensuring that personal information is managed well and appropriately. Naturally there is some overlap where the public records at issue contain personal information and this is a significant opportunity to work together to ensure that public records and the personal information they contain are respected and managed appropriately by public bodies.

Technology Challenges

At a recent meeting an Archives official advised “don’t talk about digital records, talk about records”. This nicely sums up the way records are moving in agencies as electronic capabilities eclipse the need for paper records and electronic records become the norm. The Privacy Act is well in advance of these technological developments as it uses the term ‘personal information’ which is technology and medium neutral language and will serve us well into the digital age.

In some ways changes in technology could be said to be nothing unusual for privacy considerations – digital records should naturally be afforded the same privacy protections as paper records. However, the ever changing environment in the world of technology means that some traditional means of protecting access to personal information, as well as storage and retention means that digital records must be given special consideration.

Not least is the problem of access to those records – not just by the public but by Archives and even the agencies’ staff. Information is potentially being put at risk by current approaches to digital information. This is a current issue being tackled by Archives and one which privacy consideration should be a part of any solution.

9. Role of the Archives Council

The PRA provides for an Archives Council to provide the Minister with advice concerning recordkeeping and archive matters. The council also provides the Minister with recommendations on appeals made by agencies in relation to certain decisions of the Chief Archivist:

 Declining a request to defer the transfer of a public record
 Instructing a public office to maintain and control its electronic records beyond the 25 year period
 Declining a request for an exemption from compliance with a standard.

Privacy will inevitably be a consideration in the Archives Councils’ recommendations on some these matters. Although the matters the Council must consider are not listed in the Act, nor in their Charter, privacy will inevitably be a fundamental concern where personal information is at issue. There is a benefit to taking a holistic approach to records management and will always be privacy concerns where there are living people associated with these records.

10. Tension between Competing Public Interests

Finding a balance between these competing public interests in privacy and archival value is often a matter of context and compromise. None of these interests is absolute and a balancing exercise can often find acceptable resolutions that reconcile all interests. Some mechanisms are:

 Conditions that can be applied to restricted access records
 Best practice statements
 Recordkeeping Standards
 Privacy Officers of agencies being involved in recordkeeping decisions and processes. Every agency should have a privacy officer who may be able to offer valuable advice and opinions on recordkeeping.

International Comparisons

Both privacy and recordkeeping are high priority international fields of work and New Zealand is active in the global community in both fields. It is interesting to look to other countries to measure our own work and directions.

In the Republic of Ireland, the normal restrictions on processing personal information applied under the Data Protection Act 1988 do not apply to information consisting of archives of departmental records. This includes the requirement that such information be securely disposed of when no longer required for the purpose for which it was first obtained. In order to provide a framework for the handling of such information, the Data Protection Commissioner has recently issued draft Data Protection (Archives and Historical Research) Regulations.

The Regulations lay down requirements that must be met by an agency holding records containing personal information which are kept solely for the purpose of historical records or those covered by the National Archives Act. In a nutshell those records may only be accessed by the individual who is the information’s subject, unless it would be otherwise permitted under the Data Protection Act.

This does not differ hugely from New Zealand but it is interesting to note the Irish have taken a different route to get there.

The draft regulations and accompanying background paper are attached below and can also be viewed at www.dataprotection.ie.

Footnotes
(1) I acknowledge the assistance of Sarah Oliver in preparing this paper.
(2) UMR/Privacy Commissioner, ‘Individual Privacy and Personal Information’, late July 2008, available at www.privacy.org.nz.
(3) www.privacy.org.nz

Background Paper

Draft Data Protection (Archives & Historical Research) Regulations, 2008

Introduction

The Data Protection Acts (Section 1 (3C)) provide that the normal restrictions on processing personal data, in particular the requirement that such data be securely disposed of when no longer required for the purpose for which it was first obtained do not apply to “(a) data kept solely for the purpose of historical research, or (b) other data consisting of archives or departmental records (within the meaning in each case of the National Archives Act 1986) and the keeping of which complies with such requirements (if any) as may be prescribed for the purpose of safeguarding the fundamental rights and freedoms of data subjects”.

The purpose of the draft Regulations is to prescribe requirements which strike a balance between the rights of individuals who are the subject of personal data and the interests of those conducting research that access be enabled in certain situations.

The Director of the National Archives has been involved in drawing up the draft Regulations. The views of others who may be affected by them is now sought.

Draft Regulations

The draft Regulations lay down three separate sets of requirements that must be met by an organisation holding records that contain personal data and which are kept solely for the purpose of historical research or are covered by the National Archives Act 1986. The requirements do not apply to the personal data of an individual acting in an official capacity (for example, a Civil Servant in a Government Department).

Access to Records: Only the person who is the subject of the records may be granted access to them while that person is still alive, unless such access would otherwise be permitted under the Data Protection Acts. Unless the organisation has information to the contrary, it can assume that a person is no longer alive after 100 years from the date of the most recent record or from that person’s date of birth. As “personal data” is defined in the Data Protection Acts as only applying to a living individual, there are no data protection restrictions on access after the death of the subject of the data.

Data Security: The organisation must adopt security measures which meet the standards set out in Section 2C of the Data Protection Acts.

Effect of Regulations

The Regulations would provide an assurance to individuals that personal data relating to them that is retained either in records subject to the National Archives Act or records retained solely for historical research purposes would be subject to safeguards that protect their right to privacy.

The Organisation holding such records – for example, the National Archives – would have access to them, as would the individual concerned while s/he was still alive. Others (for example, researchers operating under the aegis of the organisation) would not have access to the records other than in accordance with the safeguards contained in the Data Protection Acts. For the sake of clarity, the data controller may allow access to departmental records or archives where it requires the third party person or entity seeking to access the records to enter into an appropriate contract imposing an obligation of confidentiality relating to the access to the data in question.

Information in the records could not be disclosed (other than in an anonymised form) without the consent of the person concerned or unless otherwise permitted under the Data Protection Acts.

The records would have to be kept securely, in accordance with the provisions of the Data Protection Acts.

Some Issues

1. Do the draft Regulations strike the right balance between the legitimate public interest in research and the rights of living individuals?
2. Is the proposed 100-year rule in terms of access to personal data reasonable?
3. Should the Regulations contain other provisions?

Data Protection (Archives & Historical Research) Regulations, 2008
I, BILLY HAWKES, Data Protection Commissioner, in exercise of the powers conferred on me by section 1 (3C) of the Data Protection Act, 1988 (No. 25 of 1988), as inserted by section 2 of the Data Protection (Amendment) Act 2003 (No. 6 of 2003) and with the consent of the Minister for Justice, Equality and Law Reform, hereby make the following regulations:

1. (1) These Regulations may be cited as the Data Protection (Archives & Historical Research) Regulations, 2008.
(2) These Regulations shall come into operation on the x day of X, 2008.
(3) These Regulations shall apply to archives or departmental records within the meaning of the National Archives Act, 1986 (No. 11 of 1986) and to data kept solely for the purpose of historical research.

2. in these Regulations-
"archives" means archives or departmental records within the meaning of the National Archives Act, 1986;

"data subject" means an individual who is the subject of personal data;

“the Act” means the Data Protection Act, 1988 as amended by the Data Protection (Amendment) Act 2003;

“personal data” means data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of any person given access to the data;

“data kept solely for the purpose of historical research” means data consisting of personal data which is no longer required for the legitimate purpose for which it was obtained.

3. Where archives or data kept solely for the purpose of historical research include personal data, other than personal data relating to a person acting in an official capacity, the relevant data controller shall take the following measures for the purpose of safeguarding the fundamental rights and freedoms of the data subjects concerned: -

(a) access shall not be granted to such data to persons other than the data subject, or a person acting on their behalf, where access would not otherwise be permitted in accordance with the provisions of the Act or as provided for in these Regulations; and
(b) the data shall be subject to security measures at least equivalent to those laid down in Section 2C of the Act;
(c) the data (other than in an anonymised form) shall not be disclosed without the consent of the data subject or a person acting on their behalf, where such disclosure would not otherwise be permitted in accordance with the provisions of the Act or as provided for in these Regulations.

4. (a) Regulation (3) shall not apply where the data controller in question is satisfied that the data is no longer personal data due to the subject of the data being deceased;

(b) for the purpose of subparagraph (a), and without prejudice to subparagraph (c), the data controller may assume that an individual is no longer alive where the most recent record created in respect of her or him is more than 100 years old and the data controller has no other evidence suggesting that the individual is alive;

(c) for the purpose of subparagraph (a), and without prejudice to subparagraph (b), the data controller may assume that an individual is no longer alive where there is reliable evidence that the individual, if alive, would be more than 100 years old, and the data controller has no other evidence suggesting that the individual is alive.

(d) for the purpose of subparagraph (a), the data controller may, in any event, assume that an individual is no longer alive where it has reliable evidence of such.

Explanatory Memorandum: These Regulations stipulate the conditions under which records retained solely for archival or historical purposes and which contain personal data, other than those relating to an individual acting in an official capacity, may be made available for the purposes of public inspection or historical research.

The Data Protection Acts provide a basis whereby the records in question, which have ceased to be retained for any purpose other than for their original purpose, may be made available for archives and historical purposes earlier than the period stipulated in Regulation 4 above where a person has given consent for such access or display. Equally the data controller itself may access the records for archives or historical research purposes or enter into a contract with a third party entity on the basis that such a contract provides appropriate safeguards.

Download the associated powerpoint slides.

Address by Privacy Commissioner during Privacy Awareness Week 2008

Wed, 03 Sep 2008 09:23:15 +1200

Auckland Chamber of Commerce Breakfast

Rendezvous Hotel - Monday 25 August 2008 at 8.00 am

Introduction

• Welcome, Kia ora tatou

• It gives me great pleasure to be launching our second privacy awareness week 2008 – with our Asia-Pacific partners, Australia, Canada, Hong Kong, Korea and Macau. We will also launch the opinion survey results; and employment booklet.

• Thanks for getting out of bed early on this cold Monday morning!

• It’s worth it! Because I believe you will hear about one of the major business and public issues of 21st century.

• When I came across from Secretary of the Cabinet I expected a relatively quiet time as Privacy Commissioner.

• Wrong! Privacy/data protection has turned into one of the biggest issues of our time.

• Why? In a word, technology. Technology has generated the information century, the digital age and the information revolution.

• Think back only a few years – no Google, no email, no internet. How things have changed – and will keep changing.

• Business and government gather, hold and use vast databases of information.

• Information is redefined as an asset, as the new currency of the 21st century. Much of that information is personal, about you and me.

Scene setting – where privacy issues are at today for business

• Your "Digital Shadow" - that is, all the digital information generated about the average person on a daily basis - now surpasses the amount of digital information individuals actively create themselves. New research shows the digital universe is bigger and growing more rapidly than original estimates as a result of fast growth in digital cameras, surveillance cameras, and digital televisions …. Other fast-growing corners of the digital universe include internet access in emerging countries, sensor-based applications, data centers supporting "cloud computing" and social networks comprised of digital content created by many millions of online users.

• The digital universe in 2007 was equal to almost 45 gigabytes (GB) of digital information for every person on earth - or the equivalent of over 17 billion, 8-GB iPhones.

• Social networking: The amount of personal information being collected by social networks soars at an enormous rate. MySpace claims more than 110 million accounts, while Facebook, its fast-growing rival, has some 64 million members. More than two billion videos are viewed monthly on YouTube.

• Use of databases – and they talk

• World map – growth of data protection and privacy authorities, activity at APEC, OECD, ISO

• Lots of online resources/journals

• NZers are confident users of technology:
o 88% of households have a computer (BSA)
o 62% of children aged 6-13yrs use the internet.

• So why is this topic important to business and government? Clearly it’s an area of huge opportunities for growth and development, both to facilitate existing, and generate new business opportunities; but it’s also an area of huge risks to business.

• Privacy is a fast-developing area and we are in the midst of an information revolution.

• Therefore – data protection and privacy have become a business issue – which can be a facilitator, an enhancer, an enabler, a market advantage – if you approach it right. If not, it can be your downfall. The Privacy Act provides some simple principles to guide you about collection, use and disclosure. Mishandling or accidents with people’s information can cause loss of trust, branding damage and ultimately affect your bottom line. Recent examples are: loss of UK benefit records; disclosure of Trade Me user details; attacks on online banking.

Launch of UMR privacy survey

How is all this viewed in New Zealand?

We run public opinion surveys, to help us to target our efforts. I suggest these survey results are equally useful to you, whether you are in business, or service delivery, or government. I will give highlights. Much of interest in the detail. Full version available on our website.

• The previous UMR privacy survey was run in March 2006 (and Sept 2001).
• We plan to continue regular surveys in order to take the “privacy temperature” of New Zealanders.
• These results give some clear messages to both business and government.

General trends

The results show that many New Zealanders have a strong and growing awareness of privacy and information technology issues. A third of people surveyed (32%) reported that they had become more concerned about issues of individual privacy and personal information in the last few years. 64% said their concern had stayed about the same. Base levels of concern are between 50 – 57%. Pacific Island and Maori respondents showed relatively higher levels of concern (46% and 40% respectively). This is a consistent feature of our survey – similar levels recorded in 2001 and 2006.

Business

The survey results again showed high levels of concern about potential breaches of individual privacy by business. Ninety-percent (90%) of people said they were concerned (74% very concerned) if a business they didn’t know got hold of their personal information. This concern is reflected across all age groups, occupations, and personal income, and is demonstrated with great clarity in the ethnic breakdowns, where Pacific Island people and Maori expressed 100% and 93% concern respectively. The lowest level of concern was among students (81%).

Eighty-six percent of respondents were concerned if information supplied to a business for one purpose was used for another purpose.

A new question showed that New Zealanders are not necessarily comfortable with the globalisation of personal information. Eighty-one percent (81%) of respondents were concerned with their personal information being held by overseas businesses and, out of that number, 61% were very concerned. Concern was somewhat higher among women (85%) than men (77%).

Trust

Levels of trust in the way different organisations use and protect personal information vary widely. Health service providers, including doctors, hospitals and pharmacies rated highly, with 92% of New Zealanders saying they were trustworthy. The level of trust in Police handling of personal information was also high (84%). Approximately two-thirds of respondents said they had trust in the way government departments (65%) and ACC (69%) handled personal information.

By contrast, businesses selling over the internet recorded the lowest level of trust for their personal information handling – only 25% of New Zealanders believed those businesses to be trustworthy.   (17% in Australia.)

People who have become more concerned about privacy and personal information are generally less trusting. The Australian results show they are significantly less trusting than New Zealanders suggesting that trust may also trend downwards here. Perhaps more awareness means more mistrust. Our survey certainly shows the flipside, that (generally speaking) the lower the concern, the higher the confidence. It also showed that levels of trust decreases with age – younger people are more trusting than older people. Rural, provincial, homemakers, Maori and Pacific island respondents are, typically, more concerned and less trusting. Interestingly Aucklanders showed rather higher levels of mistrust of business, government and the internet.

Credit reporting – trust

Trust in credit rating agencies was also relatively low (42%) when it came to personal information handling. Trust in credit rating agencies was highest among Pacific island people (56%) and Maori (48%) while for other ethnicities it was 40%. Across the total population, as personal income increased, the level of trust in credit rating agencies decreased.

Targeted marketing

In response to a new question, two-thirds of respondents (67%) said they were uncomfortable that internet search engines and social networking sites tracked internet use in order to deliver targeted advertising. This is entirely consistent with our very strong anecdotal evidence that people strongly dislike unsolicited direct marketing by phone and snail mail.

Employment

The survey has shown a continuing downward trend when people are asked about employer monitoring of e-mails and internet use. In 2001, the level of concern was 51%; that concern rested at 50% in 2006 and has decreased in the 2008 survey to 46%.

Health

Half of New Zealanders (50%) were unaware that everyone in New Zealand has their own national health index number which identifies them in the health system. Knowledge of the existence of the NHI was highest (71%) among those respondents classified as ‘homemakers’. In the different regions, knowledge of the NHI was lower in rural areas (46%) but for some reason, was lowest in Christchurch with only 38% of those surveyed reporting awareness of the NHI.

Genetic information and insurance

Concern about insurance companies being able to make decisions using genetic information was generally high, with 74% of respondents being either concerned or very concerned. The number of respondents who felt ‘very concerned’ rose with age (61% of those aged 60 plus felt ‘very concerned’).

Range of issues

The survey asked people about a range of specific situations. Concern about privacy was greatest in the areas of safety of children on the internet (87%), and security of personal information on the internet (82%).

Although CCTV use is the subject of a great many media stories and is a constant source of enquiries to our Office, the survey once again showed that video surveillance in public places provoked the lowest level of concern (27%).

Awareness of Office

The survey also asked people about their awareness of the Privacy Commissioner. This was a “toe in the water” question to see what impact the Office might be seen to have. Overall, the response was fairly good, with 63% of people responding positively. Older age groupings reported a relatively higher level of awareness of the Office. More concerning was the fact that Pacific Island respondents reported a much lower level of awareness (26%) than the rest of the survey population. The Office clearly has some work to do in better targeting information and material to that community. (Australia 45%.)

Government Information Sharing

An interesting result is that concern about government departments sharing personal information rose from 37% to 62% between 2006 and 2008 surveys. Perhaps this was partly due to making the question clearer – but it shows again that awareness equals concern. Business is not alone in needing to embrace privacy as an issue.

Conclusion

How to summarise and make sense of all this? I will have a go – but I welcome discussion and other thoughts from you.

- People continue to distrust business use of their information; there is no sign of this dropping.
- NZers are confident users of computers and the internet.
- But they are extremely suspicious of internet risks to their privacy and personal information.
- Levels of trust are low; and dislike of tracking computer use and consequent targeted marketing on the internet is extremely high.
- Concern about risks to children is extremely high.
- Maori, Pacific Islanders and homemakers are generally less trusting and more concerned about privacy invasions; on some questions rural and provincial people and older people are now concerned and less trusting.

Of course the conclusion I draw is that we all need to take this issue more seriously. If information is the currency of the 21st century we need to gain and keep people’s trust – and keep that currency flowing freely.

(Download the powerpoint presentation delivered in conjunction with the Privacy Commissioner's address).

Privacy at work - A guide to the Privacy Act for employers and employees

Thu, 28 Aug 2008 13:52:35 +1200

This new book is available now.

Download the order form below for copies of this book which uses examples and discussion to illustrate some of the major privacy questions at work, and how to resolve them.

Private Word Issue 67, August 2008

Wed, 13 Aug 2008 12:14:40 +1200

Privacy Commissioner Marie Shroff is pleased to be part of Privacy Awareness Week 2008 with her Asia Pacific Privacy Authorities (APPA) international partners.

Also in this Privacy Word:

The future of the world’s Internet economy
Modernising the law
Privacy Bill helps trade, enhances personal rights
News around the world
UK reports released on data losses
Case notes

Keynote Address, by the Privacy Commissioner, Marie Shroff at the Privacy Issues Forum 2008

Wed, 27 Aug 2008 08:53:16 +1200

Marie Shroff, Privacy Commissioner was the keynote speaker at the Privacy Issues Forum 2008 held on 27 August in Wellington. She spoke on: "Privacy and community: personal space within the public sphere"

Download the full speech below.

Privacy Issues Forum 2008 Speakers' Presentations

Thu, 28 Aug 2008 11:55:03 +1200

Click on the link to view the papers available from the following speakers who addressed the Privacy Issues Forum 2008 at the Intercontinental Hotel on 27 August:

Andrew Jack
Barbara Buckett
Donald Evans
Kathryn Dalziel
Paul Roth
Richman Wee
Trevor Morley
Ursula Cheer

Privacy Awareness Week, 24-30 August 2008– “Privacy is Your Business"

Fri, 22 Aug 2008 12:16:48 +1200

22 August 2008

On Monday, Privacy Commissioner Marie Shroff will launch New Zealand’s Privacy Awareness Week 2008 (24-30 August) with the theme, “Privacy is Your Business”. Media are welcome to attend all events.

The week starts with a joint business breakfast with the Auckland Chamber of Commerce to announce the results of the latest UMR public opinion survey on privacy (Monday 25 August, from 7.30am, Rendezvous Hotel, Auckland; presentations from 8am).

This breakfast event will also see the launch of the Privacy Commissioner’s new book, “Privacy at work: a guide to the Privacy Act for employers and employees”. This handy A5 book (44 pages) looks at a number of common workplace situations and offers much-needed guidance on issues such as use of CCTV, reference checking and email monitoring.

On Tuesday 26 August, Listener columnist Jane Clifton will open the inaugural exhibition of Chris Slane’s privacy cartoons. This event, and the exhibition itself, will be at the Jimmy Café and Bar, Westpac St James Theatre, 77-87 Courtenay Place, Wellington. The exhibition will be open to the public from Wednesday 27 August – 8 September and entry is free. Media previews are available by appointment between 3 - 4pm on Tuesday 26 August.

A one-day Privacy Issues Forum will take place at the Intercontinental, Grey St, Wellington on Wednesday 27 August. The sessions include presentations on genetic research, the Law Commission’s review of privacy, DNA databases, social networking, and the role of the private investigator in criminal investigations. See www.privacy.org.nz for the full Forum programme. Media packs are also available, including details of the speakers and synopses of the presentations.

Privacy Awareness Week is an Asia-Pacific wide event. For more information about the week and activities across the region, see www.privacyawarenessweek.org/paw

For more information see www.privacy.org.nz or contact:

Annabel Fordham tel 04 474 7590 or 021 509 735 or enquiries@privacy.org.nz

Case note 10141 [2008] NZPrivCmr 14 : Advertising material sent to all members of a club

Mon, 25 Aug 2008 09:27:25 +1200

A man was a member of a club. He complained to us that the club supplied his personal details to a direct mailing company and as a result he received unsolicited direct mail from insurance companies.

The man stated that he did not know that his personal information would be used in this manner when the information was collected from him. He was unhappy about the way his information had been used and that his personal information had been disclosed to a third party.

His complaint raised issues under principles 3 and 11 of the Privacy Act and he raised concerns about principle 10.

Principle 3

Principle 3 of the Privacy Act concerns the collection of personal information from individuals. It requires an agency to notify individuals of the purpose for collecting the information, and the intended recipients of the information, among other things.

At its AGM in 1984, the club had resolved to release members’ contact information to an independent direct mailing company for the purpose of providing targeted advertising material to its members.

The club had advised its members of this change through the minutes of its Executive Committee, its newsletter and circulars distributed to its branches. They continued to provide this advice to their members in the intervening years.

Since the club had advised its members clearly that contact details would be disclosed, it was our opinion that there was no breach of principle 3 of the Privacy Act.

Principle 11

Principle 11 states that an agency that holds personal information shall not disclose that information unless that agency reasonably believes it can rely on one of the exceptions set out under principle 11.

We considered that principle 11(a) applied. This exception states that an agency can disclose personal information if it reasonably believes the disclosure is one of the purposes in connection with which the information was obtained, or directly related to the purposes in connection with which the information was obtained.

It was apparent that since the AGM in 1984, release of the information to the direct mailing company was one of the purposes for collecting the information.

This purpose also predated the Privacy Act by nine years, and had been notified to members on many occasions. This was not a situation where the purpose of collecting the information had been changed without notice to members.

Outcome

We concluded that there was no interference with the man’s privacy. However, we acknowledged that it was upsetting for him to receive advertising material in this way.

We suggested to the club that at the time a person’s membership comes up for renewal, there should be a standard statement that membership contact information is provided to the direct mailing company, so that it can offer services that may be of use to the club members. We also suggested that the club should at least allow members to opt out of this service, and that it is preferable to invite members to opt in.

We then closed our file.

August 2008

Collection of personal information – club – membership information provided to marketing agency - informing individual of purposes of collection and intended recipients of the information – standard statement at time of membership renewal – at least offer opt-out – opt-in preferable – Privacy Act 1993, principle 3

Disclosure of personal information – club – membership information provided to marketing agency – one of purposes of collection – Privacy Act, principle 11(a)

Case note 102741 [2008] NZPrivCmr 13: Recruitment agency discloses applicant's email address to other email recipients

Thu, 21 Aug 2008 10:56:46 +1200

A recruitment agency sent an email out to a number of its clients with each of the clients’ email addresses visible. One of the clients complained to the agency about the disclosure of his email address, and received an apology. He did not consider that the apology was satisfactory in the circumstances.

The man complained to us about the disclosure of his email address.

Principle 11

Principle 11 of the Privacy Act states that an agency that holds personal information must not disclose that information unless one of the specified exceptions applies. In this case the recruitment agency acknowledged that they had mistakenly disclosed the man’s email address to a number of other people. The actions of the recruitment agency therefore constituted a breach of principle 11 of the Privacy Act.

The recruitment agency explained that the error had occurred as the ‘cc’ field had been used instead of the ‘bcc’ field and that it had been a one-off incident. They expressed their sincere apologies and stated that the mistake was unacceptable, given the nature of their business where confidentiality is important. They assured us and the man that they had implemented processes to ensure that the mistake did not occur again.

The man accepted this apology from the recruitment agency and the complaint was settled as a result.

We also wrote to the recruitment agency and stated that we would be concerned if the situation recurred.

We then closed the file.

August 2008

Principle 11 – disclosure of personal information – recruitment agency – email addresses sent to all recipients – settlement – Privacy Act 1993, principle 11

Case note 99971 [2008] NZPrivCmr 12: Man receives summary of allegations against him

Thu, 21 Aug 2008 10:54:14 +1200

A man had been the subject of an investigation by a government agency. He wanted a copy of his file as he believed that a third party had given the government agency false information.

The agency provided the man with some of the information on his file but withheld other information on the basis that it would identify the informants who provided information to the agency.

Principle 6

Principle 6 of the Privacy Act provides that an individual has a right of access to the personal information that an agency holds about them, unless one of the stated exceptions applies.

The government agency relied on sections 27(1)(c) and 29(1)(a) of the Privacy Act to refuse the man’s request for the remaining information.

We were satisfied that the agency was entitled to rely on section 27(1)(c) of the Privacy Act to withhold information which would identify informants. This was because this agency relied upon the free flow of information from third parties in order to detect and prevent offences. Those people would not provide information unless their identities were protected.

We were also satisfied that the agency could rely on section 29(1)(a) of the Privacy Act to withhold information that would disclose the affairs of the informants. The people had provided information that was highly personal to themselves. They had expressly requested that it remain confidential. In the circumstances, revealing that information would have been an unwarranted intrusion into their privacy.

However, we took the view that the agency could not withhold all the information. It was important for the man to know the substance of the allegations against him. Here, it was possible to provide him with a summary of the allegations without jeopardising the privacy of others, or identifying the informants. Providing a summary would strike a balance between the very strong rights of the requester to receive information about himself, and the agency’s interest in minimising the risk of identifying its informants.

We therefore recommended that the agency should provide the man with a summary of the information. The agency agreed to do so.

This was a positive outcome for all concerned. The man was happy with the summary and the agency recognised that this was a useful way of dealing with such matters.

Since the matter was settled on this basis, we then closed our file.

August 2008

Access to personal information – government agency – identity of informants – information about affairs of other individuals – summary of allegations – settlement – Privacy Act 1993, principle 6, sections 27(1)(c) and 29(1)(a)