Our website uses cookies to give you the best experience and for us to analyse our site usage. If you continue to use our site, we will take it you are OK about this. Click on More for information about the cookies on our site and what you can do to opt out.

We respect your Do Not Track preference.

Remaining principled in a time of national emergency Blair Stewart
18 November 2015


Recent attacks in Beirut and Paris have highlighted that governments have to deal swiftly with emergencies – whether deliberately caused or naturally occurring – and have in place statutory powers to restore security and public confidence.

In New Zealand, Parliament’s Regulations Review Committee is currently considering what overarching principles should govern the delegation of law-making powers in the context of recovery from a national emergency.

Although national emergencies are exceedingly rare in New Zealand, this is an important topic for a seismically active country like ours where the next big earthquake could be in 50 years’ time or tomorrow afternoon. It is an issue that also has relevance in the context of privacy law.

Committee inquiry

The Regulations Review Committee is exploring the question as part of a wider inquiry into the constitutional and legislative aspects of the legislative framework for national emergency response and recovery.

The purpose of this inquiry is to establish the most appropriate legislative model for managing the aftermath of national emergencies once a state of emergency has been lifted – a model that maintains consistency with essential constitutional principles, the rule of law, and good legislative practice.

Christchurch quake information sharing

The context is the prolonged recovery from the 2011 Christchurch Earthquake for which certain extraordinary statutory measures remain in place and seem likely to stay for some time.

In the earthquake’s aftermath, the then-Privacy Commissioner Marie Shroff faced the question of whether existing law should remain unchanged in the face of a national emergency. She concluded that some limited relaxation of the principles in the Privacy Act was warranted to assist in the emergency and for a month following the lifting of the state of national emergency.

On 24 February 2011, Ms Shroff used the urgency power in section 52 of the Privacy Act to issue a code of practice within 24 hours of the declaration of the national emergency. The code relaxed legal restrictions on the collection, use and disclosure of personal information by expressly providing authority for certain additional permitted purposes. For anyone interested in the temporary 2011 code, there’s information about it here.

Data protection and natural disasters

The sort of reasons behind the temporary code were explained in a Resolution on Data Protection and Major Natural Disasters which was adopted by the International Conference of Data Protection and Privacy Commissioners in late 2011.

This included that public responses to a major natural disaster may warrant:

  • special efforts to protect the vital interests of victims;
  • extraordinary processing of personal information to compensate for the loss of usual documentation, disrupted access to databases, communication difficulties and other challenges;
  • use of personal information held by organisations beyond their usual business purposes.

Our submission

The Office of the Privacy Commissioner has made a submission to the current inquiry and it offers principles obtained from the 2011 experience. We suggested that:

  • ordinary law should continue to apply where possible
  • where special delegated legislation is warranted, the original law be reinstated as soon as feasible
  • there should be monitoring to ensure that the need for special arrangements continues and that the delegation is working as intended
  • any derogations from usual law and rights should be proportionate to the need and that appropriate safeguards be in place
  • temporary delegations of power should be subject to review after the national emergency is over; and
  • results of reviews of the exercise of special powers should be made transparent.

Our submission also highlighted the recommendation to governments in the 2011 resolution to include consideration of privacy in their civil defence planning, including to:

“Ensure that any special measures that may limit the normal operation of data protection law are appropriately justified, proportional to the emergency, contain appropriate safeguards and endure only for so long as warranted by the disaster.”

Submissions from others

The inquiry has received about 28 other submissions. Various suggestions have been made as to the principles that should apply to the derogation from normal laws in times of national emergency.

For example, the Christchurch City Council in its submission endorsed the views of the Legislation Advisory Council that “emergency legislation should be prepared in advance and triggered at a defined time by declaration of a post-state of emergency recovery period” thus enabling better public scrutiny than is possible when legislating in the heat of an emergency itself.

Civil Defence code

A similar stance was taken two years after the earthquake with the Civil Defence National Emergencies (Information Sharing) Code 2013 which contained provisions modelled on the temporary 2011 code.

The Commissioner took the view that a code would be needed only for the ‘response phase’ and would expire one month after the emergency is lifted. Information handling in the latter phases of the recovery and reconstruction period could easily be accomplished in accordance with the normal requirements of the Privacy Act (which includes provision for authorised information sharing agreements if warranted).  

Protection for volunteers

Another submission from two professors and a PhD student at Canterbury University propose that there should be better legal protection for volunteer disaster relief responders.

While those submitters’ concerns are directed to a somewhat different set of issues than those that led to the issuing of the 2011 and 2013 code, there is a common concern. The codes sought to give agencies comfort that the disclosure of information to public authorities would be legally compliant and avoid risk-averse agencies needlessly hesitating if asked to release records needed for the response.  

The Regulations Review Committee is expected to report back next year.

Image credit: The old Robertson's Bakery building, Victoria Street, Christchurch - photo by Kebabette via Digital NZ.





No one has commented on this page yet.

Post your comment

The aim of the Office of Privacy Commissioner’s blog is to provide a space for people to interact with the content posted. We reserve the right to moderate all comments. We will not publish any content that is abusive, defamatory or is obviously commercial. We ask for your email address so that we can contact you if necessary to clarify your comment. Please be respectful of authors and others leaving comments.