Annual Report of the Privacy Commissioner 2008

Thu, 04 Dec 2008 09:16:20 +1300

Annual Report for the Privacy Commissioner for the year ended June 2008.

Download the full Annual Report (with navigation links) below (PDF, 164 pages).

KEY POINTS

• Nearly 50% of incoming complaints were about people wanting access to their own personal information. A further 25% of incoming complaints alleged that personal information was used or disclosed inappropriately.
• Currently, 61% of the 662 complaints received are closed within six months, and 84% are closed within a year. This is a further improvement by the Investigations Team on last year’s performance.
• During the year, 135 complaints were settled or mediated; sometimes by an apology, or an assurance that an action will not be repeated, a change in policy, or monetary compensation.
• Six agencies together accounted for about one third of the complaints received.
• Enquiries staff handled 5,417 enquiries during the year, through the 0800 line and, increasingly, through email.
• Policy projects numbered 260 and covered a vast range of topics including biometrics, information sharing across government, anti-money laundering, and smartcards.
• The Health Information Privacy Code was amended during the year, and a review of the Credit Reporting Privacy Code was initiated.
• Currently 78 authorised government information matching programmes, of which 46 are active, allow departments to share information about New Zealanders. Numbers are expected to increase significantly in the coming year.
• Information matching showed a clear growth in on-line transfers, with 16 approvals granted during the year. Over half of active information matching programmes can now be done by on-line transfers.
• Asia-Pacific Economic Cooperation (APEC) continued its work to implement the APEC Privacy Framework, adopted in 2005. The Framework establishes regional standards for privacy protection, and is of increasing importance in today’s business climate, where personal data is transferred easily from country to country.
• The Office continues to work with the Ministry of Justice in amending the Privacy
Act to enable New Zealand to provide an “adequate standard of data protection”
for processing European data. Trade benefits are expected to flow from gaining
this recognition.
• The Office received 128 media enquiries through the year on topics such as data breaches, employee monitoring, and use of CCTV cameras.
• The Commissioner and senior staff gave numerous speeches and presentations on data protection issues to business, civil society and government organisations.
• A successful first Privacy Awareness Week (PAW) for New Zealand was held in August 2007 and PAW is now a recognised international event, run in partnership with other Privacy Commissioners’ offices in Hong Kong, Victoria, New South Wales, Northern Territory, Australia (federal office) and Korea. The Canadian and British Columbian Commissioners joined the APPA network during the year and will be participating in forthcoming PAW events.
• Following several high profile, vast, data breaches overseas in 2007/08 the Office reviewed the handling of files being physically transferred on floppy discs, CDs or tapes for use in New Zealand government information matching programmes. Of 46 matches, 19 were being transferred physically on unencrypted digital media. In February 2008, the Privacy Commissioner required that those files be encrypted to improve their security in case of loss. By the end of the reporting period, three data transfers remain unencrypted. In an associated move, data breach notification guidelines for business and government were launched in August 2007 during Privacy Awareness Week.
• The Office of the Privacy Commissioner has ongoing participation in the Law Commission’s major review of privacy. Work in the coming year will focus on civil and criminal remedies (Part 3) and a review of the Privacy Act (Part 4). Discussion papers relating to the project are available at www.lawcom.govt.nz.

INTRODUCTION

Chasing shadows of ourselves

Our ‘digital shadows’ are now larger than the digital information we actively create about ourselves. In financial records, on mailing lists, through web surfing histories or images taken of us by security cameras in airports or by CCTV cameras, a digital shadow is being created around us. Estimates are that only about half of a person’s digital footprint is made by deliberate actions, such as taking pictures, sending emails, or making digital voice calls – the rest accumulates passively as we go about our daily activities.

With the billowing quantity of personal information created, comes an increasing chance of it ending up in the wrong hands – whether by design or accident.

Data leaks, breaches and theft

In January 2007, for instance, over 45 million credit and debit card numbers were stolen by hackers who infiltrated the systems of the US retail company TJX. It was cited at the time as the largest theft of personal data ever. But a matter of months later in the UK, two CDs were lost, containing all child benefit personal information about 25 million people and 7.25 million families. Details included name, address, date of birth, National Insurance and bank account numbers. The data was unencrypted. And despite the requesting department asking for sensitive details to be stripped from the files before sending, this had not been done – apparently for reasons of cost.

In another UK-based incident, unencrypted records of more than 600,000 people interested in joining the armed forces were on a UK Ministry of Defence laptop recently stolen from a Royal Navy recruiter. The computer held the personal details of more than 14,223 Northern Ireland residents, 60,000 Scots, 37,546 Welsh, 459,778 English and 34,667 other people.

New Zealanders are not immune. As a nation we are enthusiastic technology users – our banking and health systems are reflections of that. Recent data breaches in New Zealand include changes to computer systems in a major agency resulting in accidental release of personal information; unauthorised employee browsing of Police databases; employee browsing of Inland Revenue (IR) databases; employee browsing of patient records in a District Health Board (DHB); major bank systems “invaded” by so-called “research software”; sensitive lab results repeatedly sent to an incorrect fax number; and numerous others.

Data breach notification law

A fundamental and necessary step is to have adequate security safeguards to protect the information. Those systems need to be robust and responsive – and to protect against both malicious attacks and human error.

And agencies need to be ready to act if something goes wrong. In February 2008, I released privacy breach notification guidelines for New Zealand. The guidelines are designed to assist organisations faced with managing the privacy aspects of a data security breach. Privacy and data protection authorities in countries such as Australia, UK and the United States have already introduced similar measures. The guidelines reflect international best practice and are voluntary rather than being a compulsory code.

But above all, the individuals whose data has been inadvertently released need to be ‘front and centre’. It is their best interests – and not just those of the organisation – that need to be properly addressed. We will watch local practice and international developments before deciding whether anything further is needed.

Corporate ethics and individual responsibility

Employee browsing

In late 2007, I commended the actions of Auckland DHB in identifying and following up instances where staff had browsed celebrity medical records. In that case, footprinting technology helped to trace the individuals involved. Technology in such instances can be both the cause and the solution to the problem. But what must come first is ensuring that the information is treated with care and respect.

In a similar vein, I have been disappointed to note several incidents in recent months involving bank employees browsing customer records. Typically, it has arisen when a personal relationship has soured; perhaps between former partners, or other family members. There is a real cost to the organisation – both in dollar terms and in loss of customer trust. The banks involved have responded swiftly to put things rights and to take steps to restore the customer trust that is so central to that sector.

Finding information – I’ve got it, what do I do with it?

Large corporates and government departments are becoming attuned to the message that personal information is a resource that brings associated responsibilities. But what about individuals – do we have obligations too? The short answer is ‘yes’. Individuals can be just as responsible – and just as liable – as the largest government department or business.

So what should you do if you find information about someone else on the street, at the dump, or sent in the mail to you? Most of us would quite reasonably hope, even expect, that anyone coming across such information will treat it with respect. This includes doing what they can to secure it; if possible, returning the information to the source, or otherwise giving it to the Police. In some instances, it might make sense to notify my Office. Taking a cavalier attitude to someone else’s personal information may make the finder legally liable for the harm that follows.

Sometimes people do get it right. A good example is the 25 year old student who was mistakenly sent tax details showing the salary of another woman, a health professional. As The Press reported at the time, the student contacted the medical professional and told her she had received the woman’s IR statement, along with those of two other people. They had been put in the same envelope as the student’s own summary of earnings document. The health professional’s reaction was telling: “I had a feeling of shock, then relief that someone with integrity had received it and had made the effort to pursue it rather than dump the document in the bin, or didn’t seek to abuse the information in any way”.

Knowledge, control and power

More and more, having access to personal information means having not just knowledge, but power. We are in the information-rich, data-loaded world. Information about you is a saleable commodity. And in the health system, for instance, health information is a critical tool, but it carries many responsibilities. Comprehensive collection and sharing of individual patients’ information can help deliver better health services, but personal information is both an asset and a risk. The hot button is trust.

For instance, the very core of the health system – the doctor-patient relationship – is built upon openness, confidentiality and trust. But it goes even further than that. The doctor must trust the system and how the system will manage that health information. They must relay that understanding to the patient, who in turn needs clear guidance about what’s going on and what they can expect. I’ve heard too many doctors raise genuine concerns about current and proposed information developments to feel sanguine. And I don’t think we have an adequate answer to those concerns at present.

Personal information is both an asset and a risk.
The hot button is trust.

I hope that security standards and protocols, footprinting technologies and break-glass systems are now becoming accepted as basic, modern essentials. But we must question and better examine the information flows that are being structured into the health system. Those systems, whether at the level of the Ministry, DHB or individual GP practice, must be strong, secure and transparent. And patients must be given the opportunity to be informed.

The borderless, digital ‘cloud’

We live in a fluid information environment. We no longer sit and type contentedly at our stand-alone computer. Most of us use the internet daily in our professional lives, and regularly in our personal lives to find out information, to email others and to participate in social networking. Beyond that, an increasing number of us will bank on-line, may choose to store our medical records with Google (although I think I won’t!) and may use a website, rather than a hard drive, to store our digital photos. Perhaps we keep our CV on another website and store our personal contacts and address details using another on-line application. More and more, businesses are also choosing to process and store their data in massive data centres in the ‘cloud’. Cloud computing might loosely be defined as software, storage or processing centres networked via the internet across multiple locations. And clients may, increasingly, specify a particular geographical location for stored data, or choose a data centre that is optimised for their particular industry.

The wider community – international developments

So how are we tackling the borderless, digital cloud? In this climate, international links are becoming vital. We often think of privacy as being about individual action and repercussion – and of course that is true. But more and more, data protection and privacy are forged across organisations, regions, nations, – even continents. There is a very good reason for that – we are charging our way into the digital century and international cooperation has become essential to address the emerging challenges we face.

Some of the recent co-operative developments that affect New Zealand include global initiatives involving both APEC and the OECD. In Korea in June 2008, the OECD held a Ministerial Meeting on the Future of the Internet Economy, where participants agreed on the need for government to work closely with business, civil society and technical experts.1

And in the Asia-Pacific region, APEC is running a number of practical pathfinder projects on privacy.

We are likely to see much change in the coming few years that might include: modernising of existing national laws and the likelihood of many new privacy laws throughout the region. We might also expect to see greater cooperation amongst regulators, and a re-examination of the privacy principles to see if they deal adequately with the information revolution and the digital cloud.

Technology, connectedness and social impacts

Technology enables details about individuals to be collected, used and disclosed on an unprecedented scale, both in New Zealand and overseas. The New Zealand World Internet Project found that 78% of New Zealanders use the internet, and about a third of us participate in social networking sites each week. Clearly it’s an area of huge opportunity for growth and development – both to facilitate existing, and to generate new business opportunities; but it’s also an area where there are huge risks:2

Our digital footprints and shadows are being gathered together, bit by bit, megabyte by megabyte, terabyte by terabyte, into personas and profiles and avatars – virtual representations of us, in a hundred thousand simultaneous locations. These are used to provide us with extraordinary new services, new conveniences, new efficiencies, and benefits undreamt of by our parents and grandparents. At the same time, novel risks and threats are emerging from this digital cornucopia. Identity fraud and theft are the diseases of the Information Age, along with new forms of discrimination and social engineering made possible by the surfeit of data.

And in this context, data protection and privacy have become a business issue – as a facilitator, an enhancer, and enabler – and as a way to mitigate loss of trust, branding damage and loss of profits.

Our digital footprints and shadows are being gathered together, bit by bit, megabyte by megabyte, terabyte by terabyte, into personas and profiles and avatars – virtual representations of us, in a hundred thousand simultaneous locations.

Our understanding of privacy is fast developing in response to these wider societal changes. And our expectations of privacy are evolving as well. We are no longer tolerant of a business unexpectedly sharing our contact details, or of poor handling of medical records. In today’s world, what you do with a person’s information does matter and we expect government and business to treat our information with care. We want to have the choice to ‘opt out’ of telemarketing calls, or to have a say in the information that is released about us.

And yet, we are surveilled, tracked and monitored. We are watched and recorded like never before. How many of our grandparents would have believed that an employer could require a urine test or a finger-scan; or that a baby born today would have its DNA held for decades – maybe centuries – in a database?

Genes, medicine and technology

We are grappling with some of those very issues in New Zealand now. The Ministry of Health has been reviewing the retention and storage of the newborn bloodspot, or “Guthrie cards”. These cards contain genetic samples of almost the entire population aged under 40 years. They are currently stored indefinitely, and that storage has been without incident or mishap. They have been retained through the last forty years or so less as a deliberate act than simply because they were never discarded. Their future use is, at present, undefined. I, and many others, see that is no longer a sustainable position. If we decide to store this potent information about all of us, we must first address the reasons for doing so, the proper limits upon its use and the protections it deserves. Recommendations on the future storage and use of the cards will be put to the Minister of Health in the coming months.

It is fitting that New Zealand is reconsidering its approach to this most precious treasure because scientific advances in this area develop daily. As genetic information becomes more and more accessible, we will be faced with tough ethical, social and legal questions. How much do you want to know about your genetic makeup?
How much do you want your family, employer or health insurer to know?

Your DNA may well prove to be the ultimate definition of your human physicality, but how far do you want it to define you as a person? Is your identity any different from your sequence of DNA? Our identity – how we define it, and manage it – is already of pressing concern, but will only become more so in coming years as genetic information proliferates and is read more easily and cheaply.

Identity management: a code of ethics for the 21st century

People need to feel they can control their identity; to change it for legitimate reasons; and have the ability to know what other people may be doing with that identity. Through complaints to my office, I am all too familiar with the sense of loss, grievance and even despair people feel when their personal information or their identity is lost, stolen or misused. We ignore these feelings at our peril.

‘Context is everything’ is a truism, but in the realm of identity and identity management it is fundamental. Context affects both the range of information you might reasonably be asked to provide and the selection you make about what you willingly reveal. We do not tell the same story to each person. We do not tell the same story on every occasion. And we do not tell today the same story that we told 10 years ago. As Mel Brooks said: “Every human being has hundreds of separate people living under his skin.”

Identity is about defining ourselves and being defined by others. When it comes to identity, getting things almost right just doesn’t work. We care too much about it for that. Identity is linked to our place in the world. It is both personal and public.

It can be both a means of control and a means of self-definition. We shape, reinvent and colour our own identity; and it is shaped by social, cultural and political influences. Control of identity brings with it power – and control over the person. But every day in every way government and business are becoming more adept at “managing” our identity.

The challenge is, to give more attention to the integrity of the systems we are designing and the people at the centre of them; to reconsider the ethical (and perhaps even moral) framework for our key information handling systems, and to give individuals options, flexibility and control.

Law Commission review

The New Zealand Law Commission has embarked on a significant and extensive review of privacy. This major project has wide-ranging terms of reference and will continue through until at least mid 2009. Among other things, the Law Commission will be reviewing the Privacy Act and the developing tort of privacy.

In the modern and highly technological environment in which New Zealanders operate, watchdog offices like the Privacy Commissioner need to be equipped with the right tools to do the job. For instance, because of the diffuse and varied nature of privacy concerns, we rely upon having the power to inquire widely and freely. One area I have noted to the Law Commission as a gap currently is an ability to audit government and business processes.

Our Office is actively contributing to the Law Commission’s review, which will directly or indirectly impact upon how we manage personal information and identity – New Zealand-style. It is a timely undertaking that I hope helps New Zealanders keep pace with their digital shadows, and have some say in how their identity is managed in the ‘information century’.

Marie Shroff
Privacy Commissioner

1 The Seoul Declaration is available at www.oecd.org
2 A. Cavoukian, Information and Privacy Commissioner of Ontario Privacy in the Clouds: A White Paper on Privacy and Digital Identity: Implications for the Internet.
(Office of the Information and Privacy Commissioner, Ontario, May 2008) 3. See: www.ipc.on.ca/index.asp?navid=46&fid1=748

Please note:

Matters Relating to the Electronic Presentation of the Audited Financial Statements and Statement of Service Performance

This audit report relates to the financial statements and statement of service performance of the Office of the Privacy Commissioner for the year ended 30 June 2008 included on the Office of the Privacy Commissioner’s website. The Privacy Commissioner is responsible for the maintenance and integrity of the Office of the Privacy Commissioner’s website. We have not been engaged to report on the integrity of the Office of the Privacy Commissioner’s website. We accept no responsibility for any changes that may have occurred to the financial statements and statement of service performance since they were initially presented on the website.

The audit report refers only to the financial statements and statement of service performance named above. It does not provide an opinion on any other information which may have been hyperlinked to or from the financial statements and statement of service performance. If readers of this report are concerned with the inherent risks arising from electronic data communication they should refer to the published hard copy of the audited financial statements and statement of service performance and related audit report dated 31 October 2008 to confirm the information included in the audited financial statements and statement of service performance presented on this website.

Legislation in New Zealand governing the preparation and dissemination of financial information may differ from legislation in other jurisdictions.

Office of the Privacy Commissioner: Statement of Intent 2008/09

Thu, 03 Jul 2008 16:20:29 +1200

The purpose of this Statement of Intent is to set out the medium term intentions and undertakings of the Office of the Privacy Commissioner for the period 2008/09 and our direction to 2010/11, and thereby promote our public accountability. It describes the results that our small office will work towards over the next three years, and how we plan to achieve these.

Download the full Statement of Intent booklet below

Annual Report of the Privacy Commissioner 2007

Fri, 21 Dec 2007 15:28:49 +1300

Annual Report of the Privacy Commissioner for the year ended 30 June 2007. The Report was tabled on 28 November 2007.

Download the full Annual Report below (PDF file 138 pages)

KEY POINTS

• Government information matching continues to expand. There are currently 76
authorised programmes. The 46 programmes that were operating during 2006/07
involved tens of millions of personal records.
• Over $45 million was recovered through information matching programmes in 2006/07.
• While most information matching programmes operated satisfactorily, the Office
has ongoing concerns at the margin about the operation of a small number of
programmes. Those concerns centre on the quality of the matching process and its
impact upon innocent individuals. For more information see Section Five, p35.
• The Office received 640 privacy complaints during 2006/07. About two-thirds of those
complaints were about access to personal information or disclosure of personal
information.
• Of the 701 complaints closed in 2006/07, 75% (524) were successfully settled without
needing to proceed to a final opinion.
• The Office is achieving a faster turnaround on complaints, with the average ‘age’ of
complaints dropping.
• The Office received over 6000 telephone and email enquiries during 2006/07. Topics
of enquiry ranged widely, and included the use of driver’s licence and passport
identification details, fingerprint scanning, website privacy statements and insurance
companies’ rights to access medical records.
• The Office ran New Zealand’s inaugural Privacy Awareness Week in late August 2007.
Simultaneous events ran in Australia and Hong Kong, with the common theme ‘Privacy
Is Your Business’.
• Privacy breach notification guidelines were issued during Privacy Awareness Week.
The voluntary guidelines are to help businesses and government organisations to take
the right steps after a privacy breach, including notifying people if their personal
information has been stolen, lost or mistakenly disclosed.
• Commenting on policy and legislative proposals and assessing possible privacy
impacts is a major work stream for the Office. The Office successfully dealt with
228 legal and policy related projects during the year.
• The Law Commission began an extensive review of privacy in October 2006.
The review is being conducted in four stages over several years. Part of the Law
Commission’s work programme for 2008 includes reviewing the Privacy Act 1993.

INTRODUCTION

Our data revolution
Respect for the handling of people’s personal information is fast becoming a key measure
for responsible business and government.

We are in the midst of a data revolution. We can send information globally with the tap of a key – and we do. There is no longer a time or cost barrier in copying data and distributing information widely. If we want to share, we can. We are data rich. Pressures of business efficiency mean that processing data is a competitive field, where there is an advantage to be gained by being cheaper, faster or more convenient. Outsourcing data processing to companies overseas is not only feasible, but for business reasons it may be preferable.

Individuals are increasingly aware of and want to control how their information is handled. This is against a background of a flood tide of information being collected or provided, procured and used. Current examples of the ‘information world’ include: Facebook; Bebo; Myspace; the Motor Vehicle Register; the register of births, deaths and marriages; professional hacking and information stealing; loss and exposure of information on a grand scale; border control – finger-print and retina scans.

There has been a phenomenal growth in both the number and range of data matching programmes being conducted by government. And yet I suspect few New Zealanders are aware of that escalation. Apart from the simple increase in the number of matches, and the range of agencies involved in matching work, there are matches that involve data being sent offshore. And businesses carry out data matches too. The size and scale of the private sector matching activity is unknown, because there is no monitoring of those programmes or record of their number. So data matching has gone global; and we have all become electronic citizens.

...data matching has gone global; and we have all become electronic citizens.

Transborder data flows raise real challenges to the reach of national laws.

There is a growing awareness that domestic legislation is not enough. Simply put – we don’t have much chance of enforcing the good information handling provisions in our Privacy Act in those instances where data is sent overseas by a New Zealand agency.

We have had some complaints to our office involving cross-border issues and, in practice, there have been agreements reached between the disputing parties. But we would have far greater confidence if cross-border issues arose in a country with broadly similar protections such as Australia – with whom we have recently reached a memorandum of understanding covering the management of cross-border privacy complaints, possible joint investigations and cooperation on privacy issues.¹ However, the current situation does not leave us in a strong position legally, and is probably not sustainable.

One of the effects of a revolution in personal data is the growth in ‘privacy pollution’.

Privacy pollution
One of the effects of a revolution in personal data is the growth in ‘privacy pollution’. Privacy pollution accumulates, is pervasive and hard to avoid. Privacy pollution has some similarity to air pollution: small blots of contamination build to form blankets of smog. In themselves, they are relatively minor – specks of soot or puffs of smoke – but in combination the effect can be overpowering. Like environmental contaminants, privacy breaches run from annoyances like direct marketing calls, across to serious and even criminal actions, like identity fraud.

We leave traces of ourselves everywhere we go…

The second key feature of privacy pollution is its pervasive nature. We are unwittingly captured each day on CCTV in the supermarket, at the petrol station, in the video shop, on the street and at the bank. We leave traces of ourselves everywhere we go, work, shop or live – travel, entertainment, hospital and GP, the internet, telephone and government records – to name but a few. Our transactions are recorded, stored and shared. Our behaviour is silently recorded on camera. We no longer simply buy products – we demonstrate ‘purchasing patterns’. Twenty years ago, my supermarket did not know what brand of toothpaste I bought unless someone stood by the checkout. Now, all my prior purchases are available to them (and me) electronically.

A third characteristic of privacy pollution is that there is unlikely to be an immediate legal remedy. The Privacy Act may not provide much comfort when the activity is generalised, such as street surveillance, or is done in accordance with specific statutory authority, such as the universal ID cards issued to all citizens of some countries. Certainly there may be instances where people can remove themselves from a mailing list or opt not to provide additional personal details, or choose not to spend time in a CCTV area but, often, there will be little realistic alternative.

These tiny but insidious measures combine together to shape our behaviour. We must strive to find some way not only of limiting the impact that this has on each of us, but also to find spaces in which we can be free.

The overall effect is that these tiny but insidious measures combine together to shape our behaviour. Together, they contribute to a climate where private space, thoughts and choices are encroached upon and subtly eroded. We must strive to find some way not only of limiting the impact that this has on each of us, but also to find spaces in which we can be free.

American law professor and academic Walter Gellhorn recognised back in the 1950s,
at the height of the Cold War, the temptation to disregard the freedom we already enjoy and to approach casually the risks of incursions. He said:²

The trouble is that small restrictions accumulate into large restrictions and, in the process, may become as habitual as, before, freedom was.

I note two general developments in relation to this.

One is an international trend toward the use of citizen identity cards. Identity cards are being introduced in many countries throughout Europe. In China, there have been concerns raised about the extremely wide-ranging information stored on ID cards. One report, for instance, noted that data on the chip will include not only the citizen’s name and address, but also work history, educational background, religion, ethnicity, police record, medical insurance status and landlord’s phone number. Even personal reproductive history will be included for enforcement of China’s controversial ‘one child’ policy. Plans are being studied to add credit histories, subway travel payments and small purchases charged to the card. Closer to home, Australia is introducing a health and social services access card.

A second initiative is the development of DNA databanks.

In the United Kingdom, The Times newspaper reported recently that some British police forces are seeking increased powers to take DNA samples. The proposal includes police being able to take DNA samples from people for non-imprisonable offences, such as speeding and dropping litter. It is good to find that the Association of Chief Police Officers warned that allowing police to take DNA samples in those instances might be seen as demonstrating the “increasing criminalisation of the generally law-abiding public”.³
The Times also reported that already:

"There are almost four million samples on the DNA database, including more than
100 of children aged under 10, even though they have not attained the age of
criminal responsibility. A further 883,888 records of children aged between 10 and
17, and 46 records of people aged over 90, are held on the database, which costs
more than £300 million."

The British Home Office consultation paper noted those asking for the change saw it as “a means of increasing officer confidence in knowing who they are dealing with and enabling them to deal more effectively with the incident at the scene”.

British public and watchdog disquiet is growing. The Human Genetics Commission announced it will be conducting the first public inquiry into the DNA database. Speaking as chairperson of the
Commission, Baroness Kennedy, QC, noted that the database has “a preponderance of young men, with a third of black males currently on it. And anyone on it is there for life”.

Both citizen ID cards and DNA databanks have provoked genuine and vigorous debate. How do we neutralise the invasive and concerning aspects of these projects without losing the claimed benefits? Individuals must be aware, make choices and retain control wherever they can. Where they cannot, privacy commissioners and governments have to watch, monitor and control.

Individuals must be aware, make choices and retain control wherever they can. Where they cannot, privacy commissioners and governments have to watch, monitor and control.

I do not profess to hold the answers to these complex issues. Both citizen awareness and watchdog activity will assist. But I am convinced that efforts must be made and that international cooperation is part of the solution. We must consider supra-national and cross-border initiatives.

Privacy Awareness Week
The Awareness Week successfully met one of our key goals – to communicate and raise awareness about privacy and personal information issues and risks, and how these can be countered.

Early in 2007, the Privacy Commissioners of New Zealand, Australia and
Hong Kong agreed to run a Privacy Awareness Week (PAW) simultaneously across the region in the last week of August 2007, with the multi-layered theme ‘Privacy Is Your Business’. PAW was a success for the Office, and I look forward to a repeat in 2008. PAW activities are outlined later in this report.

A key initiative during Privacy Awareness Week was the announcement of voluntary
guidelines to assist business and government to take the right steps in the event
of a privacy breach.

The guidelines include notifying people if their personal information has been stolen, lost or mistakenly disclosed. ‘Breach notification’ is a new and mandatory requirement in many overseas jurisdictions and guidance will help organisations take measures to minimise the impact on customers and clients. The draft guidelines were well-received by business and media.

Where to from here?
Complaints to the Office are trending downward in number. I regard this as a positive
development. Consequently, more resource may be able to be devoted to ‘growth’
areas such as technology monitoring and advice, government data matching and communications.

The Office is also currently involved in the Law Commission’s review of privacy. This major project has wide-ranging terms of reference and will continue through the next reporting period and beyond. Among other things, the Law Commission will be reviewing the Privacy Act. I look forward to assisting the Commission’s work as far as possible and will continue to follow the project with great interest.

Privacy is a notion that we associate with the individual but, evermore, I am becoming conscious that society too, has an interest in privacy. Legal academic Daniel Solove says:⁴

“ Privacy, then, is not the trumpeting of the individual against society’s interests but the protection of the individual based on society’s own norms and practices.”

When the quality of our personal – and public – space is diminished, we are all the poorer.

Marie Shroff
Privacy Commissioner

¹ Memorandum of Understanding between the Office of the Australian Privacy Commissioner and the Office of the New Zealand Privacy Commissioner,
http://www.privacy.org.nz/library/memorandum-of-understanding.
² Walter Gellhorn Individual Freedom and Governmental Restraints (Baton Rouge, Louisiana State University Press, 1956) 39-40.
³ Richard Ford, “Police want DNA from speeding drivers and litterbugs on database” The Times, 2 August, 2007 (www.timesonline.co.uk/tol/news/uk/crime/
article2183105.ece?print=yes&randnum...).
⁴ Daniel J Solove “ ‘I’ve got nothing to hide’ and other misunderstandings of privacy” (2007) 44 San Diego Law Review, 15. Available at SSRN: http://ssrn.com/
abstract=998565.

Office of the Privacy Commissioner: Statement of Intent 2007/08

Mon, 12 Nov 2007 09:45:22 +1300

The purpose of this Statement of Intent is to set out the medium term intentions and undertakings of the Office of the Privacy Commissioner for the period 2007/08 and our direction to 2010/11, and thereby promote our public accountability. It describes the results that our small office will work towards over the next three years, and how we plan to achieve these.

Download the full Statement of Intent booklet below

Annual Report of the Privacy Commissioner 2006

Thu, 23 Nov 2006 14:06:12 +1300

Download the full annual report below (PDF file 124 pages)

KEY POINTS

The Privacy Commissioner’s 2006 public opinion survey found a strikingly high level of public concern about how businesses handle personal information. More than 80 percent of people surveyed pinpointed the internet and business as key privacy concerns.
The Credit Reporting Privacy Code came into full effect on 1 April 2006, and has been well received by consumers, credit reporters and the financial sector.
A new-look, simple-to-navigate website was launched – www.privacy.org.nz. It includes plain English information on privacy rights and responsibilities, information about internet safety and a full text search engine.
A total of 636 formal complaints were received during the 2005/06 year. The continuing downward trend of recent years seems to be the result of proactive handling of complaints by the Office’s staff and more targeted privacy training. Telephone enquiries remained steady at around 6,000.
The Office closed around 60 percent of new complaints during 2005/06, usually within six months of receipt. The backlog of old files continued to drop. Where parties were willing, the Office continued its policy of attempting to settle complaints,
Problems with access to personal and health information continued to dominate, making up about 50 percent of complaints. Disclosure of personal or health information was the second most common complaint.
The Office’s three-person technology team completed its first full year of work. The team participated in e government work, established public and private sector information forums, and surveyed private and public sector website privacy notices.
Legal and policy capacity within the Office was enhanced in the second half of the year, and a new position of Policy Adviser (Health) was established.
The Office advised on the privacy implications of proposed legislation, policies and practices. Topics included counter terrorism, trans-border data sharing, use of biometric information, and proposals on access to court records.
Media enquiries focussed on technology issues. Many speeches, presentations and education sessions on privacy issues were given in response to requests.
Government information matching continued to expand. There were 40 programmes in operation during the 2005/06 financial year, compared with 36 in 2004/05. A further four new programmes were authorised by Parliament.
There was a 45% increase in the number of government information matching programmes using online information transfer. These online programmes require special permission from the Privacy Commissioner.

INTRODUCTION

A striking result of our 2006 public opinion survey on privacy was the high level of public concern about how businesses handle personal information. More than 80 percent of people pinpointed the internet and business as key privacy concerns. Ninety-three percent of those surveyed rated good personal information practices by businesses as more important than convenience, and as important as efficiency, product quality and service.

General concern about invasion of privacy rose (to) 56 percent in 2005/06, from 49 percent in the 2001 survey. Privacy now ranks sixth out of nine major issues tested. Public concern about privacy invasion now ranks ahead of unemployment, behind education, crime and violence, health, the environment and the economy.

Rapidly developing technology fuels public awareness and concern about privacy invasion. The way in which we lead our lives, and the ways in which government and business serve us, are increasingly influenced by or dependent on technology. For instance:

an estimated one million New Zealand households have internet access
industry sources estimate that there are about 3.8 million mobile phone connections in New Zealand
the DNA profiles of more than 50,000 people are stored on the Police DNA databank
requests for details of motor vehicle owners have grown from 2 million in 1998/99 to 10.8 million in 2005/06.

All kinds of organisations and businesses use advanced technology to collect, sort, store and trade our personal information, both to make our lives easier in dealing with them and also for their own use. It is no coincidence that the language of the computerised information world is increasingly strewn with metaphors – such as data mining, data banks and data warehousing – that are drawn from commerce. Mainly through the power of technology, our personal information is increasingly a tradeable commodity, with a real market value.

The day-to-day work of the Privacy Office in acting as a watchdog to protect personal information and to promote good practice has become increasingly focused on technology and science-driven issues.

On 1 April 2006 the Credit Reporting Privacy Code, developed by the Office, came into full effect. Credit reporting is a prime example of an industry that uses personal information for commercial purposes. The industry collects, holds and sells personal and credit related information about an estimated two million New Zealanders. The Credit Code now requires the industry to give individuals free access to their credit records and to limit information collected to that relating to credit. Credit reporters are obliged to ensure greater accuracy of information held and disclosed, and to increase controls on release and reduce misuse (eg. unauthorised release). The industry cooperated fully in our development of the code. The benefits are becoming clear – thousands of New Zealanders have used the new right to access credit information about themselves.

Our legal/policy staff have also continued to contribute to the development of government policy and legislation, especially involving the uses of technology. Examples this year included submissions on the SPAM (Unsolicited Electronic Messages) Bill, proposals on anti-money laundering and the financing of terrorism, and the Financial Transactions Reporting Act. The globalisation of information flows – for example for customs, immigration, passports and banking – has also generated work for the Office.

In its first full year, our three-person technology team actively participated in e-government development work, including the government logon service and all-of-government online identity authentication. The team established information forums for the public, business and government on data matching, and technology and privacy, and carried out a survey of private and public sector websites. The survey showed that only just over half of the websites had privacy notices. Two consumer-oriented guides, one on websites and personal information and the other on the safety of personal information on the internet, were produced. Among the issues the team dealt with were privacy aspects of digital rights management, CCTV use and guidelines for biometric technologies. Government information matching continues to expand, with 40 programmes operating during the 2005/06 financial year.

Internationally, good personal information handling is becoming a key part of globalised commerce. Cooperation amongst government and privacy authorities worldwide has produced a number of significant developments. The Asia Pacific Economic Cooperation (APEC) grouping approved an APEC privacy framework in November 2005 and our Office played a strong role in its development. Regional cooperation has been enhanced by the adoption by the expanded Asia Pacific Privacy Authorities forum (APPA) of a formal statement of objectives. These set out to improve standards, share knowledge and promote best practice. The International Privacy Commissioner Conference in late 2005 unanimously adopted a declaration about global coordination to enhance privacy objectives. Although these are first steps, they mark a new impetus for cooperation to advance privacy protection internationally, against a background of electronic cross-border information flows.

During the year the news media raised many technology related privacy issues. These included biometrics (such as finger scanning in the workplace), widespread use of CCTV, the potential for the sharing of health and DNA databases, internet blogs, skimming of EFTPOS terminals, the safety of home computers, covert filming and bugging, the use of public registers by direct marketers, proposals for a variety of new databases (eg. all children and all state housing tenants), the use of radio frequency identification devices (RFIDs), the transfer of New Zealanders’ information overseas, checking of employee emails, the sale of CCTV footage, internet banking, a prostitutes’ register, infant heel prick cards, tracking people via their mobile phones and credit reporting. This extensive list of topics reflects a broadening and welcome media awareness of privacy issues. I am pleased that the media are now playing a valuable part in telling the many developing privacy stories and alerting the public to risks. In March this year we were encouraged that our Privacy Issues Forum attracted overseas speakers, a more than full attendance, and significant media interest in the wide-ranging issues covered.

Our new website is now online. New material includes guidance for employers, a ‘your privacy’ section and a special area where we offer help with common fears about internet safety, including email, web browsing and e-commerce.

Demand for our 0800 line has remained constant, with around 6,000 calls received this year and an increasing number of email enquiries.

Incoming written privacy complaints continued their steady (although slowing) decline to a total of 636 during the 2005/06 year. A combination of proactive handling by the enquiries and complaints teams – encouraging early action and self-resolution – and training of the staff of organisations complained about seems to be responsible for reducing numbers of formal complaints. The assessment and conciliation team in the Office now closes around 60 percent of new complaints, usually within six months of receipt. Problems with access to personal and health information continue to dominate, at 50 percent of complaints. The Office is targeting areas generating clusters of complaints and held 88 education seminars on these during the reporting period. Our backlog of old files also continues to drop, with complaints over 12 months falling from 248 at the end of June 2005, to 88 at the end of June 2006.

Through the power of science and technology, what we formerly regarded as free or private space is increasingly being invaded. Who would have envisaged 20 years ago that our choices of food, clothing and books could be logged, monitored and used; our health information exchanged freely; or that our children would interact with the world via the internet? Our homes are no longer sacrosanct if we commit personal information to technology and the internet. It is within our power to benefit from and to control this, but we do need to be aware of the opportunities and risks.

A senior IT figure said some years ago “you have zero privacy anyway – get over it”. Fortunately the news is not all bad. Business and government agencies, initially dazzled by the profit and efficiency potential of technology, are now increasingly alive to the privacy message. They are aware that responsible information management is needed to protect client and consumer loyalty and trust, and thus the ability to run a viable and profitable operation. That same senior IT figure is reported to have remarked this year, following his own personal information being disclosed, that privacy and security were now his top priority and that he now understood the consumer perspective.

A silent revolution has occurred in the way our personal information is handled. This revolution has the potential to be as far-reaching and pervasive in its effects as the invention of the printing press more than 500 years ago. We need to grasp this change, direct and use it. But we also need to protect our identities in the process, and value our information as much as do those who profit from it.

Marie Shroff
Privacy Commissioner

Office of the Privacy Commissioner: Statement of Intent 2006/07

Wed, 02 Aug 2006 09:33:43 +1200

The purpose of this Statement of Intent is to set out the medium term intentions and undertakings of the Office of the Privacy Commissioner for the period 2006/07 and our direction to 2009/10, and thereby promote our public accountability. It describes the results that our small office will work towards over the next three years, and how we plan to achieve these.

This is our first Statement of Intent. It has been developed through consulting
within the Office and draws on work with stakeholders.

Download the full Statement of Intent booklet below

Annual Report of the Privacy Commissioner 2005

Wed, 26 Jul 2006 09:10:45 +1200

Annual Report of PRIVACY COMMISSIONER for the year ended 30 June 2005.

Presented to the House of Representatives pursuant to section 24 of the Privacy Act 1993.

Download Annual Report 2005 below

Annual Report of the Privacy Commissioner 2004

Fri, 12 May 2006 11:11:08 +1200

Annual Report of PRIVACY COMMISSIONER for the year ended 30 June 2004.

Presented to the House of Representatives pursuant to section 24 of the Privacy Act 1993.

Download below.

Annual Report of the Privacy Commissioner 2003

Sun, 14 May 2006 20:47:19 +1200

Annual Report of PRIVACY COMMISSIONER for the year ended 30 June 2003.

Presented to the House of Representatives pursuant to section 24 of the Privacy Act 1993.

Download below.

Annual Report of the Privacy Commissioner 2002

Sun, 14 May 2006 20:48:54 +1200

Annual Report of PRIVACY COMMISSIONER for the year ended 30 June 2002.

Presented to the House of Representatives pursuant to section 24 of the Privacy Act 1993.

Download below.