30 November 2004
1000 Privacy Complaints Each Year
Complaints about interference with privacy continue to run at nearly 1000 a year, the 2003/04 Privacy Commissioner’s annual report shows.
Tabled in Parliament today (November 30), the report said the most common type of complaint to Privacy Commissioner Marie Shroff involved access to personal or health information (about 37 per cent), with many of the complaints related to an organisation’s decision to withhold documents.
Compared with the previous year, access complaints were slightly down overall, but there were more against private sector agencies than in any previous year.
The second most common type of complaint alleged disclosure of personal or health information (25 per cent). There was a small increase in disclosure complaints in 2003/04 compared with the previous year, an increase of complaints against private sector agencies and a decline in those against public sector agencies.
The third most common complaint was about accuracy of information and requests for it to be corrected (about 10 per cent).
About 35 per cent of complaints involved public sector organisations, and of these, about 60 per cent related to access to information and 38 per cent to disclosure of information.
The largest number of complaints about a single organisation was 74 against ACC, many of which reflected claimant dissatisfaction with ACC’s review of long-term entitlements. There were 65 complaints against the Police, 39 against the Ministry of Social Development, 32 Baycorp Advantage, 26 NZIS (New Zealand Immigration Service), 26 Department of Corrections, 22 CYFS, 11 Telecom, 10 IRD and 8 Department of Courts (now Ministry of Justice).
Ms Shroff said it was not surprising that the top 10 agencies complained against were those that hold much personal information about individuals, and that they were generally aware of their responsibilities under the Privacy Act.
She said that, as well as complaints, the Office of the Privacy Commissioner received about 6,500 queries a year, mostly by phone, and these showed people were interested in their rights.
However, Ms Shroff said there was still considerable work to be done in developing awareness, so that there was a more equal balance between agencies with huge power to gather and manipulate information, and the individuals whose information made up those databases.
“The pervasiveness and growing power of information technology is such that the Privacy Commissioner needs to inform and back up citizens so they can protect their personal information.”
Ms Shroff said she remained concerned to ensure that a “proportionate response” was taken to heightened international concerns about border security, and that privacy was not sacrificed unnecessarily in the pursuit of security.
“The imminent move to biometric passports and the possible development of a global biometric identification system covering all travellers will present new challenges for privacy in this area.”
Ms Shroff said she was pleased to report that there had been a significant decrease in the backlog of complaints to the Office, which stood at 820 in June compared with 1053 at the same time last year. A further significant reduction was expected by June next year.
Some additional government funding, combined with the hard work of investigating staff, had achieved the reduction.
Pressure on resources had impacted the Office’s ability to comment on policies and legislation affecting privacy, she said. “I am hopeful that through additional funding and the reallocation of resources across the Office we can devote more time to this important function.”
Much effort had been devoted this year to the development of a robust and balanced credit information privacy code, designed to assist New Zealanders in their interaction with credit reporting agencies, while allowing information technology to be used effectively in the marketplace.
Ms Shroff said she believed the “far-sighted” Privacy Act was increasingly gathering strength as a framework within which individuals and organisations who wished to deal with personal information could work in a responsible way.
“Getting privacy right is important to all of us - whether as holders of information or as individual consumers.”
STRIKING INCREASE IN DATA MATCHING
The number of government department authorised data matching programmes has increased dramatically, according to the Privacy Commissioner’s annual report to Parliament.
The report said that in 1993 there were just 18 authorised data matching programmes, but by June this year there were 70.
Only 28 were active (up from 24 last year), but the report said new programmes often took years to commence operating after legislative authorisation.
Privacy Commissioner Marie Shroff, who is required under the Privacy Act to report annually on each authorised programme, said the growth since 2000 was “especially striking” - up from 24 to 70.
She said much government and business activity now took place via computers, and a telling indicator of that was the exponential increase in data matching.
The Government had recognised the crucial nature of privacy technology by providing funding for a small technology team in the Office of the Privacy Commissioner, she said.
“This is particularly important given the progress being made in e-government initiatives, and the assessment and adoption of novel technologies across government, which have privacy implications. As always, the scale, complexity and variety of matching continue to increase.”
The 28 currently operating programmes have one or more of the following purposes:
- 15 programmes designed to confirm eligibility or continuing eligibility for a benefit;
- 11 programmes designed to update data;
- 7 programmes designed to detect illegal behaviour by taxpayers, benefit recipients, government employees etc (eg. fraudulent or multiple claims, unreported income or assets, impersonation, omissions, unauthorised use, improper conduct, conflict of interest);
- 9 programmes designed to identify people eligible for an entitlement but not currently claiming it (such as medical subsidies available to Community Services Card holders, or to identify un-enrolled voters);
- 5 programmes designed to locate people with a debt to a government agency;
- 1 data quality audit programme.
As each programme may have more than one purpose, the figures above add up to more than 28.