30 November 2004
1000 Privacy Complaints Each Year
Complaints about interference with privacy continue to run at nearly 1000 a year, the 2003/04 Privacy Commissioner’s
annual report shows.
Tabled in Parliament today (November 30), the report said the most common type of complaint to Privacy Commissioner
Marie Shroff involved access to personal or health information (about 37 per cent), with many of the complaints related
to an organisation’s decision to withhold documents.
Compared with the previous year, access complaints were slightly down overall, but there were more against private
sector agencies than in any previous year.
The second most common type of complaint alleged disclosure of personal or health information (25 per cent). There was a
small increase in disclosure complaints in 2003/04 compared with the previous year, an increase of complaints against
private sector agencies and a decline in those against public sector agencies.
The third most common complaint was about accuracy of information and requests for it to be corrected (about 10 per
cent).
About 35 per cent of complaints involved public sector organisations, and of these, about 60 per cent related to access
to information and 38 per cent to disclosure of information.
The largest number of complaints about a single organisation was 74 against ACC, many of which reflected claimant
dissatisfaction with ACC’s review of long-term entitlements. There were 65 complaints against the Police, 39 against the
Ministry of Social Development, 32 Baycorp Advantage, 26 NZIS (New Zealand Immigration Service), 26 Department of
Corrections, 22 CYFS, 11 Telecom, 10 IRD and 8 Department of Courts (now Ministry of Justice).
Ms Shroff said it was not surprising that the top 10 agencies complained against were those that hold much personal
information about individuals, and that they were generally aware of their responsibilities under the Privacy Act.
She said that, as well as complaints, the Office of the Privacy Commissioner received about 6,500 queries a year, mostly
by phone, and these showed people were interested in their rights.
However, Ms Shroff said there was still considerable work to be done in developing awareness, so that there was a more
equal balance between agencies with huge power to gather and manipulate information, and the individuals whose
information made up those databases.
“The pervasiveness and growing power of information technology is such that the Privacy Commissioner needs to inform and
back up citizens so they can protect their personal information.”
Ms Shroff said she remained concerned to ensure that a “proportionate response” was taken to heightened international
concerns about border security, and that privacy was not sacrificed unnecessarily in the pursuit of security.
“The imminent move to biometric passports and the possible development of a global biometric identification system
covering all travellers will present new challenges for privacy in this area.”
Ms Shroff said she was pleased to report that there had been a significant decrease in the backlog of complaints to the
Office, which stood at 820 in June compared with 1053 at the same time last year. A further significant reduction was
expected by June next year.
Some additional government funding, combined with the hard work of investigating staff, had achieved the reduction.
Pressure on resources had impacted the Office’s ability to comment on policies and legislation affecting privacy, she
said. “I am hopeful that through additional funding and the reallocation of resources across the Office we can devote
more time to this important function.”
Much effort had been devoted this year to the development of a robust and balanced credit information privacy code,
designed to assist New Zealanders in their interaction with credit reporting agencies, while allowing information
technology to be used effectively in the marketplace.
Ms Shroff said she believed the “far-sighted” Privacy Act was increasingly gathering strength as a framework within
which individuals and organisations who wished to deal with personal information could work in a responsible way.
“Getting privacy right is important to all of us - whether as holders of information or as individual consumers.”
STRIKING INCREASE IN DATA MATCHING
The number of government department authorised data matching programmes has increased dramatically, according to the
Privacy Commissioner’s annual report to Parliament.
The report said that in 1993 there were just 18 authorised data matching programmes, but by June this year there were
70.
Only 28 were active (up from 24 last year), but the report said new programmes often took years to commence operating
after legislative authorisation.
Privacy Commissioner Marie Shroff, who is required under the Privacy Act to report annually on each authorised
programme, said the growth since 2000 was “especially striking” - up from 24 to 70.
She said much government and business activity now took place via computers, and a telling indicator of that was the
exponential increase in data matching.
The Government had recognised the crucial nature of privacy technology by providing funding for a small technology team
in the Office of the Privacy Commissioner, she said.
“This is particularly important given the progress being made in e-government initiatives, and the assessment and
adoption of novel technologies across government, which have privacy implications. As always, the scale, complexity and
variety of matching continue to increase.”
The 28 currently operating programmes have one or more of the following purposes:
- 15 programmes designed to confirm eligibility or continuing eligibility for a benefit;
- 11 programmes designed to update data;
- 7 programmes designed to detect illegal behaviour by taxpayers, benefit recipients, government employees etc
(eg. fraudulent or multiple claims, unreported income or assets, impersonation, omissions, unauthorised use, improper
conduct, conflict of interest);
- 9 programmes designed to identify people eligible for an entitlement but not currently claiming it (such as
medical subsidies available to Community Services Card holders, or to identify un-enrolled voters);
- 5 programmes designed to locate people with a debt to a government agency;
- 1 data quality audit programme.
As each programme may have more than one purpose, the figures above add up to more than 28.
ENDS