Our website uses cookies to give you the best experience and for us to analyse our site usage. If you continue to use our site, we will take it you are OK about this. Click on More for information about the cookies on our site and what you can do to opt out.

We respect your Do Not Track preference.

Your notes, they were blowin’ in the wind Daimhin Warner
5 June 2014

briefcase edit 4

Would you stuff your wheelie bin with letters from your GP, bank statements, your latest pay review notice? Surely not. Who knows where it would end up, if indeed it made it off the street.

Might it come as a surprise, then, to learn that some businesses – including health agencies  in New Zealand – continue to dispose of sensitive personal information in standard recycle bins intended for non-secure, council collection? It certainly does to us.

In the last 6 months alone, we’ve been notified of three cases where a business has disposed of large amounts of personal information no longer needed in an unlocked and public bin. In two of these cases, locals discovered the information blowing loosely down the street. Thankfully, both times these locals did the right thing. They contacted us and the businesses concerned, and the matter was dealt with quickly.

Of course agencies need to get rid of information – the Privacy Act says they shouldn’t hold on to it for longer than they need to (principle 9). But, the Privacy Act also requires agencies to take reasonable steps to ensure that personal information is safe from loss, misuse and unauthorised disclosure (principle 5). This requirement applies when the information is held by the agency, but also when the information is being destroyed. So, where personal information is concerned, businesses need to take extra care to ensure that information is destroyed securely, and completely.

For those of you who find yourselves on the receiving end of someone else’s information, perhaps because it has blown onto your doorstep, remember that you have responsibilities to protect that information too. Don’t keep it or use it. Imagine it was your information. Do the right thing, and return it to the business concerned. Oh, and you can always tell us too.

[Image by Chris Slane - www.slane.co.nz]

3 comments

,

Back

Comments

  • Very helpful and well written.

    Posted by Emma Pond, 06/06/2014 11:23am (3 years ago)

    Post Reply

    The aim of the Office of Privacy Commissioner’s blog is to provide a space for people to interact with the content posted. We reserve the right to moderate all comments. We will not publish any content that is abusive, defamatory or is obviously commercial. We ask for your email address so that we can contact you if necessary to clarify your comment. Please be respectful of authors and others leaving comments.

  • In the United States, casual disposal of personal information is illegal and, often, met with serious fines. For instance, a hospital in Texas was fined more than $900,000 for disposing of 6 boxes of medical files in their commercial trash bin. Needless to say, responsible disposal of sensitive information is taken far more seriously by organisations when there are actual consequences for not doing so.

    Posted by Robert Johnson, 11/10/2014 5:34am (3 years ago)

    Post Reply

    The aim of the Office of Privacy Commissioner’s blog is to provide a space for people to interact with the content posted. We reserve the right to moderate all comments. We will not publish any content that is abusive, defamatory or is obviously commercial. We ask for your email address so that we can contact you if necessary to clarify your comment. Please be respectful of authors and others leaving comments.

  • Hi Robert,

    It may encourage you to know that the statutory environment in New Zealand is changing.

    In proposed changes to the Privacy Act, actions such as failing to notify the Privacy Commissioner of a privacy breach or impersonating someone to obtain their personal information will be illegal and carry a fine of up to $10,000. Existing maximum fines (for example, for obstructing the Commissioner) will increase from $2,000 to $10,000.

    Breach notification is currently voluntary under the present law. This will change under the proposed law change. But by and large, most New Zealand agencies are already reporting breaches to us as if it were mandatory to do so.

    The proposed legislation to amend the Privacy Act is likely to go before Parliament next year.

    Posted by Office of the Privacy Commissioner, 13/10/2014 11:39am (3 years ago)

    Post Reply

    The aim of the Office of Privacy Commissioner’s blog is to provide a space for people to interact with the content posted. We reserve the right to moderate all comments. We will not publish any content that is abusive, defamatory or is obviously commercial. We ask for your email address so that we can contact you if necessary to clarify your comment. Please be respectful of authors and others leaving comments.

Post your comment

The aim of the Office of Privacy Commissioner’s blog is to provide a space for people to interact with the content posted. We reserve the right to moderate all comments. We will not publish any content that is abusive, defamatory or is obviously commercial. We ask for your email address so that we can contact you if necessary to clarify your comment. Please be respectful of authors and others leaving comments.

Latest Blog Entries