Your thoughts about our country’s security and intelligence agencies might fall into one of at least four broad categories. We’ve listed them as:
Parliament’s Foreign Affairs, Defence and Trade Committee will be hearing some of these views in public submissions on the Intelligence and Security Bill 2016. The Bill overhauls the legislation governing the New Zealand Security Intelligence Service (SIS), the Government Communications Security Bureau (GCSB), the Inspector-General of Intelligence and Security and the Intelligence and Security Committee of Parliament.
Applying the privacy principles
The Bill, as introduced, extends the coverage of the information privacy principles so that they apply to our intelligence agencies.
The Privacy Act’s 12 information privacy principles require New Zealand agencies to collect personal information lawfully and transparently, store it securely, give people access to their own information when requested, ensure its accuracy, use the information for the purpose it was collected and not disclose the information unless the law allows it.
Under current law, the intelligence agencies are exempted from nearly all of these principles - although they still generally need to provide access and correction on request.
The Bill proposes applying many of the privacy principles to the agencies and effectively broadening the oversight of their activities. Under the Bill, members of the public would be able to complain to the Privacy Commissioner about the agencies if their information is collected unlawfully or stored insecurely, if the agencies refuse to disclose their personal information to them, if the information held by an agency is inaccurate or if the information is unreasonably disclosed.
But for the most part, the intelligence agencies’ work goes on out of the public view. How then would you know if your personal information was being handled badly enough to warrant a complaint? Well, the extension of these extra principles will place a legal responsibility on the intelligence agencies to act in accordance with the principles. They will be required to have privacy policies in place and have a sufficient compliance regime to ensure those policies are followed.
To exempt or not to exempt
The Bill proposes continuing the agencies’ exemption from principles 2, 3 and 4(b). These exemptions mean intelligence agencies don’t need to collect personal information directly from the individual concerned, or to be transparent about how and why they’re collecting it.
The exemption from principle 4(b) means the agencies can intrude to an unreasonable extent upon the personal affairs of the individual concerned in order to collect the personal information - think of a camera in your bathroom.
The Privacy Commissioner has recommended to the Select Committee that all the information privacy principles should apply to the intelligence agencies. All other government agencies which have intelligence roles and deal with national security information - such as Police, Customs and the Ministry of Defence - are subject to all 12 principles.
Ensuring compliance with the principles will be the role of both the Privacy Commissioner and the Inspector-General of Intelligence and Security (IGIS). IGIS is the specialist oversight body responsible for ensuring the intelligence agencies’ actions are lawful and proper. IGIS also reviews the effectiveness and appropriateness of the intelligence agencies’ compliance systems.
As the Privacy Commissioner and IGIS have roles that intersect on issues relating to the intelligence agencies, the Privacy Commissioner has recommended to the Select Committee that he be given the ability to consult with IGIS. IGIS would also retain her ability to consult with the Privacy Commissioner on any of her functions.
The Commissioner is due to appear before the Select Committee this week to speak to his written submission on the Bill and the Committee is due to report back to Parliament in February next year.
Image credit: Spying cat - via RSPCA WOAW